axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ali Sadik Kumlali <as_kuml...@yahoo.com>
Subject Re: Adding Digital Signatures to all outgoing SOAP envelopes
Date Mon, 22 May 2006 20:36:55 GMT
Hi Jeffrey,

Followings are the first steps that come to my mind:
1) Find yourself a tool that ease your work. portecle[1] is my
favorite. Other tools such as OpenSSL[2] and keytool[3] are very
popular, though.
2) You need to create a keystore file for both client and the server.
Later you will store private key and public key certificates in it.
3) Format of keystore file can be either JKS or PKCS#12. Let's use JKS.
4) server.jks should contain private key of server and the public key
of the client. 
5) client.jks should contain private key of client and the public key
of the server. 
6) You need to create a keypair which implicitly has your private key.
7) By using portecle, you need to export public key certificate which
will later be imported in other jks.
8) Exported public key certificate should be a "cer" file.
9) Now, you need to import the public key certificate into the other
jks .
10) Consequently, the keystore file should be as follows:

    client.jks
       client private
       server public

    server.jks
       server private
       client public
 
11) Here are InflowSecurity and OutflowSecurity of each side. Please
note that we use only signing here. There is no encryption.

axis2.xml of client
-------------------
<parameter name="OutflowSecurity">
  <action>
    <items>Signature</items>
    <user>client_user</user>      
   
<passwordCallbackClass>com.mycompany.service.security.client.PWCallback</passwordCallbackClass>
    <signaturePropFile>client_security.properties</signaturePropFile>
    <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
  </action>
</parameter>
<parameter name="InflowSecurity">
  <action>
    <items>Signature</items>
    <signaturePropFile>client_security.properties</signaturePropFile>
  </action>
</parameter>

axis2.xml of server
-------------------
<parameter name="OutflowSecurity">
  <action>
    <items>Signature</items>
    <user>server_user</user>      
   
<passwordCallbackClass>com.mycompany.service.security.server.PWCallback</passwordCallbackClass>
    <signaturePropFile>server_security.properties</signaturePropFile>
    <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
  </action>
</parameter>
<parameter name="InflowSecurity">
  <action>
    <items>Signature</items>
    <signaturePropFile>server_security.properties</signaturePropFile>
  </action>
</parameter>

12) Additional resources I've come through
  http://jetty.mortbay.org/jetty/faq?s=400-Security&t=ssl#step3
  http://www.devx.com/Java/Article/28816/0/page/2
  http://www.rsasecurity.com/rsalabs/node.asp?id=2124

Hope this helps.

Regards,

Ali Sadik Kumlali

[1] http://portecle.sourceforge.net/ 
[2] http://www.openssl.org/
[3] http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html

--- "Scudder, Jeffrey W" <Jeffrey.W.Scudder@boeing.com> wrote:

> I am trying to configure Axis2 v1.0 to add digital signatures to all
> outgoing soap messages by configuring the rampart module. While
> filling
> in the blanks in the OutflowSecurity parameter I realized I have no
> idea
> how to obtain a signature key or have it signed by a CA.
> 
> The implementation will be used in a closed lab, so there is no need
> to
> use an Internet CA (Verisign etc.)
> 
> How do I create a signature key and import is into the Axis2
> framework?
> I'm new at this.
> 
> Thank you,
> 
> Jeff Scudder
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message