cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Using cxf with X509v3 certificates
Date Tue, 04 Sep 2012 09:44:52 GMT
Hi Nicolas,

The approach you are following is not valid. You must not add the
WSS4J(Out|In)Interceptors for the security policy case. If you configure
WS-SecurityPolicy as per the system tests I show you, does it work?

Colm.

On Mon, Sep 3, 2012 at 6:13 PM, Nícolas Fontenele <nfrota@cpqi.com> wrote:

> Thanks Colm.
>
> I tried to mix to see whether I can get some feedback from the service.
> It’s
> a .net service and I have only a pfx file and a .cer certifications.
>
> Most examples I saw I have cxf service and client, what I wanted to know
> initially is that is possible to communicate to this service with all this
> assertions showed
>
> In the wsdl.
>
> When I tried to access I got  ‘’no signature token’’ and debugging CXF I
> need to set the property  ‘’ws-security.token’’.
>
> This property expects a ‘’SecurityToken’’ object which I don’t know how can
> I create or get it.
>
>
>
> If you recognize this behavior please tell me, will be a good help.
>
>
>
> Regards,
>
>
>
> Nícolas Fontenele
>
>
>
> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Enviada: segunda-feira, 3 de setembro de 2012 09:57
> Para: Nicolas Frota
> Cc: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
>
>
>
> As Glen said, you are mixing two different type of configuration. For the
> WS-SecurityPolicy case you do not need to add any interceptors, as the
> policy-based interceptors are added automatically when the WSDL contains
> WS-SecurityPolicy expressions. See the WS-Security example system tests for
> some configuration examples:
>
> https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-examples/
>
> Colm.
>
> On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <nfrota@cpqi.com>
> wrote:
>
> Thanks Glenn, Do you know some examples of  WS-SecPol only?
> What I did is set some properties in the request context that I saw in the
> documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
> Funny thing is that cxf asks for this property below:
>
>
> Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
>
> which isnt wrote in the documentation. Do you have any ideia which token
> should I put there?
>
> Best Regards,
>
> Nícolas Fontenele
>
>
>
> -----Mensagem original-----
> De: Glen Mazza [mailto:gmazza@talend.com]
>
> Enviada: terça-feira, 28 de agosto de 2012 16:43
>
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
>  From your earlier email you're using WS-SecurityPolicy in your WSDL, so
> you
> shouldn't be using the WSS4J Out/In interceptors--that's strictly for
> non-WS-SecPol use.
>
> Glen
>
> On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
> > Im also adding my code here .
> > Thanks!!
> >
> > public class Client {
> >
> >      private static final String WSU_NS =
> > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> > ility-
> > 1.0.xsd";
> >
> >      public static void main(String args[]) {
> >
> >       try {
> >           // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
> >           WSS4JOutInterceptor wssOut = createOutProperties();
> >           WSS4JInInterceptor wssIn = createInProperties();
> >
> >           SecGtwService service = new SecGtwService(
> >                   new java.net.URL(
> >
> > "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC
> > ert/Se
> > cGtwServiceHost.svc?wsdl"));
> >           ISecGtwServiceContract port =
> > service.getCertificateEndPoint();
> >
> >           org.apache.cxf.endpoint.Client client =
> > ClientProxy.getClient(port);
> >
> >           client.getInInterceptors().add(wssIn);
> >           client.getOutInterceptors().add(wssOut);
> >
> >           Map<String, Object> ctx = ((BindingProvider) port)
> >                   .getRequestContext();
> >
> >           ctx.put("ws-security.token", new SecurityToken());
> >           System.out.println(port.whoIAm());
> >
> >       } catch (MalformedURLException e) {
> >           // TODO Auto-generated catch block
> >           e.printStackTrace();
> >       }
> >
> >      }
> >
> >      private static WSS4JInInterceptor createInProperties() {
> >       Map<String, Object> inProps = new HashMap<String, Object>();
> >       inProps.put(WSHandlerConstants.ACTION,
> >               "UsernameToken Timestamp Signature Encrypt");
> >       inProps.put("passwordType", "PasswordText");
> >       inProps.put("passwordCallbackClass",
> >               ClientPasswordCallback.class.getName());
> >       inProps.put("decryptionPropFile", "etc/client_enc.properties");
> >       inProps.put("encryptionKeyIdentifier", "IssuerSerial");
> >
> >       inProps.put("signaturePropFile", "etc/client_sign.properties");
> >       inProps.put("signatureKeyIdentifier", "DirectReference");
> >
> >       return new WSS4JInInterceptor(inProps);
> >
> >      }
> >
> >      private static WSS4JOutInterceptor createOutProperties() {
> >       Map<String, Object> outProps = new HashMap<String, Object>();
> >       outProps.put(WSHandlerConstants.ACTION,
> >               "UsernameToken Timestamp Signature Encrypt");
> >       outProps.put("passwordType", "PasswordDigest");
> >
> >       outProps.put(WSHandlerConstants.USER,
> >               "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
> >       outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> >               ClientPasswordCallback.class.getName());
> >
> >       outProps.put("encryptionUser", "pub");
> >       outProps.put(WSHandlerConstants.ENC_PROP_FILE,
> >               "etc/client_enc.properties");
> >
> >       outProps.put("encryptionKeyIdentifier", "IssuerSerial");
> >       outProps.put("encryptionParts", "{Element}{" + WSU_NS +
> > "}Timestamp;"
> >               + "{Content}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body
> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
> >
> >       outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> >               "etc/client_sign.properties");
> >
> >       outProps.put("signatureKeyIdentifier", "DirectReference");
> >       outProps.put("signatureParts", "{Element}{" + WSU_NS +
> "}Timestamp;"
> >               + "{Element}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body
> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
> >
> >       return new WSS4JOutInterceptor(outProps);
> >
> >      }
> >
> > -----Mensagem original-----
> > De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
> > Enviada: terça-feira, 28 de agosto de 2012 15:11
> > Para: users@cxf.apache.org; coheigea@apache.org
> > Assunto: RE: Using cxf with X509v3 certificates
> >
> > Thanks for the answer, I'll paste wsdl here.
> > What I have been trying is use wss4j interceptors as I can see in some
> > examples.
> > I imported both certificates on my keystore and I can see debugging
> > that the password handler get the keys from that.
> > My problem right now is that CXF is expecting an initial token ( of a
> > class SecurityToken ) on the request context property
> > ''ws-security.token''. I saw it debugging.
> > Is  correct to use this property?
> > I saw in ws security samples that only set properties on the
> > interceptors and not in the requestcontext of the client.
> > And if this behavior is correct,  How can I create this token? Should
> > I use another property?
> >
> > Wsdl is below, any idea?
> > Thanks!
> >
> > <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
> > xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
> > xmlns:wsa10="http://www.w3.org/2005/08/addressing"
> > xmlns:tns="http://tempuri.org/"
> > xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
> > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> > xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
>
> > ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>
> > name="SecGtwService" targetNamespace="http://tempuri.org/"
> > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
> >    <wsp:Policy wsu:Id="CertificateEndPoint_policy">
> >      <wsp:ExactlyOne>
> >        <wsp:All>
> >          <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <wsp:Policy>
> >              <sp:ProtectionToken>
> >                <wsp:Policy>
> >                  <sp:SecureConversationToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > Includ
> > eToken/AlwaysToRecipient">
> >                    <wsp:Policy>
> >                      <sp:RequireDerivedKeys />
> >                      <sp:BootstrapPolicy>
> >                        <wsp:Policy>
> >                          <sp:SignedParts>
> >                            <sp:Body />
> >                            <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >                            <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >                            <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >                            <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >                            <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >                            <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >                            <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >                          </sp:SignedParts>
> >                          <sp:EncryptedParts>
> >                            <sp:Body />
> >                          </sp:EncryptedParts>
> >                          <sp:SymmetricBinding>
> >                            <wsp:Policy>
> >                              <sp:ProtectionToken>
> >                                <wsp:Policy>
> >                                  <mssp:SslContextToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > Includ
> > eToken/AlwaysToRecipient"
> > xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
> >                                    <wsp:Policy>
> >                                      <sp:RequireDerivedKeys />
> >                                      <mssp:RequireClientCertificate />
> >                                    </wsp:Policy>
> >                                  </mssp:SslContextToken>
> >                                </wsp:Policy>
> >                              </sp:ProtectionToken>
> >                              <sp:AlgorithmSuite>
> >                                <wsp:Policy>
> >                                  <sp:Basic256 />
> >                                </wsp:Policy>
> >                              </sp:AlgorithmSuite>
> >                              <sp:Layout>
> >                                <wsp:Policy>
> >                                  <sp:Strict />
> >                                </wsp:Policy>
> >                              </sp:Layout>
> >                              <sp:IncludeTimestamp />
> >                              <sp:EncryptSignature />
> >                              <sp:OnlySignEntireHeadersAndBody />
> >                            </wsp:Policy>
> >                          </sp:SymmetricBinding>
> >                          <sp:Wss11>
> >                            <wsp:Policy />
> >                          </sp:Wss11>
> >                          <sp:Trust10>
> >                            <wsp:Policy>
> >                              <sp:MustSupportIssuedTokens />
> >                              <sp:RequireClientEntropy />
> >                              <sp:RequireServerEntropy />
> >                            </wsp:Policy>
> >                          </sp:Trust10>
> >                        </wsp:Policy>
> >                      </sp:BootstrapPolicy>
> >                    </wsp:Policy>
> >                  </sp:SecureConversationToken>
> >                </wsp:Policy>
> >              </sp:ProtectionToken>
> >              <sp:AlgorithmSuite>
> >                <wsp:Policy>
> >                  <sp:Basic256 />
> >                </wsp:Policy>
> >              </sp:AlgorithmSuite>
> >              <sp:Layout>
> >                <wsp:Policy>
> >                  <sp:Strict />
> >                </wsp:Policy>
> >              </sp:Layout>
> >              <sp:IncludeTimestamp />
> >              <sp:EncryptSignature />
> >              <sp:OnlySignEntireHeadersAndBody />
> >            </wsp:Policy>
> >          </sp:SymmetricBinding>
> >          <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <wsp:Policy />
> >          </sp:Wss11>
> >          <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <wsp:Policy>
> >              <sp:MustSupportIssuedTokens />
> >              <sp:RequireClientEntropy />
> >              <sp:RequireServerEntropy />
> >            </wsp:Policy>
> >          </sp:Trust10>
> >          <wsaw:UsingAddressing />
> >        </wsp:All>
> >      </wsp:ExactlyOne>
> >    </wsp:Policy>
> >    <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
> >      <wsp:ExactlyOne>
> >        <wsp:All>
> >          <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >            <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >          </sp:SignedParts>
> >          <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >          </sp:EncryptedParts>
> >        </wsp:All>
> >      </wsp:ExactlyOne>
> >    </wsp:Policy>
> >    <wsp:Policy
> > wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
> >      <wsp:ExactlyOne>
> >        <wsp:All>
> >          <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >            <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >          </sp:SignedParts>
> >          <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >          </sp:EncryptedParts>
> >        </wsp:All>
> >      </wsp:ExactlyOne>
> >    </wsp:Policy>
> >    <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
> >      <wsp:ExactlyOne>
> >        <wsp:All>
> >          <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >            <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >          </sp:SignedParts>
> >          <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >          </sp:EncryptedParts>
> >        </wsp:All>
> >      </wsp:ExactlyOne>
> >    </wsp:Policy>
> >    <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
> >      <wsp:ExactlyOne>
> >        <wsp:All>
> >          <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >            <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >          </sp:SignedParts>
> >          <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >          </sp:EncryptedParts>
> >        </wsp:All>
> >      </wsp:ExactlyOne>
> >    </wsp:Policy>
> >    <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
> >      <wsp:ExactlyOne>
> >        <wsp:All>
> >          <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >            <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >          </sp:SignedParts>
> >          <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >          </sp:EncryptedParts>
> >        </wsp:All>
> >      </wsp:ExactlyOne>
> >    </wsp:Policy>
> >    <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
> >      <wsp:ExactlyOne>
> >        <wsp:All>
> >          <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >            <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >            <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> >          </sp:SignedParts>
> >          <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> >            <sp:Body />
> >          </sp:EncryptedParts>
> >        </wsp:All>
> >      </wsp:ExactlyOne>
> >    </wsp:Policy>
> >    <wsdl:types>
> >      <xsd:schema targetNamespace="http://tempuri.org/Imports">
> >        <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
>
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
>
> > namespace="http://tempuri.org/"
> > />
> >        <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
>
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
>
> > namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
> >        <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
> > namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew
> > ay.Ser
> > vices.Contracts" />
> >      </xsd:schema>
> >    </wsdl:types>
> >    <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_InputMessage">
> >      <wsdl:part name="parameters" element="tns:AuthenticateService" />
> >    </wsdl:message>
> >    <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
> >      <wsdl:part name="parameters"
> element="tns:AuthenticateServiceResponse"
> > />
> >    </wsdl:message>
> >    <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
> >      <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
> >    </wsdl:message>
> >    <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
> >      <wsdl:part name="parameters"
> element="tns:ValidadeTokenServiceResponse"
> > />
> >    </wsdl:message>
> >    <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
> >      <wsdl:part name="parameters" element="tns:WhoIAm" />
> >    </wsdl:message>
> >    <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
> >      <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
> >    </wsdl:message>
> >    <wsdl:portType name="ISecGtwServiceContract">
> >      <wsdl:operation name="AuthenticateService">
> >        <wsdl:input
> >
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService
> "
> > message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
> >        <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
> > viceRe
> > sponse"
> > message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
> >      </wsdl:operation>
> >      <wsdl:operation name="ValidadeTokenService">
> >        <wsdl:input
> >
> wsaw:Action="
> http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
> >        <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe
> > rviceR
> > esponse"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage"
> />
> >      </wsdl:operation>
> >      <wsdl:operation name="WhoIAm">
> >        <wsdl:input
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
> >        <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
> > message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
> >      </wsdl:operation>
> >    </wsdl:portType>
> >    <wsdl:binding name="CertificateEndPoint"
> > type="tns:ISecGtwServiceContract">
> >      <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
> >      <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
> >      <wsdl:operation name="AuthenticateService">
> >        <soap12:operation
> > soapAction="
> http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> > style="document" />
> >        <wsdl:input>
> >          <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
> >          <soap12:body use="literal" />
> >        </wsdl:input>
> >        <wsdl:output>
> >          <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_output_policy" />
> >          <soap12:body use="literal" />
> >        </wsdl:output>
> >      </wsdl:operation>
> >      <wsdl:operation name="ValidadeTokenService">
> >        <soap12:operation
> >
> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService
> "
> > style="document" />
> >        <wsdl:input>
> >          <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
> >          <soap12:body use="literal" />
> >        </wsdl:input>
> >        <wsdl:output>
> >          <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
> >          <soap12:body use="literal" />
> >        </wsdl:output>
> >      </wsdl:operation>
> >      <wsdl:operation name="WhoIAm">
> >        <soap12:operation
> > soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > style="document" />
> >        <wsdl:input>
> >          <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_Input_policy"
> > />
> >          <soap12:body use="literal" />
> >        </wsdl:input>
> >        <wsdl:output>
> >          <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_output_policy"
> > />
> >          <soap12:body use="literal" />
> >        </wsdl:output>
> >      </wsdl:operation>
> >    </wsdl:binding>
> >    <wsdl:service name="SecGtwService">
> >      <wsdl:port name="CertificateEndPoint"
> binding="tns:CertificateEndPoint">
> >        <soap12:address
> > location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> > oGatew
> > ayCert/SecGtwServiceHost.svc" />
> >        <wsa10:EndpointReference>
> >
> > <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C
>
> > alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
>
> >          <Identity
> > xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
> >            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#
> <http://www.w3.org/2000/09/xmldsig> ">
> >              <X509Data>
> >
> > <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH
> > QUAMBY
> > xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O
> > VowKDE
> > mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA
> > QEBBQA
> > DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE
> > Wxre93
> > 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg
>
> > 8+D0
> > 8+73tQ
> > 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH
> > R1PAI1
> > hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB
> > gUrDgM
> > CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d
> > xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
>
> >              </X509Data>
> >            </KeyInfo>
> >          </Identity>
> >        </wsa10:EndpointReference>
> >      </wsdl:port>
> >    </wsdl:service>
> > </wsdl:definitions>
> >
> >
> > -----Mensagem original-----
> > De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> > Enviada: terça-feira, 28 de agosto de 2012 14:45
> > Para: users@cxf.apache.org
> > Assunto: Re: Using cxf with X509v3 certificates
> >
> > Yes, CXF supports this configuration. Your WSDL did not make it
> > through though so I can't tell what the problem is. Try just copying
> > and pasting the security binding directly into an email?
> >
> > Colm.
> >
> > On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nfrota@cpqi.com>
> wrote:
> >
> >> Hi all,****
> >>
> >> ** **
> >>
> >> I'm developing a client service to consume a  .net service with
> >> x509v3 certificate using ws-security.****
> >>
> >> The Service uses symmetric binding, with
> >> includeToken="prefix/AlwaysToRecipient" and a
> >> <sp:ProtectionToken>.****
> >>
> >> I have two certificates, a *.pfx file and *.cer which I have to use
> >> to
> >> access.****
> >>
> >> My wsdl is attached.****
> >>
> >> My question is Does cxf supports this configuration?****
> >>
> >> ** **
> >>
> >> Best Regards,****
> >>
> >> ** **
> >>
> >> ** **
> >>
> >> *Nícolas Fontenele*
> >>
> >> ** **
> >>
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message