cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Shakirin <ashaki...@talend.com>
Subject RE: ws policies InitiatorToken RecipientToken
Date Mon, 19 May 2014 08:23:17 GMT
Hi,

Perhaps the X509 certificate is included into request message (because of includeToken=http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient)
and encryption part just refers him.
For response message certificate is not included (includeToken=http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never)
and encryption packs it inside the encryption structure.

Could you post the complete request and response message to be sure?

Regards,
Andrei.

> -----Original Message-----
> From: Kai Rommel [mailto:krommel2010@googlemail.com]
> Sent: Freitag, 16. Mai 2014 14:07
> To: users@cxf.apache.org; coheigea@apache.org
> Subject: ws policies InitiatorToken RecipientToken
> 
> Hi Colm,
> I set up a scenario and was wondering about the KeyInfo elements.
> 
> 
> Policy P1 for WS-Consumer and WS-Provider
> 
> CXF ---sends requestA ----> CXF
>     <--- sends responseB---
> 
> Policy is
> <p:policies enabled="true" xmlns:p="http://cxf.apache.org/policy">
> <wsp:Policy wsu:Id="AsymmetricII"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
> 1.0.xsd
> "
> xmlns:wsp="http://www.w3.org/ns/ws-policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-
> securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
> ">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:Wss10
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier />
> <sp:MustSupportRefIssuerSerial />
> </wsp:Policy>
> </sp:Wss10>
> <sp:SignedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> <sp:Header Name="Timestamp"
> Namespace="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
> 1.0.xsd"
> />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> </p:policies>
> 
> When I have a closer look to the messages, these look like this:
> 
> 
>  A:
>  Enc-Element: KeyInfo/SecurityTokenReference/KeyIdentifier
>  Sig-Element:  KeyInfo/SecurityTokenReference/Reference
> 
>  B:
>  Enc-Element:  KeyInfo/SecurityTokenReference/X509Data
>  Sig-Element:   KeyInfo/SecurityTokenReference/KeyIdentifier
> 
> 
> Is there any reason, that the request message contains in the encryption part
> the KeyIdentifier and the response message the X509Data element?
> 
> I am using CXF version 2.7.10
> 
> Best regards
> Kai
Mime
View raw message