geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rahul.soa" <rahul....@googlemail.com>
Subject [Doubts] X509 Signing
Date Tue, 11 Aug 2009 21:15:45 GMT
Hello Jarek,

I hope you are doing well.

Presently, I am setting the signing at client side, I have a couple of
doubts.

I think, I can do something similar in the CXFPortMethodInterceptor

String signatureKeyIdentifier = (String)
properties.get("signatureKeyIdentifier");
String user = (String) properties.get("user");

//in case where <property name="wss4j.out.action">Signature</property>
 if (containsValue(action, WSHandlerConstants.SIGNATURE)) {
    * // doubt about this, how CXFPortMethodInterceptor will know about this
*
properties.put(WSHandlerConstants.SIG_PROP_FILE,
clientKeystore.properties");
  // alias or user
   properties.put(WSHandlerConstants.USER, user);

if(signatureKeyIdentifier.equals("DirectReference"))
                    properties.put(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
if(signatureKeyIdentifier.equals("IssuerSerial"))
properties.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
//in order to obtain the key password for the private key
 properties.put(WSHandlerConstants.PW_CALLBACK_CLASS,
                     ClientKeystorePasswordCallback.class.getName());

            }


I think we should specify the following things in the <property> under the
<port> in the geronimo-web.xml at client side.

<property name="wss4j.out.action">Signature</property>
<property name="wss4j.out.user">myclientkey</property>
<property name="wss4j.out.signatureKeyIdentifier">IssuerSerial</property>

can we set the keypassword too in the property? what other things we should
set in the property?

Question:1
Here, first thing is how we can provide signature property file, in the
above case "clientKeystore.properties". It should be at client side. If this
is in the client application written by the user then how can we give the
reference of this in the CXFPortMethodInterceptor. In other words, *where to
set this property *
properties.put(WSHandlerConstants.SIG_PROP_FILE,
clientKeystore.properties");

Question2:

For the ClientKeystorePasswordCallback, how can the client send the
keypassword,

through the geronimo-web.xml?
<property name="wss4j.out.keypass">keypass</property>


Another thing is, I noticed one thing, In geronimo server we have these two
following tabs under the
   Security  Keystores<http://localhost:8096/console/portal/Security/Keystores>
 Certificate Authority<http://localhost:8096/console/portal/Security/Certificate%20Authority>


What are these for?


Thanks for your help.

Best Regards,
Rahul



PS: for signing and encryption, I think we need the bouncy castle and the
xalan jar files in the cxf plugin, I pulled them

Mime
View raw message