Member Avatar for Temeshwarrior
Temeshwarrior 0 Newbie Poster

Hi Com,

I’m currently working on a gSOAP client for an cpache CXF service, who authenticates itself by using RSA-Keys.

But I have no idea how to configure the security header of my client, which is needed by the service

The java code looks similar to this:

Map<String,Object> inProps= new HashMap<String,Object>();
inProps.put(WSHandlerConstants.ACTION, "Timestamp Signature Encrypt");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "wss-server-public.properties");
// only wss-client has private key and can read incoming messages
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "wss-client.properties");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientCallbackHandler.class.getName());

Map<String,Object> inProps= new HashMap<String,Object>();
outProps.put(WSHandlerConstants.ACTION, "Timestamp Signature Encrypt");
// only wss-client has private key and can sign outgoing messages
outProps.put(WSHandlerConstants.USER, "wss-client");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "wss-client.properties");
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "wss-server-public.properties");
outProps.put(WSHandlerConstants.ENCRYPTION_USER, "wss-server");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientCallbackHandler.class.getName());
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put(WSHandlerConstants.ENCRYPTION_PARTS, "{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put(WSHandlerConstants.ENC_SYM_ALGO, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");


WSS4JInInterceptor wssIn = new WSS4JInInterceptor(InProps);
cxfEndpoint.getInInterceptors().add(wssIn);
cxfEndpoint.getInInterceptors().add(new SAAJInInterceptor());

WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(OutProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
xfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());

I already included the wsse Plug-in in my project, but I have no idea how to configure it like my service

Additionally, the service uses a jks file to get private and public key

Could somebody help me or is there any better framework to create C(++)-clients?

I’m looking forward for your ideas:)

Temesh

  • 1 Contributor
  • 0 Replies
  • 58 Views
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.