Hi Com,
I’m currently working on a gSOAP client for an cpache CXF service, who authenticates itself by using RSA-Keys.
But I have no idea how to configure the security header of my client, which is needed by the service
The java code looks similar to this:
Map<String,Object> inProps= new HashMap<String,Object>();
inProps.put(WSHandlerConstants.ACTION, "Timestamp Signature Encrypt");
inProps.put(WSHandlerConstants.SIG_PROP_FILE, "wss-server-public.properties");
// only wss-client has private key and can read incoming messages
inProps.put(WSHandlerConstants.DEC_PROP_FILE, "wss-client.properties");
inProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientCallbackHandler.class.getName());
Map<String,Object> inProps= new HashMap<String,Object>();
outProps.put(WSHandlerConstants.ACTION, "Timestamp Signature Encrypt");
// only wss-client has private key and can sign outgoing messages
outProps.put(WSHandlerConstants.USER, "wss-client");
outProps.put(WSHandlerConstants.SIG_PROP_FILE, "wss-client.properties");
outProps.put(WSHandlerConstants.ENC_PROP_FILE, "wss-server-public.properties");
outProps.put(WSHandlerConstants.ENCRYPTION_USER, "wss-server");
outProps.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientCallbackHandler.class.getName());
outProps.put(WSHandlerConstants.SIGNATURE_PARTS, "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put(WSHandlerConstants.ENCRYPTION_PARTS, "{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body");
outProps.put(WSHandlerConstants.ENC_SYM_ALGO, "http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
WSS4JInInterceptor wssIn = new WSS4JInInterceptor(InProps);
cxfEndpoint.getInInterceptors().add(wssIn);
cxfEndpoint.getInInterceptors().add(new SAAJInInterceptor());
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(OutProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
xfEndpoint.getOutInterceptors().add(new SAAJOutInterceptor());
I already included the wsse Plug-in in my project, but I have no idea how to configure it like my service
Additionally, the service uses a jks file to get private and public key
Could somebody help me or is there any better framework to create C(++)-clients?
I’m looking forward for your ideas:)
Temesh