[Ws Wiki] Update of "RonReynolds" by RonReynolds

Mon, 24 Oct 2005 12:19:59 -0700 

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Ws Wiki" for change 
notification.

The following page has been changed by RonReynolds:
http://wiki.apache.org/ws/RonReynolds

------------------------------------------------------------------------------
  Until i figure out how to add new child pages i'll just add my stuff here...
  
  == How to set up XML-Signature using WSS4J and Axis 1.2.1 ==
-  1. create a key using the keytool {{{
-  keytool -genkey                  
-          -alias     testAlias     
+  1. create a keystore file for the server {{{
+  keytool -genkey 
+          -alias     server
-          -dname     "CN=Test Key" 
+          -dname     "CN=My Server"
+          -keypass   serverKeyPW
-          -validity  365           
-          -keypass   keyPassword   
-          -keystore  test.keystore 
+          -keystore  server.keystore
-          -storepass storePassword 
+          -storepass serverStorePW }}}
-          -keyalg    DSA           
-          -keysize   1024          
-          -sigalg    SHA1withDSA   
-          -storetype jks }}}
-  2. sign the key {{{
-  keytool -selfcert                
-          -alias     testAlias     
+  2. create a keystore for the client {{{
+  keytool -genkey 
+          -alias     client1
+          -dname     "CN=Client 1"
+          -keypass   client1KeyPW
+          -keystore  client1.keystore
+          -storepass client1StorePW }}}
+  3. generate a self-signed certificate for the client (stored within the 
keystore) {{{
+  keytool -selfcert
+          -alias     client1
+          -keypass   client1KeyPW
+          -keystore  client1.keystore
+          -storepass client1StorePW }}}
+  4. export the self-signed X.509 certificate {{{
+  keytool -export  
+          -alias     client1
+          -keystore  client1.keystore
+          -storepass client1StorePW 
+          -file      client.x509 }}}
+  5. import the certificate into the server's keystore {{{
+  keytool -import
+          -alias     client1
+          -file      client.x509 
-          -keystore  test.keystore 
+          -keystore  server.keystore
-          -keypass   keyPassword   
-          -storepass storePassword }}}
+          -storepass serverStorePW }}}
-  3. export the key to a certificate {{{
-  keytool -export                  
-          -keystore  test.keystore 
-          -alias     testAlias     
-          -storepass storePassword 
-          -file      test.cert }}}
-  4. ... (still figuring it out)
  
+  6. repeat the above for each client you want the server to accept signed 
messages from
+  7. add the following to the server's server-config.wsdd {{{
+   <service name="MyWebservice" provider="java:RPC" style="document" 
use="literal">
+     <!-- WS-Security handlers -->
+     <requestFlow>
+       <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
+         <parameter name="action"                value="Signature"/>
+         <parameter name="actor"                 value="clientSig"/>
+         <parameter name="signaturePropFile"     
value="server-crypto.properties" />
+       </handler>   
+     </requestFlow>
+     ...
+  }}}
+  8. create a server-crypto.properties file with the following contents: {{{
+    org.apache.ws.security.crypto.provider                  = 
org.apache.ws.security.components.crypto.Merlin
+    org.apache.ws.security.crypto.merlin.keystore.type      = jks
+    org.apache.ws.security.crypto.merlin.keystore.password  = serverStorePW
+    org.apache.ws.security.crypto.merlin.file               = server.keystore
+  }}}
+  9. place the server.keystore and server-crypto.properties files in the 
WEB-INF/classes directory and the server-config.wsdd file in the WEB-INF 
directory.
+  10. on the client side you'll need a similar client-config.wsdd to tell Axis 
to generate the signature {{{
+    <?xml version="1.0"?>
+    <deployment xmlns="http://xml.apache.org/axis/wsdd/"; 
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
+      <transport name="http" 
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
+      <globalConfiguration>
+        <requestFlow>
+          <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
+            <parameter name="action"                value="Signature"/>
+            <parameter name="actor"                 value="clientSig"/>
+            <parameter name="user"                  value="client1"/>
+            <parameter name="passwordCallbackClass" value="Client1PWCallback"/>
+            <parameter name="signaturePropFile"     
value="client1-crypto.properties" />
+          </handler>
+        </requestFlow>
+      </globalConfiguration>
+    </deployment>
+  }}} and a similar client1-crypto.properties file to tell it what key to sign 
with {{{
+    org.apache.ws.security.crypto.provider                  = 
org.apache.ws.security.components.crypto.Merlin
+    org.apache.ws.security.crypto.merlin.keystore.type      = jks
+    org.apache.ws.security.crypto.merlin.keystore.password  = client1
+    org.apache.ws.security.crypto.merlin.file               = client1.keystore
+  }}}
+  11. you also need to create the password callback classes... (TODO)
+

Reply via email to