Using JBoss with X509v3 certificates

Version 1

Created by nicolasfontenele on Aug 30, 2012 5:07 PM. Last modified by nicolasfontenele on Aug 30, 2012 5:08 PM.

Hi all,

I’m developing a client service to consume a .net service with x509v3 certificate using ws security policy or ws security.

The Service uses symmetric binding, with includeToken=”prefix/AlwaysToRecipient” and a <sp:ProtectionToken>.

I have two certificates, a *.pfx file and *.cer which I have to use to access.

My wsdl is below.

My question is Does jbossws supports this configuration?

Best Regards,

<?xml version="1.0" encoding="utf-8"?>

<wsp:Policy wsu:Id="CertificateEndPoint_policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:ProtectionToken>

<wsp:Policy>

<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">

<wsp:Policy>

<sp:RequireDerivedKeys />

<sp:BootstrapPolicy>

<wsp:Policy>

<sp:SignedParts>

<sp:Body />

<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />

</sp:SignedParts>

<sp:EncryptedParts>

<sp:Body />

</sp:EncryptedParts>

<sp:SymmetricBinding>

<wsp:Policy>

<sp:ProtectionToken>

<wsp:Policy>

<mssp:SslContextToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:RequireDerivedKeys />

<mssp:RequireClientCertificate />

</wsp:Policy>

</mssp:SslContextToken>

</wsp:Policy>

</sp:ProtectionToken>

<sp:AlgorithmSuite>

<wsp:Policy>

<sp:Basic256 />

</wsp:Policy>

</sp:AlgorithmSuite>

<sp:Layout>

<wsp:Policy>

<sp:Strict />

</wsp:Policy>

</sp:Layout>

<sp:IncludeTimestamp />

<sp:EncryptSignature />

<sp:OnlySignEntireHeadersAndBody />

</wsp:Policy>

</sp:SymmetricBinding>

<sp:Wss11>

<wsp:Policy />

</sp:Wss11>

<sp:Trust10>

<wsp:Policy>

<sp:MustSupportIssuedTokens />

<sp:RequireClientEntropy />

<sp:RequireServerEntropy />

</wsp:Policy>

</sp:Trust10>

</wsp:Policy>

</sp:BootstrapPolicy>

</wsp:Policy>

</sp:SecureConversationToken>

</wsp:Policy>

</sp:ProtectionToken>

<sp:AlgorithmSuite>

<wsp:Policy>

<sp:Basic256 />

</wsp:Policy>

</sp:AlgorithmSuite>

<sp:Layout>

<wsp:Policy>

<sp:Strict />

</wsp:Policy>

</sp:Layout>

<sp:IncludeTimestamp />

<sp:EncryptSignature />

<sp:OnlySignEntireHeadersAndBody />

</wsp:Policy>

</sp:SymmetricBinding>

<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy />

</sp:Wss11>

<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:MustSupportIssuedTokens />

<sp:RequireClientEntropy />

<sp:RequireServerEntropy />

</wsp:Policy>

</sp:Trust10>

<wsaw:UsingAddressing />

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

<wsp:Policy wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />

</sp:SignedParts>

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

</sp:EncryptedParts>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

<wsp:Policy wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />

</sp:SignedParts>

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

</sp:EncryptedParts>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

<wsp:Policy wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />

</sp:SignedParts>

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

</sp:EncryptedParts>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

<wsp:Policy wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />

</sp:SignedParts>

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

</sp:EncryptedParts>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

<wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />

</sp:SignedParts>

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

</sp:EncryptedParts>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

<wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">

<wsp:ExactlyOne>

<wsp:All>

<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />

<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />

</sp:SignedParts>

<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<sp:Body />

</sp:EncryptedParts>

</wsp:All>

</wsp:ExactlyOne>

</wsp:Policy>

<wsdl:types>

<xsd:schema targetNamespace="http://tempuri.org/Imports">

<xsd:import schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/CalypsoGatewayCert/SecGtwServiceHost.svc?xsd=xsd0" namespace="http://tempuri.org/" />

<xsd:import schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/CalypsoGatewayCert/SecGtwServiceHost.svc?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/" />

<xsd:import schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/CalypsoGatewayCert/SecGtwServiceHost.svc?xsd=xsd2" namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGateway.Services.Contracts" />

</xsd:schema>

</wsdl:types>

<wsdl:message name="ISecGtwServiceContract_AuthenticateService_InputMessage">

<wsdl:part name="parameters" element="tns:AuthenticateService" />

</wsdl:message>

<wsdl:message name="ISecGtwServiceContract_AuthenticateService_OutputMessage">

<wsdl:part name="parameters" element="tns:AuthenticateServiceResponse" />

</wsdl:message>

<wsdl:message name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">

<wsdl:part name="parameters" element="tns:ValidadeTokenService" />

</wsdl:message>

<wsdl:message name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">

<wsdl:part name="parameters" element="tns:ValidadeTokenServiceResponse" />

</wsdl:message>

<wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">

<wsdl:part name="parameters" element="tns:WhoIAm" />

</wsdl:message>

<wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">

<wsdl:part name="parameters" element="tns:WhoIAmResponse" />

</wsdl:message>

<wsdl:portType name="ISecGtwServiceContract">

<wsdl:operation name="AuthenticateService">

<wsdl:input wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService" message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />

<wsdl:output wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateServiceResponse" message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />

</wsdl:operation>

<wsdl:operation name="ValidadeTokenService">

<wsdl:input wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService" message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />

<wsdl:output wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenServiceResponse" message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" />

</wsdl:operation>

<wsdl:operation name="WhoIAm">

<wsdl:input wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm" message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />

<wsdl:output wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse" message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />

</wsdl:operation>

</wsdl:portType>

<wsdl:binding name="CertificateEndPoint" type="tns:ISecGtwServiceContract">

<wsp:PolicyReference URI="#CertificateEndPoint_policy" />

<soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />

<wsdl:operation name="AuthenticateService">

<soap12:operation soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService" style="document" />

<wsdl:input>

<wsp:PolicyReference URI="#CertificateEndPoint_AuthenticateService_Input_policy" />

<soap12:body use="literal" />

</wsdl:input>

<wsdl:output>

<wsp:PolicyReference URI="#CertificateEndPoint_AuthenticateService_output_policy" />

<soap12:body use="literal" />

</wsdl:output>

</wsdl:operation>

<wsdl:operation name="ValidadeTokenService">

<soap12:operation soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService" style="document" />

<wsdl:input>

<wsp:PolicyReference URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />

<soap12:body use="literal" />

</wsdl:input>

<wsdl:output>

<wsp:PolicyReference URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />

<soap12:body use="literal" />

</wsdl:output>

</wsdl:operation>

<wsdl:operation name="WhoIAm">

<soap12:operation soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm" style="document" />

<wsdl:input>

<wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_Input_policy" />

<soap12:body use="literal" />

</wsdl:input>

<wsdl:output>

<wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_output_policy" />

<soap12:body use="literal" />

</wsdl:output>

</wsdl:operation>

</wsdl:binding>

<wsdl:service name="SecGtwService">

<wsdl:port name="CertificateEndPoint" binding="tns:CertificateEndPoint">

<soap12:address location="http://nrio0230dco.pactual.net/services/SecureGateway/CalypsoGatewayCert/SecGtwServiceHost.svc" />

<wsa10:EndpointReference>

<wsa10:Address>adress</wsa10:Address>

<X509Certificate>BAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1OVowKDEmMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDEWxre938+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEgD073tQ4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2dxawvNvsrBo8D62D9xUTMexQHw==</X509Certificate>

</X509Data>

</KeyInfo>

</Identity>

</wsa10:EndpointReference>

</wsdl:port>

</wsdl:service>

</wsdl:definitions>

Nícolas Fontenele

JBossDeveloper

Using JBoss with X509v3 certificates

Comments