Signing and Encrypting a SOAP message using Apache Rampart

StackOverflow https://stackoverflow.com/questions/17587687

  •  02-06-2022
  •  | 
  •  

Question

I want to encrypt a SOAP message with public key of the Server and sign the same message with the private key of the client. Ideally the keys for signing and encryption are different.

Was referring the apache Rampart examples from WSO2 team. One such sample Rampart Configuration given is:

RampartConfig rampartConfig = new RampartConfig();

        Properties merlinProp = new Properties();
        merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
        merlinProp.put("org.apache.ws.security.crypto.merlin.file","C:/Documents and Settings/abdul.mujeeb/workspace/Axis2Clients/src/certs/oasis.jks");
        merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "password");

        CryptoConfig  sigCryptoConfig = new CryptoConfig();
        sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
        sigCryptoConfig.setProp(merlinProp);

        CryptoConfig  encrCryptoConfig = new CryptoConfig();
        encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
        encrCryptoConfig.setProp(merlinProp);

        rampartConfig.setUserCertAlias("alice"); 
        rampartConfig.setEncryptionUser("bob1"); 

        rampartConfig.setSigCryptoConfig(sigCryptoConfig);
        rampartConfig.setEncrCryptoConfig(encrCryptoConfig);

        rampartConfig.setPwCbClass("com.rolta.axis2.client.UserNameCallbackHandler");

The example no where specifies the server public key to be used to encrypt the message.

A few questions from the above example:

1) What does rampartConfig.setEncryptionUser() function stands for ? How do I encrypt the SOAP message using the public key of the server ?

2) What does rampartConfig.setUserCertAlias() function for ? Signing ? Encrypting or both ?

Thanks.

Était-ce utile?

La solution

What you have provided is how to programmatically set the rampart config. The set methods here are equivalent to the parameters in rampart configuration. All these parameters are listed at rampart config guide.

A more useful explanation of the two properties can be found in this blog post. In short,

encryptionUser - The alias for the public key to be used for encrypting the message. The public key certificate is available in the keystore under this alias.

userCertAlias - The alias used to retrieve the password of the corresponding private key from the CallbackHandler for signing.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top