users@jax-rpc.java.net

Re: Adding X.509 certificate to SOAP Header

From: Andy Wolf <andy.wolf_at_schwaben.de>
Date: Wed, 19 Jan 2005 12:39:15 +0100

Hi,

to me it looks like the WebService provider quoted below does not know
what he is talking about.

An SSL Certificate is only a document that certifies that a specific
public key belongs to a certain person or organization. It therefore
contains the public key, the information about the owner and a digital
signature from a well-know party (certificate authority).

You do not use the X.509 certifiate but only the public key that is
included. You can either use this key to encrypt messages to or to
validate a digital signature from the other party.

In both cases you have to setup a keystore that contains the public key
and you have to have a truststore which contains the public key of the
certificate authority.

So in your case you might either want to setup an encrypted and
authenticated communication (HTTPS) or you might want to encrypt or sign
the data that is transferred.

If the certificate really is a client certificate that you do have a
private key and you must have sent a Certificate Signing Request (CSR)
to your Web Service provider. If this is not the case, the certificate
most likely is a server certificate...

Maybe you should try to find someone at your Web Service provider who
knows about these kind of things ;-)

regards
Andy

Paul Worrall wrote:
> From the pointer Vishal kindly gave I now have a more focussed question
> with regard to the XWS-Security framework and the
> SecurityEnvironmentHandler Class required for the security configuration
> file.
>
>
>
> It looks like what this handler does is general enough to be generated
> with the stub classes when you use wscompile. Do I really have to
> provide my own implementation?
>
>
>
> TIA
>
>
>
> Paul
>
>
>
>
>
> ------------------------------------------------------------------------
>
> *From:* Paul Worrall
> *Sent:* 18 January 2005 11:47
> *To:* users_at_jax-rpc.dev.java.net
> *Subject:* RE: Re: Adding X.509 certificate to SOAP Header
>
>
>
> Hi,
>
>
>
> Actually it is expecting me to present the certificate for
> authentication. Not encrypting the message. I quote the Web Service
> provider:-
>
>
>
> “The client certificate is not for mutual SSL authentication, it is for
> attaching to the web service SOAP call. Within the web service method on
> our side, we look for the attached certificate and check the credentials
> within it before proceeding. It sounds like it’s at this point that
> we’re currently rejecting your call. I’m not sure how you attach an
> X.509 certificate to a java call, but the documentation you’ve got gives
> examples of how to do it in .Net if that helps.”
>
>
>
> …
>
>
>
> ------------------------------------------------------------------------
>
> *From:* Vishal Mahajan [mailto:Vishal.Mahajan_at_Sun.COM]
> *Sent:* 18 January 2005 09:57
> *To:* users_at_jax-rpc.dev.java.net
> *Subject:* Re: Adding X.509 certificate to SOAP Header
>
>
>
> Hi Paul,
>
> I would guess that the web service expects your client to use its
> certificate for encrypting the requests. For such a use-case you can use
> the XML and Web Services Security component in JWSDP 1.5. For a detailed
> information on this component, you may refer Ch-3 of the JWSDP tutorial
> - http://java.sun.com/webservices/docs/1.5/tutorial/doc/index.html.
>
> HTH,
>
> Vishal
>
> Paul Worrall wrote:
>
> I have been provided with a X.509 digital certificate by a web service
> endpoint provider to be able to access their web service. This is not
> for use in mutual authentication at the SSL level but for presentation
> in the SOAP Header.
>
> I have used wscompile to generate static stubs against the providers WSDL.
>
> I can not find any documentation on how to add this certificate to the
> SOAP message from the JAX-RPC, wscompile generated, stub classes.
>
> Can anyone help?
>
> TIA
>
>
>
> Regards
>
>
>
>
>
> Paul Worrall
>
> Portal Technology and Innovation
>
> BECTA
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net