Discussion:
SupportingToken of type certificate
vlad.balan
2018-11-13 22:23:28 UTC
Permalink
Hello

and thanks for reading.

I don't understand how to configure CXF to make it read the certificate
(Endorsing)SupportingToken from disk.

The encryption properties file and signature properties file are for the
"primary" signature and encryption certificates, those specified through the
symmetric/asymmetric binding.

But how about the SupportingToken when you have both: symmetric/asymmetric
binding AND SupportingToken of type certificate? How do you specify the
SupportingToken to CXF?

Thanks.



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
Colm O hEigeartaigh
2018-11-14 14:31:10 UTC
Permalink
The scenario of AsymmetricBinding X.509 + X.509 EndorsingSupportingToken is
not really supported - as it just uses the same keystore for both. It tends
not to arise in practice though - why would a client need to sign multiple
message parts with different certificates?

For the Symmetric case it uses the signature keystore, as the main binding
only uses the encryption keystore to encrypt the symmetric key to the
recipient.

Colm.
Post by vlad.balan
Hello
and thanks for reading.
I don't understand how to configure CXF to make it read the certificate
(Endorsing)SupportingToken from disk.
The encryption properties file and signature properties file are for the
"primary" signature and encryption certificates, those specified through the
symmetric/asymmetric binding.
But how about the SupportingToken when you have both: symmetric/asymmetric
binding AND SupportingToken of type certificate? How do you specify the
SupportingToken to CXF?
Thanks.
--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html
--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
vlad.balan
2018-11-15 12:05:39 UTC
Permalink
Thanks a lot.

This is for the case where the client identifies with a certificate, that is
different than that used for the signature.



--
Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html

Loading...