Versions Compared

Old Version 7

changes.mady.by.user Andrei Shakirin

Saved on

compared with

New Version 8

changes.mady.by.user Andrei Shakirin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

XKMS client can be integrated into CXF and WSS4J using custom Crypto provider implementation. In this case XKMS service will be automatically invoked when WSS4J requires or validates certificate. Details are described in this blog.

Data Formats

Input and output data formats are specified in XML Key Management Service Specification Version 2.0 (see XKMS 2.0). Anyway XKMS service supports only subset of specified requests and responses.
Restrictions of formats for request and responses are described in following table:

...

XKMS Service can be deployed into web and OSGi containers. It Service implementation was tested with Tomcat and Karaf.

h4 Sample Requests and Responses
Sample request for Locate operation:

Code Block
xml
xml

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <ns2:LocateRequest xmlns="http://www.w3.org/2000/09/xmldsig#"
            xmlns:ns2="http://www.w3.org/2002/03/xkms#" 
            xmlns:ns3="http://www.w3.org/2001/04/xmlenc#"
            Id="1noOYHt5Lx7xUuizWZLOMw==" Service="http://cxf.apache.org/services/XKMS/">
            <ns2:QueryKeyBinding>
                <ns2:UseKeyWith Application="urn:ietf:rfc:2459"
                    Identifier="EMAILADDRESS=client@client.com, CN=www.client.com, OU=IT Department, O=Sample Client -- NOT FOR PRODUCTION, L=Niagara Falls, ST=New York, C=US" />
            </ns2:QueryKeyBinding>
        </ns2:LocateRequest>
    </soap:Body>
</soap:Envelope>

Sample response for Locate operation:

Code Block
xml
xml

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <ns2:LocateResult ResultMajor="http://www.w3.org/2002/03/xkms#Success"
            RequestId="1noOYHt5Lx7xUuizWZLOMw==" Id="04725751-3d19-4566-87e6-b4f4a2a72606"
            Service="http://cxf.apache.org/services/XKMS/" 
            xmlns:ns2="http://www.w3.org/2002/03/xkms#"
            xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" 
            xmlns:ns4="http://www.w3.org/2000/09/xmldsig#"
            xmlns:ns5="http://www.w3.org/2002/03/xkms#wsdl">
            <ns2:UnverifiedKeyBinding>
                <ns4:KeyInfo>
                    <ns4:X509Data>
                        <ns4:X509Certificate>… </ns4:X509Certificate>
                    </ns4:X509Data>
                </ns4:KeyInfo>
            </ns2:UnverifiedKeyBinding>
        </ns2:LocateResult>
    </soap:Body>
</soap:Envelope>

Sample error message:

Code Block
xml
xml

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <ns2:LocateResult ResultMajor="http://www.w3.org/2002/03/xkms#Receiver"
            ResultMinor="http://www.w3.org/2002/03/xkms#Failure"
            RequestId="1noOYHt5Lx7xUuizWZLOMw==" Id="da4f4faf-b2d6-414a-a4cf-b40f464b59a4"
            Service="http://cxf.apache.org/services/XKMS/" 
            xmlns:ns2="http://www.w3.org/2002/03/xkms#"
            xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" 
            xmlns:ns4="http://www.w3.org/2000/09/xmldsig#"
            xmlns:ns5="http://www.w3.org/2002/03/xkms#wsdl">

            <ns2:MessageExtension xsi:type="ns5:resultDetails"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                <Details>Search certificates failure: Application
                    identifier not supported</Details>
            </ns2:MessageExtension>
        </ns2:LocateResult>
    </soap:Body>
</soap:Envelope>