...
XKMS client can be integrated into CXF and WSS4J using custom Crypto provider implementation. In this case XKMS service will be automatically invoked when WSS4J requires or validates certificate. Details are described in this blog.
Data Formats
Input and output data formats are specified in XML Key Management Service Specification Version 2.0 (see XKMS 2.0). Anyway XKMS service supports only subset of specified requests and responses.
Restrictions of formats for request and responses are described in following table:
...
XKMS Service can be deployed into web and OSGi containers. It Service implementation was tested with Tomcat and Karaf.
h4 Sample Requests and Responses
Sample request for Locate operation:
Code Block | ||||
---|---|---|---|---|
| ||||
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <ns2:LocateRequest xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:ns2="http://www.w3.org/2002/03/xkms#" xmlns:ns3="http://www.w3.org/2001/04/xmlenc#" Id="1noOYHt5Lx7xUuizWZLOMw==" Service="http://cxf.apache.org/services/XKMS/"> <ns2:QueryKeyBinding> <ns2:UseKeyWith Application="urn:ietf:rfc:2459" Identifier="EMAILADDRESS=client@client.com, CN=www.client.com, OU=IT Department, O=Sample Client -- NOT FOR PRODUCTION, L=Niagara Falls, ST=New York, C=US" /> </ns2:QueryKeyBinding> </ns2:LocateRequest> </soap:Body> </soap:Envelope> |
Sample response for Locate operation:
Code Block | ||||
---|---|---|---|---|
| ||||
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns2:LocateResult ResultMajor="http://www.w3.org/2002/03/xkms#Success"
RequestId="1noOYHt5Lx7xUuizWZLOMw==" Id="04725751-3d19-4566-87e6-b4f4a2a72606"
Service="http://cxf.apache.org/services/XKMS/"
xmlns:ns2="http://www.w3.org/2002/03/xkms#"
xmlns:ns3="http://www.w3.org/2001/04/xmlenc#"
xmlns:ns4="http://www.w3.org/2000/09/xmldsig#"
xmlns:ns5="http://www.w3.org/2002/03/xkms#wsdl">
<ns2:UnverifiedKeyBinding>
<ns4:KeyInfo>
<ns4:X509Data>
<ns4:X509Certificate>… </ns4:X509Certificate>
</ns4:X509Data>
</ns4:KeyInfo>
</ns2:UnverifiedKeyBinding>
</ns2:LocateResult>
</soap:Body>
</soap:Envelope>
|
Sample error message:
Code Block | ||||
---|---|---|---|---|
| ||||
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns2:LocateResult ResultMajor="http://www.w3.org/2002/03/xkms#Receiver"
ResultMinor="http://www.w3.org/2002/03/xkms#Failure"
RequestId="1noOYHt5Lx7xUuizWZLOMw==" Id="da4f4faf-b2d6-414a-a4cf-b40f464b59a4"
Service="http://cxf.apache.org/services/XKMS/"
xmlns:ns2="http://www.w3.org/2002/03/xkms#"
xmlns:ns3="http://www.w3.org/2001/04/xmlenc#"
xmlns:ns4="http://www.w3.org/2000/09/xmldsig#"
xmlns:ns5="http://www.w3.org/2002/03/xkms#wsdl">
<ns2:MessageExtension xsi:type="ns5:resultDetails"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Details>Search certificates failure: Application
identifier not supported</Details>
</ns2:MessageExtension>
</ns2:LocateResult>
</soap:Body>
</soap:Envelope>
|