[wsf-c-dev] [wsf/php] is X509 token profile encryption supported?
Renaud Bruyeron
bruyeron at fullsix.com
Tue May 29 03:13:27 PDT 2007
Buddhika Semasinghe wrote:
> Renaud Bruyeron wrote:
>>
>> I am trying to do what is described p11 on
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
>>
>> (encryption usage of the X509 token profile v1.0) using wsf/php.
>> The client is in php, and the server I need to talk to is implemented
>> with XFire/WSS4J
>> The server-side works well (I have java-based clients talking to it),
>> but I can't find an example
>> of WSF/PHP usage that does this.
>>
>> Anyone has a testcase for this or example PHP script? Is this
>> supported as of 1.0alpha2?
>>
>>
> Hi Renaud;
>
> There is a sample called "encryption_only" in *src/sample/secpolicy*
> directiory in 1.0alpha2. There is a client and a server which encrypts
> the message in X509 token profile.Further If you want to know how to
> use security stuffs in WSF/PHP , you can follow the wiki in
> http://wso2.org/wiki/display/wsfphp/WS-Security+API.For any more
> concerns about this we would like to help you through the mailing list.
The encrypt_only example does not implement the profile I am referring to.
If I capture the SOAP message, I see that it is different from the one
in the spec (see attachements).
The good message is generated by XFire/WSS4J, the bad one is from the
encrypt_only example using the same certificate. You can see the good
message is exactly the structure described in the PDF (section 3.4
"Encryption"), while the bad message has a different structure: it has a
BinarySecurityToken, and does not show the X509 certificate values (CN
and serial) in the keyInfo section.
I must admit the specs are not very easy to absord&understand for
someone new - I may be confusing the policies here.
Anyone knows how to implement section 3.4 of the X509 token profile with
wsf/php ?
- Renaud
More information about the Wsf-c-dev
mailing list