[wsf-c-dev] [wsf/php] is X509 token profile encryption supported?
Renaud Bruyeron
bruyeron at fullsix.com
Tue May 29 03:17:47 PDT 2007
Renaud Bruyeron wrote:
> Buddhika Semasinghe wrote:
>> Renaud Bruyeron wrote:
>>>
>>> I am trying to do what is described p11 on
>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
>>>
>>> (encryption usage of the X509 token profile v1.0) using wsf/php.
>>> The client is in php, and the server I need to talk to is
>>> implemented with XFire/WSS4J
>>> The server-side works well (I have java-based clients talking to
>>> it), but I can't find an example
>>> of WSF/PHP usage that does this.
>>>
>>> Anyone has a testcase for this or example PHP script? Is this
>>> supported as of 1.0alpha2?
>>>
>>>
>> Hi Renaud;
>>
>> There is a sample called "encryption_only" in *src/sample/secpolicy*
>> directiory in 1.0alpha2. There is a client and a server which
>> encrypts the message in X509 token profile.Further If you want to
>> know how to use security stuffs in WSF/PHP , you can follow the wiki
>> in http://wso2.org/wiki/display/wsfphp/WS-Security+API.For any more
>> concerns about this we would like to help you through the mailing list.
>
> The encrypt_only example does not implement the profile I am referring
> to.
> If I capture the SOAP message, I see that it is different from the one
> in the spec (see attachements).
> The good message is generated by XFire/WSS4J, the bad one is from the
> encrypt_only example using the same certificate. You can see the good
> message is exactly the structure described in the PDF (section 3.4
> "Encryption"), while the bad message has a different structure: it has
> a BinarySecurityToken, and does not show the X509 certificate values
> (CN and serial) in the keyInfo section.
Sorry forgot to add the attachments!
Here they go.
- Renaud
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bad-encrypt.xml
Type: text/xml
Size: 3127 bytes
Desc: not available
Url : http://wso2.org/pipermail/wsf-c-dev/attachments/20070529/43168803/bad-encrypt.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: good-encrypt.xml
Type: text/xml
Size: 3248 bytes
Desc: not available
Url : http://wso2.org/pipermail/wsf-c-dev/attachments/20070529/43168803/good-encrypt.bin
More information about the Wsf-c-dev
mailing list