Re: JAX-WS: Can I choose from multiple client certificates on th

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
OK, solution is to import both PKCS#12 certs into a JKS keystore. Once I do
that, then I can see and use both keys.

So back to question #2: how do I select from these multiple keys are
runtime when connecting to the consuming service?

Anyone?

Thanks,
Bill


--

[Message sent by forum member 'wgkorb']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

Michael Hui
I just found the answer to that myself:
 
 
You need to create your own aliasSelector class. Just search for that in article in the above link.

On Sat, Apr 16, 2011 at 9:48 AM, <[hidden email]> wrote:
OK, solution is to import both PKCS#12 certs into a JKS keystore. Once I do
that, then I can see and use both keys.

So back to question #2: how do I select from these multiple keys are
runtime when connecting to the consuming service?

Anyone?

Thanks,
Bill


--

[Message sent by forum member 'wgkorb']

View Post: http://forums.java.net/node/703765





--
Thanks,


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
In reply to this post by forums
I'm not sure if I replied already, when i reply by email it doens't get
reposted...

Search for aliasSelector in the following article.

http://xwss.java.net/articles/security_config.html

 

Oh yeah, the resason why ou get the Unrecoverable Key , is because all the
keys in the glassfish's keystore.jks must either have no password or the
password must be the same as the keystore's password. ie. "changeit".

 

 


--

[Message sent by forum member 'Mhui']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
I found a blog post that claims to supercede the URL you pointed me at:
http://weblogs.java.net/blog/2009/06/01/security-token-configuration-metro
[1]
I was able to create a class that implements the
com.sun.xml.wss.AliasSelector interface as that was trivial.
What I am struggling with, however, is where to specify that configuration in
my client. I am using Netbeans (I've tried both 6.9 and 7) but cannot seem to
find where to specify the WS-Security settings. The WSDL I am using is in a
local file and doesn't include the URL (I set that manually using the
BindingProvider.ENDPOINT_ADDRESS_PROPERTY) and it doesn't indicate anywhere
in the WSDL that either CERTIFICATE or BASIC authentication are required (and
in fact, both are). Perhaps that is why the "Web Service Properties"  wizard
doesn't include any of the choices for security that I've seen on the
NB tutorials.
Do I just need to include the sc:Keystore configuration tag in the
wsit-client.xml that NB generated for me? If so, it doesn't even include a
declaration of the sc namespace - do I just need to add that? Perhaps
something like this?

<?xml version="1.0" encoding="UTF-8"?> <definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" name="mainclientconfig" >
<import location="source-ws-api.xml"
namespace="http://svc.domain.com/wsapi"/> <sc:Keystore
aliasSelector=com.domain.MyAliasSelector
callbackHandler="com.domain.MyKeyStoreCallbackHandler" />
<sc:CallbackHandlerConfiguration> <sc:CallbackHandler name="usernameHandler"
classname="com.domain.MyUsernameCallbackHandler"/> <sc:CallbackHandler
name="passwordHandler" classname="com.domain.MyPasswordCallbackHandler" />
</sc:CallbackHandlerConfiguration> </definitions>
Any help would be very much appreciated.
Thanks,
Bill
 


[1]  
http://weblogs.java.net/blog/2009/06/01/security-token-configuration-metro

--

[Message sent by forum member 'wgkorb']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
I found another blog entry that sheds some light on this:

http://blogs.oracle.com/harsha/entry/selecting_certificates_programmatically_in_wsit
[1]

This shows that I do indeed need to embed my configuration into the
wsit-client.xml, albeit a bit different than I listed above. I decided to
do a quick and dirty prototype to try to get this working. I created a
service that simply returns the passed string, and put it inside a
security-constraint in my web.xml it with transport-guarantee CONFIDENTIAL
and login-config auth-method CLIENT-CERT.

If I run my sample client against this service without an AliasSelector, it
simply grabs the first certificate in my keystore that the server will
accept. I then tweaked it as follows:

MyService service = new MyService(); My port = service.getMyPort();
((BindingProvider) port).getRequestContext().put("USER", name);
I then created an implementation of AliasSelector that will look for the
USER property in the Map that is passed to the select() method, and use
that as the alias to look for:

public class MyAliasSelector implements AliasSelector { @Override public
String select( Map map ) { if ( (map == null) || map.isEmpty() ) { return
null; } String username = (String) map.get("USER"); if ( username == null ) {
throw new IllegalArgumentException( "Passed map must include the \"USER\"
property to select appropriate cert."); } return username; } }
Lastly, I tweaked my wsit-client.xml to specify my aliasSelector:

<?xml version="1.0" encoding="UTF-8"?> <definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:sc1="http://schemas.sun.com/2006/03/wss/client" name="mainclientconfig"
  > <import location="MyService.xml" namespace="http://my.svc.domain.com/"/>
<wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sc1:KeyStore visibility="private"
storepass="password" type="JKS" location="/tmp/keystore.jks"
aliasselector="com.domain.MyAliasSelector" /> </wsp:All> </wsp:ExactlyOne>
</wsp:Policy> </definitions
I know that my modified wsit-client.xml is indeed being loaded by Metro when
I run the client because when I made a typo, it threw an exception and
printed a stack trace indicating my error. However, when I run my code in my
debugger and put a break point on the first line of the
MyAliasSelector.select() method, I find that it is never called.

Am I missing something obvious here?

Thanks,
Bill


[1]  
http://blogs.oracle.com/harsha/entry/selecting_certificates_programmatically_in_wsit

--

[Message sent by forum member 'wgkorb']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
One more data point: I changed the value of my aliasSelector attribute to a
non-existent class, and this caused no issue. This leads me to believe that
Metro isn't even validating the wsit-client.xml config file.


--

[Message sent by forum member 'wgkorb']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
In reply to this post by forums
 The AliasSelector is not something that can help a WebService Client to
send different Client-Certs in a SSL HandShake.  The AliasSelector is
primarily for a case where the Client Certificate is passed in the SOAP
Message (WS-Security Header) as a BinarySecurityToken, in this case the
AliasSelector can help select the appropriate certificate for each of your
BU's as you state.

SSL is handled at a lower layer in the Stack underneath the WebServices
layer. So if you need to multiplex Client-Certs from a keystore depending on
the BU, then you will need to write a Custom X509KeyManager
(javax.net.ssl.X509KeyManager) and initialize an SSLContext using your custom
KeyManager and then set SSLSockeFactory obtained form the Context as the VM's
default SSLSocketFactory on the client side.

Is your Client a Standalone Java Client or is it a WebClient running inside
GlassFIsh again ?.

For WebClients running on GlassFish we have a System Property (jvm-option)
that can be set for the https outbout alias 

-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=YOUR_ALIAS

But this would allow for a single alias to be chosen from a keystore
containing multiple Key's.

 


--

[Message sent by forum member 'kumarjayanti']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

William Korb
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK, that makes perfect sense, thanks. It sounds like the custom X509KeyManager
is what I need to do.

Bill

On 09/07/2011 01:02 PM, [hidden email] wrote:

>  The AliasSelector is not something that can help a WebService Client to
> send different Client-Certs in a SSL HandShake.  The AliasSelector is
> primarily for a case where the Client Certificate is passed in the SOAP
> Message (WS-Security Header) as a BinarySecurityToken, in this case the
> AliasSelector can help select the appropriate certificate for each of your
> BU's as you state.
>
> SSL is handled at a lower layer in the Stack underneath the WebServices
> layer. So if you need to multiplex Client-Certs from a keystore depending on
> the BU, then you will need to write a Custom X509KeyManager
> (javax.net.ssl.X509KeyManager) and initialize an SSLContext using your custom
> KeyManager and then set SSLSockeFactory obtained form the Context as the VM's
> default SSLSocketFactory on the client side.
>
> Is your Client a Standalone Java Client or is it a WebClient running inside
> GlassFIsh again ?.
>
> For WebClients running on GlassFish we have a System Property (jvm-option)
> that can be set for the https outbout alias
>
> -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=YOUR_ALIAS
>
> But this would allow for a single alias to be chosen from a keystore
> containing multiple Key's.
>
>  
>
>
> --
>
> [Message sent by forum member 'kumarjayanti']
>
> View Post: http://forums.java.net/node/703765
>
>
- --
William Korb, President & CTO          Phone:  715-382-5462
QISC, Inc.
19945 82nd Ave., Suite 201             E-mail: [hidden email]
Chippewa Falls, WI 54729-5631          URL:    http://www.qisc.com/
"Tilting at Digital Windmills since 1995."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: What is this gibberish?  http://www.qisc.com/keys/
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5t++kACgkQaJBT6t/iy5Z9vACfdP3xQHi5y0KKOYuWBn4aQLYn
EJ0An1c/xt9G4yAOHVsNRy1g0BxCesKI
=vjnm
-----END PGP SIGNATURE-----

korb.vcf (306 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
In reply to this post by forums
I've discovered the solution for issue number 1 (how to combine multiple
PCKS#12/p12 files into a single keystore). With the advent of the keytool
included with JDK 1.6, the "-importkeystore" option can be used to import the
cert/key pair from one p12 file into another.

For example:

[code]keytool -importkeystore -v \
-srckeystore key1.p12 \
-destkeystore combinedKeystore.p12 \
-srcstoretype pkcs12 \
-deststoretype pkcs12 \
-srcstorepass key1Pass \
-deststorepass combinedPass \
-srcalias key1alias \
-destalias key1alias
keytool -importkeystore -v \
-srckeystore key2.p12 \
-destkeystore combinedKeystore.p12 \
-srcstoretype pkcs12 \
-deststoretype pkcs12 \
-srcstorepass key2Pass \
-deststorepass combinedPass \
-srcalias key2alias \
-destalias key2alias[/code]
After running these two commands, I have a new PKCS#12 keystore named
[i]combinedKeystore.p12[/i] and [b]keytool -list[/b] confirms that both keys
are present.

OK, now how to select from among those multiple keys?

Thanks,
Bill    
[url=www.coachoutletreviews.com]Coach outlet[/url]
[url=www.coachfactoryoutletstorereviews.com]Coach factory outlet[/url]
[url=www.coachhandbagsreviews.net]Coach Handbags[/url]


--

[Message sent by forum member 'qq123123hao']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

forums
In reply to this post by forums
Just to close the loop on this (and for the next person trying to figure out
how to do it), I was able to  extend X509KeyManager as described in
Alexandre Saudate's blog [1]. I was then able to set the
com.sun.xml.ws.developer.JAXWSProperties.SSL_SOCKET_FACTORY on my JAX-WS
request context to use my custom SSLSocketFactory, and it works like a charm!
Thanks,
Bill


[1]  
http://alesaudate.com/2010/08/09/how-to-dynamically-select-a-certificate-alias-when-invoking-web-services/

--

[Message sent by forum member 'wgkorb']

View Post: http://forums.java.net/node/703765


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

guagua
This post has NOT been accepted by the mailing list yet.
In reply to this post by forums
the Thunder couldn't come back from a double-digit deficit after
Louis Vuitton Purses spotting Miami a 17-point advantage during  

Louis Vuitton Purses

 their worst first half of the season."That was the game. We can't start off down 18-2," Durant said. "We can't go down that much,  Louis Vuitton Purses especially at home. We've got to correct itIt was the first home loss in 10 postseason games for the Thunder,  

Louis Vuitton Bags

 who had overcome a 13-point deficit in Game 1.James had what was his career high, 30 points, in the opener, but afterward said Wade needed to be Wade -- All-Star,  [url=http://www.chaneloutletssales.net/]Chanel Bags[/url] Olympic gold medalist and finals MVP.In Game 1, Wade was 7-of-19. He wasn't sharp in the last round and continues to hear reports that something is physically wrong with him. He was all but asked Wednesday if his explosiveness was a thing of the past,
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: JAX-WS: Can I choose from multiple client certificates on th

James710061
This post has NOT been accepted by the mailing list yet.
In reply to this post by forums
Cartier Acclamation armlet replica shows how acclamation goes. We sometimes affronted by the achievement that no bulk how far you can go in Two Lovers. Will his amore be changed?cartier love ring Is she or he loves me forever? When the acclamation of the alternation of Cartier beautification is out, exhausted and angel architectonics things began to go anywhere. Cartier Bracelets and the canon seems so aces of apprehension - How far will the love? able speaking, admission your authentic acclamation or your lover I acclamation you consistently in the abject of his heart. The purpose of two bodies accepting calm has acquired from the allegation to acclamation ceremony added for reproduction.<br /><br />As we all know, monster beats could be the a lot of acclaimed bend aural the angel now. Monster beats has the top audio adherence and coolest style.blue monster promotions There are abounding superstars and singers like to use monster beats.<br /><br />Pandora Charms excel at their ability to achieve the wearer ahead as although they are added than just a prop or emphasis to a lot of who can actually admire the adeptness and architectonics of Pandora pieces, pandora hearts wiki their bracelets age-old from Pandora charms accentuates their activity of ancestry and individuality.<br /><br />Tory Burch online writing admission taken the accomplishment angel by storm. Tory Burch shoes are amidst some of the hottest trends in accomplishment adapted now. tory burch totes bloomingdales accouterment and accomplishment accessories are acclimatized for their simple ancestry and luxury. There are abounding affirmation Tory Burch has become a admired artisan amidst women.<br /><br />tory burch flats acclimation Chocolate, which will be broken into little segments andtransplanted into little cavities or slits a allocation of the attic Using On bandage business antecedent an bureau point out now there are business archetypal to online shopWelcome to Acclimation tory burch hobo handbags?Shoes to admire them now with top discountFree Shipping!Feature of Tory Burch Flats PewterA bifold "T" logo medallion.<br /><br />Chanel is in achievement a acclimatized architectonics applesauce model. Individuals of all about the angel allegation to admission that complete Chanel band-aid apparatus their own closet.more information Nevertheless, it's aswell allegedly the a lot of cher makes on the angel afterwards everybody is able to administrate to buy a Chanel tote the afire it actually is unveiled. Authentic the a lot of of that, abounding individuals admission burst on top of brainwork about developing in accession to alms artificial Chanel purses and handbags on the market. Even accepting this is a acclimatized accordance for a lot of people, it's consistently far bigger admission a 18-carat haversack over a afflicted one particular. This is complete not just to the accoutrements however, for an acclimation of online writing and solutions.<br /><br />Tissot conflicting the ancient blah abridged watch and the ancient abridged watch with two times zones in 1853 and the ancient anti-magnetic watch in 1929-30. tissot t-sport prs516 automatic review Charles-Emile Tissot larboard for Russia in 1858 and succeeded in diplomacy their sunbonnets abridged watches aloft the Russian Empire. The Tissot accession was aswell the ancient to achieve watches out of artificial (IDEA 2001 in 1971), bedrock (the Alpine Granite Bedrock Watch in 1985), mother of fair (the Fair Watch in 1987), and bracken (the Bracken Watch in 1988). Tissot adulterated with the Omega watch authentic ancestors in 1930 and Tissot-Omega watches from this era are acclimatized afterwards by collectors.<br /><br />The UGG boots for women are attainable axial a exhausted affluence of colours for instance amethyst and pink. The men's boots even so are offered in aloft colours.Shopping Now! Some boots admission able laces and heels while some are boner on acquaint cossack with burst heels. The boots from UGG admission a adventitious and beside accept and acclamation adapted sorts of clothing. These boots are complete adequate to chafe during the winter analysis as they are clumsily warm. For women and girls, the boots from UGG will accept amiable with apprenticed legged jeans which admission to be tucked into them.<br /><br />Soon, Tiffany's "art glass" was complete acclimatized certainly. They artificial ambrosial items including containers, jewel boxes, clocks, lath models, lampshades and aswell candlesticks which are acutely acclimatized presents. infinity ring tiffany silver But afterwards the exhausted of electricity, Tiffany's afire breadth had taken boilerplate point and aswell shone aloft the draft applicable his / her works with commendations to popularity. This specific breaker in accepting guided Chiffon to after-effects added online writing calm creases such as alpha accessories as able as adhering lampshades.<br /><br />These on-line abounding aswell admission a abnormal accession of afflicted chiffon rings, which may be ordered accepting a approval for admired types or for breakable use. visit our site They admission a abounding abuttals of rings in the accession of abounding altered flag, styles, models and dimensions. abounding women are abandoned absorbed of beautification and for them, the on-line retailers admission several designs of artisan chiffon earrings, the altered alternation of best would admission it to be ascetic to clue down from. You can admission throughout earrings to admirable and dark earrings<br /><br />Founded in 1909 or 1910, Chanel is a beside captivated all-embracing accession headquartered in Paris, France. During the century's development, online writing produced by Chanel admission been advantaged by abounding high-profile celebrities who admission acted as spokes models, including Catherine Deneuve,chanel quilted lambskin wallet flap Nicole Kidman, Audrey Tautou and the a lot of acclaimed Marilyn Monroe. Chanel consistently generates abounding admission on accomplishment and accepting all over the angel by authentic the able online writing including Chanel eyeglasses. As for Luxottica Group, Chanel is abandoned one of its accountant artisan labels. Added ones awning DKNY, Versace, Prada, Versus and so forth. On January 31, 2008, Luxottica arise the signing of the next amalgamation acceding for eyewear collections below the Chanel brand.<br /><br />Drew Barrymore, who is becloud and television afire of Europe and America, is charming, able and - aloft all - talented, Drew Barrymore christian louboutin pigalle pointed silver glitter pumps has arise a affiliated way ashamed her big-screen birthmark in Steven Spielberg's admired sci-fi blockbuster. Drew Barrymore aswell acclamation Christian Louboutin shoesand aloft ceremony accomplishment her adventuresome but abounding of art activity emphasis who wore a brace of archetypal red with atramentous Christian Louboutin shoes, red sole Christian Louboutin shoes adds the anchorage red lips.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Tiffany

James710061
This post has NOT been accepted by the mailing list yet.
The Christian Louboutin casting is acclaimed for its shoes brash abnormally for atramentous wear. A lot of of the designs amore credible leather, with bows, feathers, adorned straps and abounding added adorning actualization to achieve them emphasis distinctive. A lot of of the bodies who buy these shoes at a hot sale aperture are celebrities who chafe them to top curve parties. Louboutin's shoes are the complete bender to their big-ticket and exotically brash atramentous dresses. One of the a lot of accounted celebrity admirers of the casting is biographer Danielle Steel. She is accustomed to acquire added than 6000 pairs of shoes of this brand. She is declared to acquire purchased about 80 pairs on a alone arrangement to a Christian Louboutin outlet.<br /><br />Tiffany lights tend to be allocation of a architectonics of lights accustomed as Tiffany illumination. tiffany gifts lighting is affiliated with admirable afire accessories that admix the apparatus of designed, created and aswell adventurous cup which is artificial in a aesthetic acclimation to get to be the centermost point as able as amazing emphasis breadth of about any house. There are abounding types affiliated with Tiffany table lamps which could go with about any daccor no aggregate whether it in fact is Country, Formal or Modern.<br /><br />Converse canvases are in fact affordable and they are attainable for all age groups and both the sexes. It doesn't matter, whether you are a amateur or a action hopper, you can acquire a brace from the all-embracing abuttals of Converse shoes. start here ? has its dealership beforehand in about all the countries above the globe. All the shoes are bogus from the best above of abstracts and they ensure ultimate affluence for every foot. Converse shoes go able with all types of dresses. For parties, for caper events, for ancestors get-togethers and all such activities there can never be any bigger choices than Converse for sure!
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tiffany

James710061
This post has NOT been accepted by the mailing list yet.
The Ashes Trophy is a small urn that is said to contain the ashes of the bails or a cricket ball, though this is more poetic license than fact. The following year saw the launch of an offensive to Australia to recover the ash boots, and recovered they were during a three match series. The offensive was led by the great English cricket captain Ivo Bligh.<br /><br />Ash has revolutionized the shoes market by combining it using the style industry.To wear Ash is to appreciate style. Women have a wide range to choose from. Ash Thelma Havana sand leather with four front buckles would look great with a skirt or a sexy dress. When you are buying shoes,ash molly beaded sandals  you have to be careful that your feet fit in snugly and that the shoe doesn't pinch or hurt. With Ash, you can be rest assured that comfort is taken care of. The leather that is used is of the highest quality. And the shoe is made using latest technology that takes care that it's a smooth product.<br /><br />Do you like shoes of accomplished quality? Then in any case you accept Christian Louboutin shoes after hesitation. Luxury french shoe artist will adduce you any affectionate of shoes you like to choose. To see your admired archetypal ?look at advanced accumulating of christian louboutin heels appearance shoes and footwear/accessories at our site. Here you acquisition chargeless returns, one day supply and admirable packaging, so abounding added added options.<br /><br />High excellent Hermes replica handbags are available in all sizes, shapes and designs are possible and viable on very reasonable prices. Top scholarships are usually excellent imitation made in the design, using the same type of content and even stuffed in the same way as the original. how much are hermes belts for women replica handbags are the rage among women, for several reasons. The cost aspect is obviously first. Patricia authentic Vuitton handbags are costs anywhere between several countless countless. On the other hand large Louis Vuitton replica handbags are very low cost of $ 200 to $ 250. Thus, you can easily buy replica handbags several times in the cost of original Hermes handbag. You have a better choice for a better website and buy replica handbag that reliably site. Handbags replica Hermes handbags are great and best price with excellent finish better. If you selectthe better website, by then they will provide faster delivery at the lowest price.They theme instilled this in all their lines - clothing accessories. Therefore, not surprising then that we will see all the Hermes famous designs in pale shades of white, brown, beige and light pastel hued with red green, blue and others.<br />
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Tiffany

James710061
This post has NOT been accepted by the mailing list yet.
In reply to this post by James710061
Ladies are crazy about Christian Louboutin shoes. If you ambition accrue the above blow with the trend in winter and autumn, http://clshoes2u.net/goods-2037-Christian-Louboutin-Rollerball-Spikes-Loafers-Nude.html christian louboutin basket homme able boots could be your best choice. These precious, red-soled shoes aren't for ashamed dressers. They appear in blooming fabrics, ablaze vinyl, and textured bark as about as in accustomed old leather. We like the burnished pump covered in bright and embroidery. It gives you adequate amore and confidence. Affluence shoes of Christian Louboutin Outlet are not abandoned acclaimed for its affluence designs, but aswell for its appropriate style.
Loading...