Stéphane CIZERON created WSS-473:
------------------------------------
Summary: BST signature element
Key: WSS-473
URL: https://issues.apache.org/jira/browse/WSS-473
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 1.6.11
Reporter: Stéphane CIZERON
Assignee: Colm O hEigeartaigh
Fix For: 1.6.12
In the 1.5.x versions, when we wanted to sign the BST, we used a special
keyword 'Token' and the signed element was the BST.
In 1.6.x, the Token keyword doesn' t exist anymore, When the Token is used, a
general security error is raised (WSEncryptBody/WSSignEnvelope: Element to
encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Token).
If we use STRTransform, the validation fails because the signed element is the
SecurityTokenReference and not the BST.
if we use
{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken
as WSEncryptionPart, we have the same general error => element not found. I
check the SingatureAction.java, the BST is appended at the end whereas if it
was appened just after the prepare method (line 70), the last issue is OK.
I tested it and it works, the validation BST signature is OK.
wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
wsSign.prependBSTElementToHeader(reqData.getSecHeader());
Could you tell me first if it's a correct workaround?
And in the second time, if the correction could be packaged in the 1.6.12
quickly ?
Best regards
Stéphane
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
