Hi everybody, My environment is based on Axis2 1.3, Rampart 1.3. What I am testing is symmetric binding with Username token. What I am receiving is the following exception: "Unexpected signature".
I know the reason about the problem, but I am interested is it bug in rampart or there is another reason for that? Or may be I do not understand it well? This exception is caused into org.apache.rampart.PolicyBasedResultsValidator class and namely into the public void validate(ValidatorData data, Vector results) method. There are several checks for signitureParts. These checks are for "timestamp", "EndorsingSupportingTokens" and "SignedEndorsingSupportingTokens". The problem is that when I read the WS - Security Policy - 1.1 - July 2005, which spec is implemented by Rampart, we can read that there are two additional supporting tokens assertions, namely: - SupportingTokens Assertion and - SignedSupportingTokens Assertion. Why these two cases are not processed into the method? Is there any particular reason about that? Here is an excerpt from my service.xml that causes the exception: <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"; xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> </wsp:Policy> </sp:SignedSupportingTokens> My understanding is that I should add two additional cases into the above mentioned code in order to have: signatureParts.add(new WSEncryptionPart("SignedSupportingTokens ")); and signatureParts.add(new WSEncryptionPart("SupportingTokens ")); Thank you in advance! Best regards, Dobri PS I am applying and the SOAP request: <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:wsa="http://www.w3.org/2005/08/addressing";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> <xenc:EncryptedKey Id="EncKeyId-18788761"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>9kbwRNyMypNWhulx0JkHVOFvRB8=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>PjfZ2MAa1HZs1pfzNxa+zdaNKBMgi9fjOdsQSY3jfqkl0lFiWMtc5UOngBfjlN0hNHxfLnU2cJVnEuBTQgHYl2iaJT/VnbDk2Oby5/HZcFyq2ojNarE0iScoJ5beZD0DbSkkpzkq3elfSjYpa1MXRYBtNHcCD+cDkmmpNfZHuJU=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="derivedKeyId-27003862"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-18788761"/> </wsse:SecurityTokenReference> <wsc:Length>16</wsc:Length> <wsc:Nonce>iy0NzppeoVrO6YfwpMlnSw==</wsc:Nonce> <wsc:Offset>0</wsc:Offset> </wsc:DerivedKeyToken> <xenc:ReferenceList/> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken-13367741"> <wsse:Username>vmtest</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>vmtest</wsse:Password> </wsse:UsernameToken> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="derivedKeyId-24856323"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-18788761"/> </wsse:SecurityTokenReference> <wsc:Length>16</wsc:Length> <wsc:Nonce>SYR+YeMYEbTiIxSg1ZnccQ==</wsc:Nonce> <wsc:Offset>0</wsc:Offset> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-19419092"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <ds:Reference URI="#UsernameToken-13367741"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>n1Tt4rPVpDWRQbkXo21bMOSbcpU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>JFfbGIEU9tGljsoEbTQfbQA0+jY=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-4167406"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-13506221"> <wsse:Reference URI="#derivedKeyId-24856323"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To>http://127.0.0.1:8082/wsstack/services/HelloPojo</wsa:To> <wsa:MessageID>urn:uuid:FD4944A142545EE74F1194968191631</wsa:MessageID> <wsa:Action>urn:sayHello</wsa:Action> </soapenv:Header> <soapenv:Body> <xsd:sayHello xmlns:xsd="http://pojo.wsstack.mycompany.com";> <xsd:name>Dodo!</xsd:name> </xsd:sayHello> </soapenv:Body> </soapenv:Envelope>
