[jira] Updated: (RAMPART-114) "Unexpected signature" exception thrown when using Signed/SupportingTokens Assertion

Thu, 15 Nov 2007 04:34:08 -0800 

     [ 
https://issues.apache.org/jira/browse/RAMPART-114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nandana Mihindukulasooriya updated RAMPART-114:
-----------------------------------------------

    Attachment: RAMPART-114.patch

Yes, there is an issue here. When we a signature is found, we check whether are 
signed parts, signed elements, whether body is signed. We also check for these 
things (Signed parts, Signed elements, etc. ) if there are Endorsing Supporting 
Tokens or Signed Endorsing Supporting Tokens present. But Signed Supporting 
Tokens and Signed Endorsing Supporting Tokens are signed hence generate 
signature elements when they are present in the policy. So the check should be 
extended to include those also. Patch is attached.

> "Unexpected signature" exception thrown when using Signed/SupportingTokens 
> Assertion
> ------------------------------------------------------------------------------------
>
>                 Key: RAMPART-114
>                 URL: https://issues.apache.org/jira/browse/RAMPART-114
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.3
>         Environment: Axis2 1.3, Rampart 1.3, JDK 1.4, Tomcat 5.5.20
>            Reporter: Dobri Kitipov
>         Attachments: RAMPART-114.patch, services_UT.xml
>
>
> When symmetric binding with Username token is tested then the following 
> exception is thrown :
> "Unexpected signature".
> My observations showed that this exception is caused into 
> org.apache.rampart.PolicyBasedResultsValidator class and namely into the
> public void validate(ValidatorData data, Vector results) method.
> There are several checks for signitureParts. These checks are for 
> "timestamp", "EndorsingSupportingTokens" and 
> "SignedEndorsingSupportingTokens".
> The problem is that when I read the WS - Security Policy - 1.1 - July 2005, 
> which spec is implemented by Rampart, we can read that there are
> two additional supporting tokens assertions which are not processed into the 
> method, namely:
> - SupportingTokens Assertion
> and
> - SignedSupportingTokens Assertion.
> In my case the policy contains an username token as SignedSupportingTokens 
> Assertion.
> I am attaching the policy to the JIRA.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to