Re: Encrypting timestamp or other security headers using WS-SecurityPolicy

Wed, 23 Mar 2016 04:05:09 -0700 

If you are using the  SymmetricBinding or AsymmetricBinding policies, the
Timestamp is automatically signed if the "IncludeTimestamp" policy is in
the Binding policy.

The "sp:Header" policy in SignedParts/EncryptedParts is designed to be used
for SOAP headers, not for internal headers in the security header (such as
Timestamp). Instead, use an "EncryptedElements" policy, with an XPath
expression pointing to the Timestamp.

Colm.

On Tue, Mar 22, 2016 at 3:17 AM, Giriraj Bhojak <girira...@gmail.com> wrote:

> Hello,
>
>
> I need to sign and encrypt the timestamp WS-Security header.
>
> My policy file has following assertions:
>
>
>
>                     <sp:SignedParts>
>
>                            <sp:Body />
>
>                            <sp:Header Namespace="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> " />
>
>                     </sp:SignedParts>
>
>                     <sp:EncryptedParts>
>
>                            <sp:Body />
>
>                            <sp:Header Namespace="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> " />
>
>                     </sp:EncryptedParts>
>
>  Above namespace belongs to wsu element.
>
> I can still see following entry in the wsse:Security element:
>
>
>
>                     <wsu:Timestamp
> wsu:Id="TS-A91AE37C42BC91148914586148175181">
>
>
>  <wsu:Created>2016-03-22T02:46:57.516Z</wsu:Created>
>
>
>  <wsu:Expires>2016-03-22T02:51:57.516Z</wsu:Expires>
>
>                     </wsu:Timestamp>
>
>
>
> If I try to add the namespace of wsse into the signed and encrypted parts
> above in order to encrypt and sign entire header as follows:
>
>                     <sp:SignedParts>
>
>                            <sp:Body />
>
>                            <sp:Header Namespace="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> " />
>
>                     </sp:SignedParts>
>
>                     <sp:EncryptedParts>
>
>                            <sp:Body />
>
>                            <sp:Header Namespace="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> " />
>
>                     </sp:EncryptedParts>
>
>
>
> Then on the CXF server I get:
>
> org.apache.cxf.interceptor.Fault- Exception Message: Found element {
> http://www.w3.org/2001/04/xmlenc#}EncryptionMethod but could not find
> matching RPC/Literal part
>
> I am using CXF v2.7.11.
>
> Am I doing something wrong?
>
> Thanks,
> Giriraj
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply via email to