If you are using the SymmetricBinding or AsymmetricBinding policies, the Timestamp is automatically signed if the "IncludeTimestamp" policy is in the Binding policy.
The "sp:Header" policy in SignedParts/EncryptedParts is designed to be used for SOAP headers, not for internal headers in the security header (such as Timestamp). Instead, use an "EncryptedElements" policy, with an XPath expression pointing to the Timestamp. Colm. On Tue, Mar 22, 2016 at 3:17 AM, Giriraj Bhojak <girira...@gmail.com> wrote: > Hello, > > > I need to sign and encrypt the timestamp WS-Security header. > > My policy file has following assertions: > > > > <sp:SignedParts> > > <sp:Body /> > > <sp:Header Namespace=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " /> > > </sp:SignedParts> > > <sp:EncryptedParts> > > <sp:Body /> > > <sp:Header Namespace=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " /> > > </sp:EncryptedParts> > > Above namespace belongs to wsu element. > > I can still see following entry in the wsse:Security element: > > > > <wsu:Timestamp > wsu:Id="TS-A91AE37C42BC91148914586148175181"> > > > <wsu:Created>2016-03-22T02:46:57.516Z</wsu:Created> > > > <wsu:Expires>2016-03-22T02:51:57.516Z</wsu:Expires> > > </wsu:Timestamp> > > > > If I try to add the namespace of wsse into the signed and encrypted parts > above in order to encrypt and sign entire header as follows: > > <sp:SignedParts> > > <sp:Body /> > > <sp:Header Namespace=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " /> > > </sp:SignedParts> > > <sp:EncryptedParts> > > <sp:Body /> > > <sp:Header Namespace=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " /> > > </sp:EncryptedParts> > > > > Then on the CXF server I get: > > org.apache.cxf.interceptor.Fault- Exception Message: Found element { > http://www.w3.org/2001/04/xmlenc#}EncryptionMethod but could not find > matching RPC/Literal part > > I am using CXF v2.7.11. > > Am I doing something wrong? > > Thanks, > Giriraj > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com