Thank you Colm, that policy did help out. Thanks, Giriraj On Mar 23, 2016 1:57 PM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote:
> See here: > > > https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl;h=dcf01b23c124795a04be170f5d8079102a516b35;hb=HEAD > > On Wed, Mar 23, 2016 at 5:50 PM, Giriraj Bhojak <girira...@gmail.com> > wrote: > >> Thank you Colm. >> Would you have a policy example of using EncryptedElements instead of >> using EncryptedParts? >> I tried few combinations, but they didn't work out. >> >> Thanks, >> Giriraj >> On Mar 23, 2016 12:58 PM, "Colm O hEigeartaigh" <cohei...@apache.org> >> wrote: >> >>> Answers inline. >>> >>> On Wed, Mar 23, 2016 at 4:49 PM, Giriraj Bhojak <girira...@gmail.com> >>> wrote: >>> >>>> Do you mean to say the timestamp is not just signed but encrypted as >>>> well if it is part of the AsymmetricBinding? >>>> >>> No, just signed. >>> >>>> In my policy I have also added username token as a supporting token, >>>> outside of AsymmetricBinding. Would this token be signed and encrypted too? >>>> >>> >>> No. However it would be if you specified a >>> "SignedEncryptedSupportingToken" policy instead of "SupportingToken". >>> >>> Colm. >>> >>> >>>> I have written a Java client that is able to successfully send and >>>> receive a response using the policy. I have a requirement to test the >>>> endpoint using SoapUI tool as well and that's where I am facing issues >>>> since I couldn't just import the policy SoapUI. >>>> >>>> Thanks, >>>> Giriraj >>>> On Mar 23, 2016 7:04 AM, "Colm O hEigeartaigh" <cohei...@apache.org> >>>> wrote: >>>> >>>>> If you are using the SymmetricBinding or AsymmetricBinding policies, >>>>> the >>>>> Timestamp is automatically signed if the "IncludeTimestamp" policy is >>>>> in >>>>> the Binding policy. >>>>> >>>>> The "sp:Header" policy in SignedParts/EncryptedParts is designed to be >>>>> used >>>>> for SOAP headers, not for internal headers in the security header >>>>> (such as >>>>> Timestamp). Instead, use an "EncryptedElements" policy, with an XPath >>>>> expression pointing to the Timestamp. >>>>> >>>>> Colm. >>>>> >>>>> On Tue, Mar 22, 2016 at 3:17 AM, Giriraj Bhojak <girira...@gmail.com> >>>>> wrote: >>>>> >>>>> > Hello, >>>>> > >>>>> > >>>>> > I need to sign and encrypt the timestamp WS-Security header. >>>>> > >>>>> > My policy file has following assertions: >>>>> > >>>>> > >>>>> > >>>>> > <sp:SignedParts> >>>>> > >>>>> > <sp:Body /> >>>>> > >>>>> > <sp:Header Namespace=" >>>>> > >>>>> > >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>> > " /> >>>>> > >>>>> > </sp:SignedParts> >>>>> > >>>>> > <sp:EncryptedParts> >>>>> > >>>>> > <sp:Body /> >>>>> > >>>>> > <sp:Header Namespace=" >>>>> > >>>>> > >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >>>>> > " /> >>>>> > >>>>> > </sp:EncryptedParts> >>>>> > >>>>> > Above namespace belongs to wsu element. >>>>> > >>>>> > I can still see following entry in the wsse:Security element: >>>>> > >>>>> > >>>>> > >>>>> > <wsu:Timestamp >>>>> > wsu:Id="TS-A91AE37C42BC91148914586148175181"> >>>>> > >>>>> > >>>>> > <wsu:Created>2016-03-22T02:46:57.516Z</wsu:Created> >>>>> > >>>>> > >>>>> > <wsu:Expires>2016-03-22T02:51:57.516Z</wsu:Expires> >>>>> > >>>>> > </wsu:Timestamp> >>>>> > >>>>> > >>>>> > >>>>> > If I try to add the namespace of wsse into the signed and encrypted >>>>> parts >>>>> > above in order to encrypt and sign entire header as follows: >>>>> > >>>>> > <sp:SignedParts> >>>>> > >>>>> > <sp:Body /> >>>>> > >>>>> > <sp:Header Namespace=" >>>>> > >>>>> > >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>>>> > " /> >>>>> > >>>>> > </sp:SignedParts> >>>>> > >>>>> > <sp:EncryptedParts> >>>>> > >>>>> > <sp:Body /> >>>>> > >>>>> > <sp:Header Namespace=" >>>>> > >>>>> > >>>>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>>>> > " /> >>>>> > >>>>> > </sp:EncryptedParts> >>>>> > >>>>> > >>>>> > >>>>> > Then on the CXF server I get: >>>>> > >>>>> > org.apache.cxf.interceptor.Fault- Exception Message: Found element { >>>>> > http://www.w3.org/2001/04/xmlenc#}EncryptionMethod but could not >>>>> find >>>>> > matching RPC/Literal part >>>>> > >>>>> > I am using CXF v2.7.11. >>>>> > >>>>> > Am I doing something wrong? >>>>> > >>>>> > Thanks, >>>>> > Giriraj >>>>> > >>>>> >>>>> >>>>> >>>>> -- >>>>> Colm O hEigeartaigh >>>>> >>>>> Talend Community Coder >>>>> http://coders.talend.com >>>>> >>>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
