Hi Massimiliano, WSS4J does not enforce that certain elements in a request must be signed or encrypted, that's the job of the calling code. So for example, if a CXF endpoint has a WS-SecurityPolicy requirement that the SOAP Body must be signed, then your sample altered request will fail at that stage.
Colm. On Tue, Jun 19, 2012 at 11:28 AM, [email protected] < [email protected]> wrote: > Hello All, > > I am trying to write a code against XML-Signature wrapping. > > The attached XML is validating, but it shouldn't (the signature was made > on the correct XML, where I switched the body) :-) > > I was trying to use the w3c's best practice #14, which is described in > > http://domino.research.ibm.com/library/cyberdig.nsf/papers/73053F26BFE5D1D385257067004CFD80/$File/rc23691.pdf > > How can I do that easily with wss4j? > > Thanks a lot! > > <?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?> > > <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope";> > > <s:Header> > > <wsse:Security s:mustUnderstand="true" xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > > <wsse:BinarySecurityToken EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > wsu:Id="X509-5ED3F58FF83785A1E613401010446741">MIIDMDCCApmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBrDELMAkGA1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRQwEgYDVQQLEwtKVW5pdCB0ZXN0czEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIE1hc2kxMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wIBcNMTIwMTAyMDkwMDM1WhgPMjE5MTA2MDgwOTAwMzVaMIGPMQswCQYDVQQGEwJBVDEQMA4GA1UECBMHQXVzdHJpYTEVMBMGA1UEChMMVGlhbmkgU3Bpcml0MRQwEgYDVQQLEwtKVW5pdCBUZXN0czEOMAwGA1UEAxMFY2VydDExMTAvBgkqhkiG9w0BCQEWIm1hc3NpbWlsaWFuby5tYXNpQHRpYW5pLXNwaXJpdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANgfPyeyh5akguf7m0rxeAlzeTmfSHQw6VFcttllUHvK7EowEhnCXySqqd6F+rFf6GtvYxdIKAoSy2dW6clU9Qa43GdDxnRH2nWj/2BHQpNeagn4SnHnB0Sh+Tg+GyIzGMLwVW+3exKfNqXX+bT/0qe2s9aSx5+6YablcPdbjd7nAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTyZNkaXQQW/poejdu6nXjh3rBhbzAfBgNVHSMEGDAWgBR0cbZF2tyFPQ8VxQGIiJhzLmEADjANBgkqhkiG9w0BAQUFAAOBgQBNxznZ6jvfMQDjCZvI+/SVGubIDGse9kYgeIqkzxs/fxZQHf2WCZLwnRLWKiPbVuiyJqQaP+BefGWTwzw76abjPOliPLyCoZeJS3bT6Pdubswlgzx49yp0b+RF424tRtGAgDpvRPij7RYIQuGt30iVOTkgEqMciOw/8ZHWHS3/+Q==</wsse:BinarySecurityToken> > > <ds:Signature Id="SIG-2" xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#";> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces PrefixList="s" xmlns:ec=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > > </ds:CanonicalizationMethod> > > <ds:SignatureMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > <ds:Reference URI="#id-1"> > > <ds:Transforms> > > <ds:Transform Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces PrefixList="" xmlns:ec=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#sha1"/> > > <ds:DigestValue>mjUU4XkDWH4O/mdFHz65/e5C6hw=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > > <ds:SignatureValue>OZBdrJ4ucWbfdTJIFd6thEtyaBH3OshqVHEmPDlaaoqFXqD4dHJCUWR9KMjcJ1gozFEe1aVM4Ju7 > > > w2jJdSa4CKLgX2xf5dIdUkoH1+ck68hYBT7zfYj3sivctxRwLh2PwuI8qTrUB2ya1vw5X9vsPp2z > > f0nfnO3NoOHScDa1ZcI=</ds:SignatureValue> > > <ds:KeyInfo Id="KI-5ED3F58FF83785A1E613401010446952"> > > <wsse:SecurityTokenReference > wsu:Id="STR-5ED3F58FF83785A1E613401010446963"> > > <wsse:Reference URI="#X509-5ED3F58FF83785A1E613401010446741" > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > "/> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > </wsse:Security> > > <fooHeader> > > <s:Body wsu:Id="id-1" xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > > <ns1:sampleValue xmlns:ns1="urn:tiani-spirit:test"> > > this is a value > > </ns1:sampleValue> > > </s:Body> > > </fooHeader> > > </s:Header> > > <Body xmlns="http://www.w3.org/2003/05/soap-envelope";> > > <sampleValue xmlns="urn:tiani-spirit:test">This is another one, > FAKED</sampleValue> > > </Body> > > </s:Envelope> > > > > > -- > Massimiliano Masi > > http://www.mascanc.net/~max > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
