You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-c-dev@ws.apache.org by "S.Uthaiyashankar (JIRA)" <ji...@apache.org> on 2008/08/26 06:33:44 UTC
[jira] Closed: (RAMPARTC-115) When receipient token inclusion is
"Always" in assymetric binding, created SecurityTokenReference is wrong.
[ https://issues.apache.org/jira/browse/RAMPARTC-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
S.Uthaiyashankar closed RAMPARTC-115.
-------------------------------------
> When receipient token inclusion is "Always" in assymetric binding, created SecurityTokenReference is wrong.
> -----------------------------------------------------------------------------------------------------------
>
> Key: RAMPARTC-115
> URL: https://issues.apache.org/jira/browse/RAMPARTC-115
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: Current
> Environment: N/A
> Reporter: S.Uthaiyashankar
> Assignee: S.Uthaiyashankar
> Fix For: 1.3.0
>
>
> in the message given below, security token reference of encrypted key is
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="CertID-ef72cfd5-475f-4a07" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference>
> </wsse:SecurityTokenReference>
> Note that, wsse:Reference URI should have prefix "#".
> ============== Message ==================
> <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope">
> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
> <wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigID-4e5c4af5-c7d3-47d7">http://localhost:9090/axis2/services/sec_echo</wsa:To>
> <wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigID-cef21974-4a88-461d">http://example.com/ws/2004/09/policy/Test/EchoRequest</wsa:Action>
> <wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigID-5376460f-811f-4497">urn:uuid:f5ff00fa-6ff4-4329-83da-571fe67f62d7</wsa:MessageID>
> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="CertID-ef72cfd5-475f-4a07" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDCjCCAfKgAwIBAgIQYDju2/6sm77InYfTq65x+DANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQDEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQwwCgYDVQQDDANCb2IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCquMva4lFDrv3fXQnKK8CkSU7HvVZ0USyJtlL/yhmHH/FQXHyYY+fTcSyWYItWJYiTZ99PAbD+6EKBGbdfuJNUJCGaTWc5ZDUISqM/SGtacYe/PD/4+g3swNPzTUQAIBLRY1pkr2cm3s5Ch/f+mYVNBR41HnBeIxybw25kkoM7AgMBAAGjgZMwgZAwCQYDVR0TBAIwADAzBgNVHR8ELDAqMCiiJoYkaHR0cDovL2ludGVyb3AuYmJ0ZXN0Lm5ldC9jcmwvY2EuY3JsMA4GA1UdDwEB/wQEAwIEsDAdBgNVHQ4EFgQUXeg55vRyK3ZhAEhEf+YT0z986L0wHwYDVR0jBBgwFoAUwJ0o/MHrNaEd1qqqoBwaTcJJDw8wDQYJKoZIhvcNAQEFBQADggEBAIiVGv2lGLhRvmMAHSlY7rKLVkv+zEUtSyg08FBT8z/RepUbtUQShcIqwWsemDU8JVtsucQLc+g6GCQXgkCkMiC8qhcLAt3BXzFmLxuCEAQeeFe8IATr4wACmEQE37TEqAuWEIanPYIplbxYgwP0OBWBSjcRpKRAxjEzuwObYjbll6vKdFHYIweWhhWPrefquFp7TefTkF4D3rcctTfWJ76I5NrEVld+7PBnnJNpdDEuGsoaiJrwTW3Ixm40RXvG3fYS4hIAPeTCUk3RkYfUkqlaaLQnUrF2hZSgiBNLPe8gGkYORccRIlZCGQDEpcWl1Uf9OHw6fC+3hkqolFd5CVI=</wsse:BinarySecurityToken>
> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="CertID-9f9ae418-ba7a-480b" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35YbpikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken>
> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigID-a43d12ba-525b-46e7">
> <wsu:Created>2008-07-08T13:04:06.296Z</wsu:Created>
> <wsu:Expires>2008-07-08T13:10:06.296Z</wsu:Expires>
> </wsu:Timestamp>
> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigID-90bbc3a6-040b-45a5">
> <wsse:Username>Alice</wsse:Username>
> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">diYTHs40M6aL/g0T6kpdGBTZvPk=</wsse:Password>
> <wsse:Nonce>cLCtPT1u6nbu+vie5F47DWFUfZ9Ulm0C</wsse:Nonce>
> <wsu:Created>2008-07-08T13:04:06.781Z</wsu:Created>
> </wsse:UsernameToken>
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"></xenc:EncryptionMethod>
> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="CertID-ef72cfd5-475f-4a07" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue>puejnCf13ltylWKz1vtkDp5j76cSPRTcr2359jYuqw6SAlkdXwxgt+7MuDJ6k3uIhJdxv7K5c9cjivmf/mB1bKHisHzKipBYTo6/wPVQikZ+xzJOw1YmIUDgl/cH/hCEDU3UDFRma7Dedi+DjzSq8TOUcmq/o9C6DjvObgYQjvw=</xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference URI="#EncDataID-20bd4d58-b765-463a"></xenc:DataReference>
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SigID-fb267fca-8812-44c2">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#SigID-4e5c4af5-c7d3-47d7">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>yvbKfE9Wosq4rT5gqR0wKK7UePo=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#SigID-cef21974-4a88-461d">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>aBoqTEmxWU0wuWzG4FHOneLIgck=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#SigID-5376460f-811f-4497">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>+kwOToE3KX4dpxlDhqR4yKZ0Vn8=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#SigID-9df1392b-7500-4a8a">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>Z++JioiEn93DTi5hp0aCJgurhtI=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#SigID-a43d12ba-525b-46e7">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>eH6vXpDyyqKRVjAIirZiBv00g5U=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#SigID-90bbc3a6-040b-45a5">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>Tyyog7IDnaoxLbZFor3KNLow+C0=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>biDpsHT8tz+wR5CbG7lUsWPIq2be0EhdPkZDmrOJLYmcSidLCmIVMQd9nG1q2UjNNSqNWpzOjIqX13JLQAkch47z694M+hF1uRlKHiqd8OIf5SYgRE0vY+7KImkGN86FlxaBzdc/JZdRDaG2P4Exd8fRhKw6XXlNCuU7nLoE9qs=</ds:SignatureValue>
> <ds:KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#CertID-9f9ae418-ba7a-480b" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"></wsse:Reference>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> </soapenv:Header>
> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigID-9df1392b-7500-4a8a">
> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element" Id="EncDataID-20bd4d58-b765-463a">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"></xenc:EncryptionMethod>
> <xenc:CipherData>
> <xenc:CipherValue>15wQErd/THt0HilBfF4WGZWu4deipB/jk41GLVwsXeXd+1sqXbjldzjEDL5/ccbtFgbPVSC7YXlSkzVBv0UPSqRXv3DWjrvZ35A2rGDsYoB/YBY3XWE13pBy2P3XxKQnkPy9nOqCRyX/nnNn6If6Lw==</xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </soapenv:Body></soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.