You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ja...@uk.bnpparibas.com on 2010/04/26 12:57:51 UTC
Re: BLU142-W35BDE9B20F8412C8297DCCAE080 () phx ! gbl
Hi Martin,
Thanks for your response
(http://marc.info/?l=rampart-dev&m=127195081332658&w=2)
I've reviewed the source code for the file you mentioned:
org.apache.rahas.impl.util.SAML2Utils.java getSAML2KeyInfo()
I've noticed some differences between this file and the SAMLUtil used by
Rampart but the section of code which is currently failing appears to be
the same in both files:
This snippet from Rahas...
// If an authn stmt is presentm then it has a public key.
else if (authnStmt != null) {
X509Certificate[] certs = null;
try {
KeyInfo ki = new KeyInfo(keyInfoElement, null);
if (ki.containsX509Data()) {
X509Data data = ki.itemX509Data(0);
XMLX509Certificate certElem = null;
if (data != null &&
data.containsCertificate()) {
certElem = data.itemCertificate(0);
}
if (certElem != null) {
X509Certificate cert =
certElem.getX509Certificate();
certs = new X509Certificate[1];
certs[0] = cert;
return new SAML2KeyInfo(assertion, certs);
}
}
This snippet from Rampart...
} else if (stmt instanceof SAMLAuthenticationStatement) {
SAMLAuthenticationStatement authStmt =
(SAMLAuthenticationStatement)stmt;
SAMLSubject samlSubj = authStmt.getSubject();
if (samlSubj == null) {
throw new
WSSecurityException(WSSecurityException.FAILURE,
"invalidSAMLToken", new Object[]{"for
Signature (no Subject)"});
}
Element e = samlSubj.getKeyInfo();
X509Certificate[] certs = null;
try {
KeyInfo ki = new KeyInfo(e, null);
if (ki.containsX509Data()) {
X509Data data = ki.itemX509Data(0);
XMLX509Certificate certElem = null;
if (data != null &&
data.containsCertificate()) {
certElem = data.itemCertificate(0);
}
if (certElem != null) {
X509Certificate cert =
certElem.getX509Certificate();
certs = new X509Certificate[1];
certs[0] = cert;
return new SAMLKeyInfo(assertion, certs);
}
}
Is there anything else you can suggest that I can try to find the
resolution to this issue?
Many thanks,
Jason
___________________________________________________________
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is prohibited.
Please refer to http://www.bnpparibas.co.uk/en/information/legal_information.asp?Code=ECAS-845C5H for additional disclosures.
RE: BLU142-W35BDE9B20F8412C8297DCCAE080 () phx ! gbl
Posted by Martin Gainty <mg...@hotmail.com>.
Hi jason-
lets assume the rampart andf wss4j code works and the fault is in the SAML policy we are using
i would suggest starting with a base testcase that works e.g.
(i assume you have a jks created already which you can supply into the org.apache.ws.security.crypto.merlin.file)
so the interop.properties would contain:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.file=interop2.jks
saml.properties might contain:
org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.WSSSAMLIssuerImpl
org.apache.ws.security.saml.issuerCryptoProp.file=crypto.properties
org.apache.ws.security.saml.issuer=www.example.com
org.apache.ws.security.saml.subjectNameId.name=uid=joe,ou=people,ou=saml-demo,o=example.com
org.apache.ws.security.saml.subjectNameId.qualifier=www.example.com
org.apache.ws.security.saml.authenticationMethod=password
org.apache.ws.security.saml.confirmationMethod=senderVouches
#org.apache.ws.security.saml.confirmationMethod=keyHolder
#org.apache.ws.security.saml
#org.apache.ws.security.saml
//notice SAMLAssertion takes 3 mandatory attributes
String issuer =properties.getProperty("org.apache.ws.security.saml.issuer");
String name =properties.getProperty("org.apache.ws.security.saml.subjectNameId.name");
String qualifier=properties.getProperty("org.apache.ws.security.saml.subjectNameId.qualifier");
//he also looks for authenticationMethod later on to reference in properties.getProperty("org.apache.ws.security.saml.authenticationMethod"))
//here is the Rampart testCase you want to run to verify your SAML configuration is correct
org.apache.rampart.handler.config.OutflowConfigurationTest
public class OutflowConfigurationTest extends TestCase {
public OutflowConfigurationTest() {
super();
}
public OutflowConfigurationTest(String name) {
super(name);
}
/**
* This sets all the possible properties that can be set with
* the outflow configuration
*/
public void testGetProperty() {
OutflowConfiguration ofc = new OutflowConfiguration();
String actionItems = "Timestamp Signature Encrypt";
String user = "alice";
String pwcb = "org.apache.axis2.security.PWCallback";
String sigKeyId = "interop.properties";
String sigParts = "{Element}{http://schemas.xmlsoap.org/ws/2004/08/"
+ "addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/"
+ "2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
String optimizeParts = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
String embeddedKeyCallbackClass = "org.apache.axis2.security.PWCallback";
String encrUser = "bob";
String samlPropFile = "saml.properties";
String sigPropFile = "sig.properties"; //usually null
String encPropFile = "enc.properties";
// Setting the properties in the ofc
ofc.setActionItems(actionItems);
ofc.setUser(user);
ofc.setPasswordCallbackClass(pwcb);
ofc.setSignatureKeyIdentifier(sigKeyId);
ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER); //SKIKeyIdentifier
ofc.setSignatureParts(sigParts);
ofc.setOptimizeParts(optimizeParts);
ofc.setEmbeddedKeyCallbackClass(embeddedKeyCallbackClass);
ofc.setEncryptionKeyTransportAlgorithm(WSConstants.KEYTRANSPORT_RSA15); //XMLConstants.XMLENC_NS + "rsa-1_5"
ofc.setEncryptionSymAlgorithm(WSConstants.AES_128); //XMLConstants.XMLENC_NS + "aes128-cbc" ofc.setEncryptionUser(encrUser);
ofc.setPasswordType(WSConstants.PW_DIGEST); //"PasswordDigest"
ofc.setSamlPropFile(samlPropFile);
ofc.setSignaturePropFile(sigPropFile);
ofc.setEncryptionPropFile(encPropFile);
// Check whether the props are there
assertTrue("Action items missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSSHandlerConstants.ACTION_ITEMS + ">"
+ actionItems + "</"
+ WSSHandlerConstants.ACTION_ITEMS + ">"));
assertTrue("User missing", -1 < ofc.getProperty().getParameterElement().toString().indexOf(
"<" + WSHandlerConstants.USER + ">" + user + "</"
+ WSHandlerConstants.USER + ">"));
assertTrue("passwordCallbackClass missing", -1 < ofc.getProperty().getParameterElement()
.toString().indexOf(
"<" + WSHandlerConstants.PW_CALLBACK_CLASS + ">" + pwcb
+ "</" + WSHandlerConstants.PW_CALLBACK_CLASS
+ ">"));
assertTrue("sigKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.SIG_KEY_ID + ">" + sigKeyId
+ "</" + WSHandlerConstants.SIG_KEY_ID + ">"));
assertTrue("encKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.ENC_KEY_ID + ">"
+ WSSHandlerConstants.SKI_KEY_IDENTIFIER + "</"
+ WSHandlerConstants.ENC_KEY_ID + ">"));
assertTrue("signature parts missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.SIGNATURE_PARTS + ">"
+ sigParts + "</"
+ WSHandlerConstants.SIGNATURE_PARTS + ">"));
assertTrue("optimize parts missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSSHandlerConstants.OPTIMIZE_PARTS + ">"
+ optimizeParts + "</"
+ WSSHandlerConstants.OPTIMIZE_PARTS + ">"));
assertTrue("EmbeddedKeyCallbackClass missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.ENC_CALLBACK_CLASS + ">"
+ embeddedKeyCallbackClass + "</"
+ WSHandlerConstants.ENC_CALLBACK_CLASS + ">"));
assertTrue("encryptionKeyTransportAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.ENC_KEY_TRANSPORT + ">"
+ WSConstants.KEYTRANSPORT_RSA15 + "</"
+ WSHandlerConstants.ENC_KEY_TRANSPORT + ">"));
assertTrue("encryptionSymAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.ENC_SYM_ALGO + ">"
+ WSConstants.AES_128 + "</"
+ WSHandlerConstants.ENC_SYM_ALGO + ">"));
assertTrue("encrUser missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.ENCRYPTION_USER + ">"
+ encrUser + "</"
+ WSHandlerConstants.ENCRYPTION_USER + ">"));
assertTrue("passwordType missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.PASSWORD_TYPE + ">"
+ WSConstants.PW_DIGEST + "</"
+ WSHandlerConstants.PASSWORD_TYPE + ">"));
assertTrue("samlPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.SAML_PROP_FILE + ">"
+ samlPropFile + "</"
+ WSHandlerConstants.SAML_PROP_FILE + ">"));
assertTrue("sigPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.SIG_PROP_FILE + ">"
+ sigPropFile + "</"
+ WSHandlerConstants.SIG_PROP_FILE + ">"));
assertTrue("encPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
.indexOf(
"<" + WSHandlerConstants.ENC_PROP_FILE + ">"
+ encPropFile + "</"
+ WSHandlerConstants.ENC_PROP_FILE + ">"));
}
..let me know if the indidviudal parameters pass for you or if so we can refactor the rampart-binding.xml i would start with this one from rampart....
..notice these are declarator representations of the elements we have just processed...
<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
/*
* Copyright 2004,2005 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.rampart;
import org.apache.axis2.context.MessageContext;
import org.apache.neethi.Policy;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.conversation.ConversationConstants;
import javax.xml.namespace.QName;
import java.util.ArrayList;
public class AsymmetricBindingBuilderTest extends MessageBuilderTestBase {
public static void main(String[] args) throws Exception {
//in each case
// Policy policy = this.loadPolicy(policyXml); a xml policy is read in
// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy); the context associates the policy with RampartmessageData
// MessageBuilder builder = new MessageBuilder(); a messageBuilder is build
// builder.build(ctx); the builder will build the elements from the context
testAsymmBinding();
testAsymmBindingServerSide();
testAsymmBindingWithSigDK(); //signed derived key
testAsymmBindingWithDK(); //plain derived key
testAsymmBindingWithDKEncrBeforeSig(); //encrypted derived key before sign
testAsymmBindingEncrBeforeSig(); //encrypted before sign
testAsymmBindingTripleDesRSA15(); //using RSA15
testAsymmBindingTripleDesRSA15DK(); //using RSA15 on derived key
}
public void testAsymmBinding() {
try {
MessageContext ctx = getMsgCtx();
String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
public void testAsymmBindingServerSide() {
try {
MessageContext ctx = getMsgCtx();
ctx.setServerSide(true);
String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
public void testAsymmBindingWithSigDK() {
try {
MessageContext ctx = getMsgCtx();
String policyXml = "test-resources/policy/rampart-asymm-binding-2-sig-dk.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
public void testAsymmBindingWithDK() {
try {
MessageContext ctx = getMsgCtx();
String policyXml = "test-resources/policy/rampart-asymm-binding-3-dk.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
public void testAsymmBindingWithDKEncrBeforeSig() {
try {
MessageContext ctx = getMsgCtx();
String policyXml = "test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
public void testAsymmBindingEncrBeforeSig() {
try {
MessageContext ctx = getMsgCtx();
String policyXml = "test-resources/policy/rampart-asymm-binding-5-ebs.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
public void testAsymmBindingTripleDesRSA15() {
try {
MessageContext ctx = getMsgCtx();
String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
public void testAsymmBindingTripleDesRSA15DK() {
try {
MessageContext ctx = getMsgCtx();
String policyXml = "test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml";
Policy policy = this.loadPolicy(policyXml);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
MessageBuilder builder = new MessageBuilder();
builder.build(ctx);
ArrayList list = new ArrayList();
list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
list.add(new QName(WSConstants.WSSE_NS,WSConstants.BINARY_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
}
}
}
is this methodology clear?
Martin Gainty
______________________________________________
Note de déni et de confidentialité
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> To: rampart-dev@ws.apache.org
> Subject: Re: BLU142-W35BDE9B20F8412C8297DCCAE080 () phx ! gbl
> From: jason.rattos@uk.bnpparibas.com
> Date: Mon, 26 Apr 2010 11:57:51 +0100
>
> Hi Martin,
>
> Thanks for your response
> (http://marc.info/?l=rampart-dev&m=127195081332658&w=2)
>
> I've reviewed the source code for the file you mentioned:
> org.apache.rahas.impl.util.SAML2Utils.java getSAML2KeyInfo()
>
> I've noticed some differences between this file and the SAMLUtil used by
> Rampart but the section of code which is currently failing appears to be
> the same in both files:
>
> This snippet from Rahas...
>
> // If an authn stmt is presentm then it has a public key.
> else if (authnStmt != null) {
>
> X509Certificate[] certs = null;
> try {
> KeyInfo ki = new KeyInfo(keyInfoElement, null);
>
> if (ki.containsX509Data()) {
> X509Data data = ki.itemX509Data(0);
> XMLX509Certificate certElem = null;
> if (data != null &&
> data.containsCertificate()) {
> certElem = data.itemCertificate(0);
> }
> if (certElem != null) {
> X509Certificate cert =
> certElem.getX509Certificate();
> certs = new X509Certificate[1];
> certs[0] = cert;
> return new SAML2KeyInfo(assertion, certs);
> }
> }
>
>
>
> This snippet from Rampart...
>
> } else if (stmt instanceof SAMLAuthenticationStatement) {
> SAMLAuthenticationStatement authStmt =
> (SAMLAuthenticationStatement)stmt;
> SAMLSubject samlSubj = authStmt.getSubject();
> if (samlSubj == null) {
> throw new
> WSSecurityException(WSSecurityException.FAILURE,
> "invalidSAMLToken", new Object[]{"for
> Signature (no Subject)"});
> }
>
> Element e = samlSubj.getKeyInfo();
> X509Certificate[] certs = null;
> try {
> KeyInfo ki = new KeyInfo(e, null);
>
> if (ki.containsX509Data()) {
> X509Data data = ki.itemX509Data(0);
> XMLX509Certificate certElem = null;
> if (data != null &&
> data.containsCertificate()) {
> certElem = data.itemCertificate(0);
> }
> if (certElem != null) {
> X509Certificate cert =
> certElem.getX509Certificate();
> certs = new X509Certificate[1];
> certs[0] = cert;
> return new SAMLKeyInfo(assertion, certs);
> }
> }
>
>
>
> Is there anything else you can suggest that I can try to find the
> resolution to this issue?
>
> Many thanks,
> Jason
>
>
> ___________________________________________________________
> This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is prohibited.
>
> Please refer to http://www.bnpparibas.co.uk/en/information/legal_information.asp?Code=ECAS-845C5H for additional disclosures.
_________________________________________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2