You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2008/01/10 12:44:34 UTC
[jira] Assigned: (RAMPART-125) Encryption of SOAP Headers broken
[ https://issues.apache.org/jira/browse/RAMPART-125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-125:
--------------------------------------------------
Assignee: Nandana Mihindukulasooriya
> Encryption of SOAP Headers broken
> ---------------------------------
>
> Key: RAMPART-125
> URL: https://issues.apache.org/jira/browse/RAMPART-125
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.1, 1.2, 1.3
> Environment: Linux/JDK 1.5
> Reporter: Harsha Venkataramu
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.3
>
>
> Right now, only signing of SOAP headers seems to work. EncryptionOnly, SignBeforeEncrypting and EncryptBeforeSiging are all broken. Basically, the issue seems to be that, when encrypting a header, Rampart ends up replacing the entire header with the <EncryptedData> element. As per my understanding (which could be wrong!), only the "content" of the header should be replaced by <EncryptedData>, going by this:
> http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#EncryptedHeaders
> Here is the policy I used:
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/09/policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256Rsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:EncryptBeforeSigning />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Header Name="Header1" Namespace="http://www.foo.com" />
> <sp:Header Name="Header2" Namespace="http://www.foo.com" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Header Name="Header1" Namespace="http://www.foo.com" />
> <sp:Header Name="Header2" Namespace="http://www.foo.com" />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.