You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2013/07/26 12:01:53 UTC
[jira] [Resolved] (WSS-473) BST signature element
[ https://issues.apache.org/jira/browse/WSS-473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-473.
-------------------------------------
Resolution: Fixed
> BST signature element
> ---------------------
>
> Key: WSS-473
> URL: https://issues.apache.org/jira/browse/WSS-473
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6.11
> Reporter: Stéphane CIZERON
> Assignee: Colm O hEigeartaigh
> Labels: BST, signature
> Fix For: 1.6.12
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> In the 1.5.x versions, when we wanted to sign the BST, we used a special keyword 'Token' and the signed element was the BST.
> In 1.6.x, the Token keyword doesn' t exist anymore, When the Token is used, a general security error is raised (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Token).
> If we use STRTransform, the validation fails because the signed element is the SecurityTokenReference and not the BST.
> if we use {}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken as WSEncryptionPart, we have the same general error => element not found. I check the SingatureAction.java, the BST is appended at the end whereas if it was appened just after the prepare method (line 70), the last issue is OK.
> I tested it and it works, the validation BST signature is OK.
> wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
> wsSign.prependBSTElementToHeader(reqData.getSecHeader());
>
> Could you tell me first if it's a correct workaround?
> And in the second time, if the correction could be packaged in the 1.6.12 quickly ?
> Best regards
> Stéphane
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org