Hmm, interesting. I've tried building axis2/c and rampart/c from source, but at present I'm not having much luck -- under linux automake seems to be failing for some reason.
For now however, I've attached the code I'm using, perhaps you could look over it to see if I've done anything odd? Or perhaps even better, is it possible for you to send me the entire code you used to test it? Policy.xml/axis2.xml/.c files etc..? One thing to note, is that even with the WSFC 1.0 release, and the example "samples/rampart/client/sec_echo" with my policy.xml file I'm still not getting a signed body, though oddly the first element within Body is getting signed. I don't suppose there are nightly builds available of axis2/c, rampart/c etc..? Thanks very much, Jamie -----Original Message----- From: Kaushalye Kapuruge [mailto:[EMAIL PROTECTED] Sent: 26 July 2007 13:17 To: Apache AXIS C Developers List Subject: Re: [Rampart/C] Signing the body Hi Jamie, I tried your scenario "with an empty body" and it worked fine for me. You should be able to see an id is added to your body element as follows. <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> ..... <soapenv:Body u:Id="SigID-09d3faf2-3b71-1dc1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur ity-utility-1.0.xsd"></soapenv:Body> </soapenv:Envelope> May be you can get the latest check-out from the svn[1] and give a try. Cheers, Kaushalye [1]http://svn.apache.org/repos/asf/webservices/rampart/trunk/c Kaushalye Kapuruge wrote: > Hi Jamie, > Seems your policy configurations are correct. Could you please send us > the log file, and a trace of signed message? We haven't tested signing > an empty body, which is an interesting scenario :). > Cheers, > Kaushalye > [1]http://svn.apache.org/repos/asf/webservices/rampart/trunk/c > > Jamie Lyon wrote: >> >> Hi, >> >> I am using Axis2/C to try and send secure messages to a pre-existing >> service. >> >> One of the requirements of this service is that there are a certain >> amount of security headers, and that the body is always signed. >> >> I have a policy.xml file, which I have attached to this e-mail, the >> problem is that although a security header is added, including >> timestamp, the certificate etc... it doesn't actually sign the body. An >> example of the message that will be sent by Axis2/C is included at >> the bottom of the e-mail. If I uncomment the line in the policy.xml >> "<!--sp:Header Namespace="http://www.w3.org/2005/08/addressing"/-->" >> it successfully signs the ws-addressing headers, but it still does >> not sign the body. I've tried adding a dummy element into body >> (although I don't in reality want anything there, I want the empty >> body to be signed in this particular case), to see if that makes a >> difference, but it doesn't, there's still nothing being signed. >> >> Is there anything special that you have to do apart from add sp:Body >> to the SignedParts to get the body to be signed compared to other >> elements? >> >> (I'm using the Rampart/Axis builds included in WSO2 WSF/C under >> Windows with Visual Studio 2005 Pro) >> >> Thanks, >> >> Jamie >> >> POST /gria-basic-app-services/services/DataService HTTP/1.1 >> >> User-Agent: Axis2/C >> >> SOAPAction: >> "http://www.it-innovation.soton.ac.uk/2004/grid/data/getResources"; >> >> Content-Length: 3994 >> >> Content-Type: text/xml;charset=UTF-8 >> >> Host: fiuza.it-innovation.soton.ac.uk:9090 >> >> <soapenv:Envelope >> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> >> >> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> >> >> <wsa:To>http://fiuza.it-innovation.soton.ac.uk:9090/gria-basic-app-servi ces/services/DataService</wsa:To> >> >> >> <wsa:Action>http://www.it-innovation.soton.ac.uk/2004/grid/data/getResou rces</wsa:Action> >> >> >> <wsa:MessageID>378ebcfb-4091-4942-9fb2-9ab3548392cc</wsa:MessageID> >> >> <wsse:Security soapenv:mustUnderstand="1" >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd"> >> >> >> <wsse:BinarySecurityToken >> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so ap-message-security-1.0#Base64Binary" >> wsu:Id="CertID-e918e2c3-10f2-4fb0" >> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- token-profile-1.0#X509v3" >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd">MIID5DCCAsygAwIBAAIERoO4jzANBgkqhkiG9w0BAQUFADCBs zErMCkGCSqGSIb3DQEJARYcamxAaXQtaW5ub3ZhdGlvbi5zb3Rvbi5hYy51azELMAkGA1UEB hMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEUMBIGA1UEBxMLU291dGhhbXB0b24xHTAbBgNVB AoTFElUIElubm92YXRpb24gQ2VudHJlMRIwEAYDVQQLEwlUZWNoU3VpdGUxGjAYBgNVBAMTE WdTT0FQIFRlc3QgQ2xpZW50MB4XDTA3MDYyODEzMzMwM1oXDTA4MDYyNzEzMzMwM1owgbMxK zApBgkqhkiG9w0BCQEWHGpsQGl0LWlubm92YXRpb24uc290b24uYWMudWsxCzAJBgNVBAYTA lVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxFDASBgNVBAcTC1NvdXRoYW1wdG9uMR0wGwYDVQQKE xRJVCBJbm5vdmF0aW9uIENlbnRyZTESMBAGA1UECxMJVGVjaFN1aXRlMRowGAYDVQQDExFnU 09BUCBUZXN0IENsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0rdU+bp 6plPTHQmyAgWcUXXkB2ECW0C9IbCze0WeezQYRYByFxMvBK1kvPSxrCVxUhCu6bz4EV3OoIk 2RJhLQAJqJ9/JxQBLczp05Z7m6itodMLUZoDbixcF+bBNk5JiWbTJyv3Bcmuqn57iwX0y+7W b8IHLxnXcmmEzMS2K4f6vDPY7G+qwTzupFoC8+cKdbFOyk9I2JR0TWbq12NHgW9JZr79kzHE oV3p/4s53B5kagMukFkwmcj/GDRMSMfXqnkUc4WlwaRvYrxFI5RjEFjTtwYApBWJcYZ0kYnP kuBQ65XD9cDddrlPYF+w1Ks8WFc671S+xYrKnyftfxKvicCAwEAATANBgkqhkiG9w0BAQUFA AOCAQEAMezs42UH3LJhzIkTt2VqCKnU39P8DpPqHSqiFwKB7gPcadGjBHp3d0Akm/1F+bea/ 25PMfwJR5vSrcny1qFBN41EwlDgyFCecCaLDeg/HxwTcu/sxGq3m9SkaHv/ETk7xRmT4Uz0V IK2uZbNOzPzo6nzLwbsturbr2dD/qxkdplH5dp3h0xGMiY5H1/QWs/bKLwXpNngYvpIu17I2 EEZdcPmVZFgcWzV9QXjzAjzC98qxK4gMH35vrhoZvatd2rbCR2Wm+j44wR2W4zof65oVfiyO +p5iamPY7Ncd3M9o1LRrRN0HWg0pNg87tr9l1HzLhZqRGwP9BIp9+2EvWWvEg==</wsse:Bi narySecurityToken> >> >> >> <wsu:Timestamp wsu:Id="SigID-79fe769b-02cd-4dca" >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd"> >> >> >> <wsu:Created>2007-07-26T11:28:43.366Z</wsu:Created> >> >> <wsu:Expires>2007-07-26T11:34:43.366Z</wsu:Expires> >> >> </wsu:Timestamp> >> >> <ds:Signature Id="SigID-847a76bc-a745-4cdf" >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >> >> <ds:SignedInfo> >> >> <ds:CanonicalizationMethod >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> >> >> </ds:CanonicalizationMethod> >> >> <ds:SignatureMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";> >> >> </ds:SignatureMethod> >> >> <ds:Reference URI="#SigID-79fe769b-02cd-4dca"> >> >> <ds:Transforms> >> >> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> >> >> </ds:Transform> >> >> </ds:Transforms> >> >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";> >> >> </ds:DigestMethod> >> >> <ds:DigestValue>D/w5TtiyibRvsbid6gVZF8jGZ7w=</ds:DigestValue> >> >> </ds:Reference> >> >> </ds:SignedInfo> >> >> <ds:SignatureValue>SiY7Z9bgiOpDQEksOqjTWpki0KvUCMHgz9YswcQzOZF0K874uvPfA U4VtvaV/FUfK+Grq4UV7rJ/QFGX6iSAxXm0DoFPULVN9ge6Jc+N9yuGddk51MBcxun5rv9sp y9w/OGwFpAlIdQQW0+paexMYncgJJkV1awuvCmoeE1zfKDHcyr2CjBnb8GGH733GWihLbf3N u4V4CgdhMglEYOJ8yNVF6Kr/Y/LzTaY/cazqYarGrro9bJq11vGcW27QeHlKSkRa8wuIjgHr wXdmdUctVVcWQKoJIpO5nMNGp4wvdZxSmOeI6p+oU0tyfEXF6XQZ/zpqRL33NmjV1h4bvQxw Q==</ds:SignatureValue> >> >> >> <ds:KeyInfo> >> >> <wsse:SecurityTokenReference >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd"> >> >> >> <wsse:Reference URI="#CertID-e918e2c3-10f2-4fb0" >> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- token-profile-1.0#X509v3"> >> >> >> </wsse:Reference> >> >> </wsse:SecurityTokenReference> >> >> </ds:KeyInfo> >> >> </ds:Signature> >> >> </wsse:Security> >> >> </soapenv:Header> >> >> <soapenv:Body> >> >> </soapenv:Body> >> >> </soapenv:Envelope> >> >> ------------------------------------------------------------------------ >> >> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> >> <wsp:ExactlyOne> >> <wsp:All> >> <sp:AsymmetricBinding >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> <wsp:Policy> >> <sp:InitiatorToken> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/AlwaysToRecipient"> >> >> <wsp:Policy> >> <sp:WssX509V3Token10/> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:InitiatorToken> >> <sp:RecipientToken> >> <wsp:Policy> >> <sp:X509Token >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/Never"> >> >> <wsp:Policy> >> <sp:WssX509V3Token10/> >> </wsp:Policy> >> </sp:X509Token> >> </wsp:Policy> >> </sp:RecipientToken> >> <sp:AlgorithmSuite> >> <wsp:Policy> >> <sp:Basic256Rsa15/> >> </wsp:Policy> >> </sp:AlgorithmSuite> >> <sp:Layout> >> <wsp:Policy> >> <sp:Strict/> >> </wsp:Policy> >> </sp:Layout> >> <sp:IncludeTimestamp/> >> </wsp:Policy> >> </sp:AsymmetricBinding> >> <sp:Wss10 >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> <wsp:Policy> >> <sp:MustSupportRefKeyIdentifier/> >> <sp:MustSupportRefEmbeddedToken/> >> <sp:MustSupportRefIssuerSerial/> >> </wsp:Policy> >> </sp:Wss10> >> <sp:SignedParts >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> <sp:Body/> >> <!--sp:Header >> Namespace="http://www.w3.org/2005/08/addressing"/--> >> </sp:SignedParts> >> <rampc:RampartConfig >> xmlns:rampc="http://ws.apache.org/rampart/c/policy";> >> <rampc:TimeToLive>360</rampc:TimeToLive> >> >> <rampc:ReceiverCertificate>C:\cacert.pem</rampc:ReceiverCertificate> >> <rampc:Certificate>C:\mycert.pem</rampc:Certificate> >> <rampc:PrivateKey>C:\mykey.pem</rampc:PrivateKey> >> </rampc:RampartConfig> >> </wsp:All> >> </wsp:ExactlyOne> >> </wsp:Policy> >> >> ------------------------------------------------------------------------ >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > -- http://kaushalye.blogspot.com/ http://wso2.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
wsfc_gria.cpp
Description: wsfc_gria.cpp
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
