Hi,
I am using Axis2/C to try and send secure messages to a pre-existing service. One of the requirements of this service is that there are a certain amount of security headers, and that the body is always signed. I have a policy.xml file, which I have attached to this e-mail, the problem is that although a security header is added, including timestamp, the certificate etc... it doesn't actually sign the body. An example of the message that will be sent by Axis2/C is included at the bottom of the e-mail. If I uncomment the line in the policy.xml "<!--sp:Header Namespace="http://www.w3.org/2005/08/addressing"/-->" it successfully signs the ws-addressing headers, but it still does not sign the body. I've tried adding a dummy element into body (although I don't in reality want anything there, I want the empty body to be signed in this particular case), to see if that makes a difference, but it doesn't, there's still nothing being signed. Is there anything special that you have to do apart from add sp:Body to the SignedParts to get the body to be signed compared to other elements? (I'm using the Rampart/Axis builds included in WSO2 WSF/C under Windows with Visual Studio 2005 Pro) Thanks, Jamie POST /gria-basic-app-services/services/DataService HTTP/1.1 User-Agent: Axis2/C SOAPAction: "http://www.it-innovation.soton.ac.uk/2004/grid/data/getResources"; Content-Length: 3994 Content-Type: text/xml;charset=UTF-8 Host: fiuza.it-innovation.soton.ac.uk:9090 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:To>http://fiuza.it-innovation.soton.ac.uk:9090/gria-basic-app-servi ces/services/DataService</wsa:To> <wsa:Action>http://www.it-innovation.soton.ac.uk/2004/grid/data/getResou rces</wsa:Action> <wsa:MessageID>378ebcfb-4091-4942-9fb2-9ab3548392cc</wsa:MessageID> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so ap-message-security-1.0#Base64Binary" wsu:Id="CertID-e918e2c3-10f2-4fb0" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd">MIID5DCCAsygAwIBAAIERoO4jzANBgkqhkiG9w0BAQUFADCBs zErMCkGCSqGSIb3DQEJARYcamxAaXQtaW5ub3ZhdGlvbi5zb3Rvbi5hYy51azELMAkGA1UEB hMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEUMBIGA1UEBxMLU291dGhhbXB0b24xHTAbBgNVB AoTFElUIElubm92YXRpb24gQ2VudHJlMRIwEAYDVQQLEwlUZWNoU3VpdGUxGjAYBgNVBAMTE WdTT0FQIFRlc3QgQ2xpZW50MB4XDTA3MDYyODEzMzMwM1oXDTA4MDYyNzEzMzMwM1owgbMxK zApBgkqhkiG9w0BCQEWHGpsQGl0LWlubm92YXRpb24uc290b24uYWMudWsxCzAJBgNVBAYTA lVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxFDASBgNVBAcTC1NvdXRoYW1wdG9uMR0wGwYDVQQKE xRJVCBJbm5vdmF0aW9uIENlbnRyZTESMBAGA1UECxMJVGVjaFN1aXRlMRowGAYDVQQDExFnU 09BUCBUZXN0IENsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0rdU+bp 6plPTHQmyAgWcUXXkB2ECW0C9IbCze0WeezQYRYByFxMvBK1kvPSxrCVxUhCu6bz4EV3OoIk 2RJhLQAJqJ9/JxQBLczp05Z7m6itodMLUZoDbixcF+bBNk5JiWbTJyv3Bcmuqn57iwX0y+7W b8IHLxnXcmmEzMS2K4f6vDPY7G+qwTzupFoC8+cKdbFOyk9I2JR0TWbq12NHgW9JZr79kzHE oV3p/4s53B5kagMukFkwmcj/GDRMSMfXqnkUc4WlwaRvYrxFI5RjEFjTtwYApBWJcYZ0kYnP kuBQ65XD9cDddrlPYF+w1Ks8WFc671S+xYrKnyftfxKvicCAwEAATANBgkqhkiG9w0BAQUFA AOCAQEAMezs42UH3LJhzIkTt2VqCKnU39P8DpPqHSqiFwKB7gPcadGjBHp3d0Akm/1F+bea/ 25PMfwJR5vSrcny1qFBN41EwlDgyFCecCaLDeg/HxwTcu/sxGq3m9SkaHv/ETk7xRmT4Uz0V IK2uZbNOzPzo6nzLwbsturbr2dD/qxkdplH5dp3h0xGMiY5H1/QWs/bKLwXpNngYvpIu17I2 EEZdcPmVZFgcWzV9QXjzAjzC98qxK4gMH35vrhoZvatd2rbCR2Wm+j44wR2W4zof65oVfiyO +p5iamPY7Ncd3M9o1LRrRN0HWg0pNg87tr9l1HzLhZqRGwP9BIp9+2EvWWvEg==</wsse:Bi narySecurityToken> <wsu:Timestamp wsu:Id="SigID-79fe769b-02cd-4dca" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd"> <wsu:Created>2007-07-26T11:28:43.366Z</wsu:Created> <wsu:Expires>2007-07-26T11:34:43.366Z</wsu:Expires> </wsu:Timestamp> <ds:Signature Id="SigID-847a76bc-a745-4cdf" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";> </ds:SignatureMethod> <ds:Reference URI="#SigID-79fe769b-02cd-4dca"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";> </ds:DigestMethod> <ds:DigestValue>D/w5TtiyibRvsbid6gVZF8jGZ7w=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>SiY7Z9bgiOpDQEksOqjTWpki0KvUCMHgz9YswcQzOZF0K874uvPfA U4VtvaV/FUfK+Grq4UV7rJ/QFGX6iSAxXm0DoFPULVN9ge6Jc+N9yuGddk51MBcxun5rv9sp y9w/OGwFpAlIdQQW0+paexMYncgJJkV1awuvCmoeE1zfKDHcyr2CjBnb8GGH733GWihLbf3N u4V4CgdhMglEYOJ8yNVF6Kr/Y/LzTaY/cazqYarGrro9bJq11vGcW27QeHlKSkRa8wuIjgHr wXdmdUctVVcWQKoJIpO5nMNGp4wvdZxSmOeI6p+oU0tyfEXF6XQZ/zpqRL33NmjV1h4bvQxw Q==</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd"> <wsse:Reference URI="#CertID-e918e2c3-10f2-4fb0" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- token-profile-1.0#X509v3"> </wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body> </soapenv:Body> </soapenv:Envelope>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefEmbeddedToken/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> <!--sp:Header Namespace="http://www.w3.org/2005/08/addressing"/--> </sp:SignedParts> <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy";> <rampc:TimeToLive>360</rampc:TimeToLive> <rampc:ReceiverCertificate>C:\cacert.pem</rampc:ReceiverCertificate> <rampc:Certificate>C:\mycert.pem</rampc:Certificate> <rampc:PrivateKey>C:\mykey.pem</rampc:PrivateKey> </rampc:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
