Hi Jamie,
Seems your policy configurations are correct. Could you please send us
the log file, and a trace of signed message? We haven't tested signing
an empty body, which is an interesting scenario :).
Cheers,
Kaushalye
[1]http://svn.apache.org/repos/asf/webservices/rampart/trunk/c
Jamie Lyon wrote:
Hi,
I am using Axis2/C to try and send secure messages to a pre-existing
service.
One of the requirements of this service is that there are a certain
amount of security headers, and that the body is always signed.
I have a policy.xml file, which I have attached to this e-mail, the
problem is that although a security header is added, including
timestamp, the certificate etc… it doesn’t actually sign the body. An
example of the message that will be sent by Axis2/C is included at the
bottom of the e-mail. If I uncomment the line in the policy.xml
“<!--sp:Header Namespace="http://www.w3.org/2005/08/addressing"/-->”
it successfully signs the ws-addressing headers, but it still does not
sign the body. I’ve tried adding a dummy element into body (although I
don’t in reality want anything there, I want the empty body to be
signed in this particular case), to see if that makes a difference,
but it doesn’t, there’s still nothing being signed.
Is there anything special that you have to do apart from add sp:Body
to the SignedParts to get the body to be signed compared to other
elements?
(I’m using the Rampart/Axis builds included in WSO2 WSF/C under
Windows with Visual Studio 2005 Pro)
Thanks,
Jamie
POST /gria-basic-app-services/services/DataService HTTP/1.1
User-Agent: Axis2/C
SOAPAction:
"http://www.it-innovation.soton.ac.uk/2004/grid/data/getResources";
Content-Length: 3994
Content-Type: text/xml;charset=UTF-8
Host: fiuza.it-innovation.soton.ac.uk:9090
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<wsa:To>http://fiuza.it-innovation.soton.ac.uk:9090/gria-basic-app-services/services/DataService</wsa:To>
<wsa:Action>http://www.it-innovation.soton.ac.uk/2004/grid/data/getResources</wsa:Action>
<wsa:MessageID>378ebcfb-4091-4942-9fb2-9ab3548392cc</wsa:MessageID>
<wsse:Security soapenv:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
wsu:Id="CertID-e918e2c3-10f2-4fb0"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>MIID5DCCAsygAwIBAAIERoO4jzANBgkqhkiG9w0BAQUFADCBszErMCkGCSqGSIb3DQEJARYcamxAaXQtaW5ub3ZhdGlvbi5zb3Rvbi5hYy51azELMAkGA1UEBhMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEUMBIGA1UEBxMLU291dGhhbXB0b24xHTAbBgNVBAoTFElUIElubm92YXRpb24gQ2VudHJlMRIwEAYDVQQLEwlUZWNoU3VpdGUxGjAYBgNVBAMTEWdTT0FQIFRlc3QgQ2xpZW50MB4XDTA3MDYyODEzMzMwM1oXDTA4MDYyNzEzMzMwM1owgbMxKzApBgkqhkiG9w0BCQEWHGpsQGl0LWlubm92YXRpb24uc290b24uYWMudWsxCzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxFDASBgNVBAcTC1NvdXRoYW1wdG9uMR0wGwYDVQQKExRJVCBJbm5vdmF0aW9uIENlbnRyZTESMBAGA1UECxMJVGVjaFN1aXRlMRowGAYDVQQDExFnU09BUCBUZXN0IENsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0rdU+bp6plPTHQmyAgWcUXXkB2ECW0C9IbCze0WeezQYRYByFxMvBK1kvPSxrCVxUhCu6bz4EV3OoIk2RJhLQAJqJ9/JxQBLczp05Z7m6itodMLUZoDbixcF+bBNk5JiWbTJyv3Bcmuqn57iwX0y+7Wb8IHLxnXcmmEzMS2K4f6vDPY7G+qwTzupFoC8+cKdbFOyk9I2JR0TWbq12NHgW9JZr79kzHEoV3p/4s53B5kagMukFkwmcj/GDRMSMfXqnkUc4WlwaRvYrxFI5RjEFjTtwYApBWJcYZ0kYnPkuBQ65XD9cDddrlPYF+w1Ks8WFc671S+xYrKnyftfxKvicCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAMezs42UH3LJhzIkTt2VqCKnU39P8DpPqHSqiFwKB7gPcadGjBHp3d0Akm/1F+bea/25PMfwJR5vSrcny1qFBN41EwlDgyFCecCaLDeg/HxwTcu/sxGq3m9SkaHv/ETk7xRmT4Uz0VIK2uZbNOzPzo6nzLwbsturbr2dD/qxkdplH5dp3h0xGMiY5H1/QWs/bKLwXpNngYvpIu17I2EEZdcPmVZFgcWzV9QXjzAjzC98qxK4gMH35vrhoZvatd2rbCR2Wm+j44wR2W4zof65oVfiyO+p5iamPY7Ncd3M9o1LRrRN0HWg0pNg87tr9l1HzLhZqRGwP9BIp9+2EvWWvEg==</wsse:BinarySecurityToken>
<wsu:Timestamp wsu:Id="SigID-79fe769b-02cd-4dca"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsu:Created>2007-07-26T11:28:43.366Z</wsu:Created>
<wsu:Expires>2007-07-26T11:34:43.366Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature Id="SigID-847a76bc-a745-4cdf"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";>
</ds:SignatureMethod>
<ds:Reference URI="#SigID-79fe769b-02cd-4dca">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";>
</ds:DigestMethod>
<ds:DigestValue>D/w5TtiyibRvsbid6gVZF8jGZ7w=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SiY7Z9bgiOpDQEksOqjTWpki0KvUCMHgz9YswcQzOZF0K874uvPfAU4VtvaV/FUfK+Grq4UV7rJ/QFGX6iSAxXm0DoFPULVN9ge6Jc+N9yuGddk51MBcxun5rv9spy9w/OGwFpAlIdQQW0+paexMYncgJJkV1awuvCmoeE1zfKDHcyr2CjBnb8GGH733GWihLbf3Nu4V4CgdhMglEYOJ8yNVF6Kr/Y/LzTaY/cazqYarGrro9bJq11vGcW27QeHlKSkRa8wuIjgHrwXdmdUctVVcWQKoJIpO5nMNGp4wvdZxSmOeI6p+oU0tyfEXF6XQZ/zpqRL33NmjV1h4bvQxwQ==</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:Reference URI="#CertID-e918e2c3-10f2-4fb0"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
</wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
</soapenv:Body>
</soapenv:Envelope>
------------------------------------------------------------------------
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefEmbeddedToken/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
<!--sp:Header
Namespace="http://www.w3.org/2005/08/addressing"/-->
</sp:SignedParts>
<rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
<rampc:TimeToLive>360</rampc:TimeToLive>
<rampc:ReceiverCertificate>C:\cacert.pem</rampc:ReceiverCertificate>
<rampc:Certificate>C:\mycert.pem</rampc:Certificate>
<rampc:PrivateKey>C:\mykey.pem</rampc:PrivateKey>
</rampc:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
http://kaushalye.blogspot.com/
http://wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
