Hi Jamie, > One thing to note, is that even with the WSFC 1.0 release, and the > example "samples/rampart/client/sec_echo" with my policy.xml file I'm > still not getting a signed body, though oddly the first element within > Body is getting signed.
Yes, You are correct. This is a bug. We found this bug just after releasing WSFC 1.0, during an interop. We are going to release WSFC 1.0.1 most probably today. That bug is fixed in the new release. > I've tried building axis2/c and rampart/c from source, but at present > I'm not having much luck -- under linux automake seems to be failing for > some reason. Can you please send the errors you get with linux automake. So that we can find where is the failure. > I don't suppose there are nightly builds available of axis2/c, rampart/c > etc..? No there are no nightly builds available. But axis2/c and rampart/c trunks are stable. -Manjula. > > Thanks very much, > Jamie > > > > -----Original Message----- > From: Kaushalye Kapuruge [mailto:[EMAIL PROTECTED] > Sent: 26 July 2007 13:17 > To: Apache AXIS C Developers List > Subject: Re: [Rampart/C] Signing the body > > Hi Jamie, > I tried your scenario "with an empty body" and it worked fine for me. > You should be able to see an id is added to your body element as > follows. > <soapenv:Envelope > xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> > ..... > <soapenv:Body u:Id="SigID-09d3faf2-3b71-1dc1" > xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur > ity-utility-1.0.xsd"></soapenv:Body> > </soapenv:Envelope> > May be you can get the latest check-out from the svn[1] and give a try. > Cheers, > Kaushalye > [1]http://svn.apache.org/repos/asf/webservices/rampart/trunk/c > > Kaushalye Kapuruge wrote: > > Hi Jamie, > > Seems your policy configurations are correct. Could you please send us > > > the log file, and a trace of signed message? We haven't tested signing > > > an empty body, which is an interesting scenario :). > > Cheers, > > Kaushalye > > [1]http://svn.apache.org/repos/asf/webservices/rampart/trunk/c > > > > Jamie Lyon wrote: > >> > >> Hi, > >> > >> I am using Axis2/C to try and send secure messages to a pre-existing > >> service. > >> > >> One of the requirements of this service is that there are a certain > >> amount of security headers, and that the body is always signed. > >> > >> I have a policy.xml file, which I have attached to this e-mail, the > >> problem is that although a security header is added, including > >> timestamp, the certificate etc... it doesn't actually sign the body. > An > >> example of the message that will be sent by Axis2/C is included at > >> the bottom of the e-mail. If I uncomment the line in the policy.xml > >> "<!--sp:Header Namespace="http://www.w3.org/2005/08/addressing"/-->" > >> it successfully signs the ws-addressing headers, but it still does > >> not sign the body. I've tried adding a dummy element into body > >> (although I don't in reality want anything there, I want the empty > >> body to be signed in this particular case), to see if that makes a > >> difference, but it doesn't, there's still nothing being signed. > >> > >> Is there anything special that you have to do apart from add sp:Body > >> to the SignedParts to get the body to be signed compared to other > >> elements? > >> > >> (I'm using the Rampart/Axis builds included in WSO2 WSF/C under > >> Windows with Visual Studio 2005 Pro) > >> > >> Thanks, > >> > >> Jamie > >> > >> POST /gria-basic-app-services/services/DataService HTTP/1.1 > >> > >> User-Agent: Axis2/C > >> > >> SOAPAction: > >> "http://www.it-innovation.soton.ac.uk/2004/grid/data/getResources"; > >> > >> Content-Length: 3994 > >> > >> Content-Type: text/xml;charset=UTF-8 > >> > >> Host: fiuza.it-innovation.soton.ac.uk:9090 > >> > >> <soapenv:Envelope > >> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > >> > >> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing";> > >> > >> > <wsa:To>http://fiuza.it-innovation.soton.ac.uk:9090/gria-basic-app-servi > ces/services/DataService</wsa:To> > >> > >> > >> > <wsa:Action>http://www.it-innovation.soton.ac.uk/2004/grid/data/getResou > rces</wsa:Action> > >> > >> > >> <wsa:MessageID>378ebcfb-4091-4942-9fb2-9ab3548392cc</wsa:MessageID> > >> > >> <wsse:Security soapenv:mustUnderstand="1" > >> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd"> > >> > >> > >> <wsse:BinarySecurityToken > >> > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-so > ap-message-security-1.0#Base64Binary" > >> wsu:Id="CertID-e918e2c3-10f2-4fb0" > >> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- > token-profile-1.0#X509v3" > >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd">MIID5DCCAsygAwIBAAIERoO4jzANBgkqhkiG9w0BAQUFADCBs > zErMCkGCSqGSIb3DQEJARYcamxAaXQtaW5ub3ZhdGlvbi5zb3Rvbi5hYy51azELMAkGA1UEB > hMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEUMBIGA1UEBxMLU291dGhhbXB0b24xHTAbBgNVB > AoTFElUIElubm92YXRpb24gQ2VudHJlMRIwEAYDVQQLEwlUZWNoU3VpdGUxGjAYBgNVBAMTE > WdTT0FQIFRlc3QgQ2xpZW50MB4XDTA3MDYyODEzMzMwM1oXDTA4MDYyNzEzMzMwM1owgbMxK > zApBgkqhkiG9w0BCQEWHGpsQGl0LWlubm92YXRpb24uc290b24uYWMudWsxCzAJBgNVBAYTA > lVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxFDASBgNVBAcTC1NvdXRoYW1wdG9uMR0wGwYDVQQKE > xRJVCBJbm5vdmF0aW9uIENlbnRyZTESMBAGA1UECxMJVGVjaFN1aXRlMRowGAYDVQQDExFnU > 09BUCBUZXN0IENsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0rdU+bp > 6plPTHQmyAgWcUXXkB2ECW0C9IbCze0WeezQYRYByFxMvBK1kvPSxrCVxUhCu6bz4EV3OoIk > 2RJhLQAJqJ9/JxQBLczp05Z7m6itodMLUZoDbixcF+bBNk5JiWbTJyv3Bcmuqn57iwX0y+7W > b8IHLxnXcmmEzMS2K4f6vDPY7G+qwTzupFoC8+cKdbFOyk9I2JR0TWbq12NHgW9JZr79kzHE > oV3p/4s53B5kagMukFkwmcj/GDRMSMfXqnkUc4WlwaRvYrxFI5RjEFjTtwYApBWJcYZ0kYnP > kuBQ65XD9cDddrlPYF+w1Ks8WFc671S+xYrKnyftfxKvicCAwEAATANBgkqhkiG9w0BAQUFA > AOCAQEAMezs42UH3LJhzIkTt2VqCKnU39P8DpPqHSqiFwKB7gPcadGjBHp3d0Akm/1F+bea/ > 25PMfwJR5vSrcny1qFBN41EwlDgyFCecCaLDeg/HxwTcu/sxGq3m9SkaHv/ETk7xRmT4Uz0V > IK2uZbNOzPzo6nzLwbsturbr2dD/qxkdplH5dp3h0xGMiY5H1/QWs/bKLwXpNngYvpIu17I2 > EEZdcPmVZFgcWzV9QXjzAjzC98qxK4gMH35vrhoZvatd2rbCR2Wm+j44wR2W4zof65oVfiyO > +p5iamPY7Ncd3M9o1LRrRN0HWg0pNg87tr9l1HzLhZqRGwP9BIp9+2EvWWvEg==</wsse:Bi > narySecurityToken> > >> > >> > >> <wsu:Timestamp wsu:Id="SigID-79fe769b-02cd-4dca" > >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd"> > >> > >> > >> <wsu:Created>2007-07-26T11:28:43.366Z</wsu:Created> > >> > >> <wsu:Expires>2007-07-26T11:34:43.366Z</wsu:Expires> > >> > >> </wsu:Timestamp> > >> > >> <ds:Signature Id="SigID-847a76bc-a745-4cdf" > >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > >> > >> <ds:SignedInfo> > >> > >> <ds:CanonicalizationMethod > >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > >> > >> </ds:CanonicalizationMethod> > >> > >> <ds:SignatureMethod > >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";> > >> > >> </ds:SignatureMethod> > >> > >> <ds:Reference URI="#SigID-79fe769b-02cd-4dca"> > >> > >> <ds:Transforms> > >> > >> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > >> > >> </ds:Transform> > >> > >> </ds:Transforms> > >> > >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";> > >> > >> </ds:DigestMethod> > >> > >> <ds:DigestValue>D/w5TtiyibRvsbid6gVZF8jGZ7w=</ds:DigestValue> > >> > >> </ds:Reference> > >> > >> </ds:SignedInfo> > >> > >> > <ds:SignatureValue>SiY7Z9bgiOpDQEksOqjTWpki0KvUCMHgz9YswcQzOZF0K874uvPfA > U4VtvaV/FUfK+Grq4UV7rJ/QFGX6iSAxXm0DoFPULVN9ge6Jc+N9yuGddk51MBcxun5rv9sp > y9w/OGwFpAlIdQQW0+paexMYncgJJkV1awuvCmoeE1zfKDHcyr2CjBnb8GGH733GWihLbf3N > u4V4CgdhMglEYOJ8yNVF6Kr/Y/LzTaY/cazqYarGrro9bJq11vGcW27QeHlKSkRa8wuIjgHr > wXdmdUctVVcWQKoJIpO5nMNGp4wvdZxSmOeI6p+oU0tyfEXF6XQZ/zpqRL33NmjV1h4bvQxw > Q==</ds:SignatureValue> > >> > >> > >> <ds:KeyInfo> > >> > >> <wsse:SecurityTokenReference > >> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd"> > >> > >> > >> <wsse:Reference URI="#CertID-e918e2c3-10f2-4fb0" > >> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509- > token-profile-1.0#X509v3"> > >> > >> > >> </wsse:Reference> > >> > >> </wsse:SecurityTokenReference> > >> > >> </ds:KeyInfo> > >> > >> </ds:Signature> > >> > >> </wsse:Security> > >> > >> </soapenv:Header> > >> > >> <soapenv:Body> > >> > >> </soapenv:Body> > >> > >> </soapenv:Envelope> > >> > >> > ------------------------------------------------------------------------ > >> > >> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > >> <wsp:ExactlyOne> > >> <wsp:All> > >> <sp:AsymmetricBinding > >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > >> <wsp:Policy> > >> <sp:InitiatorToken> > >> <wsp:Policy> > >> <sp:X509Token > >> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In > cludeToken/AlwaysToRecipient"> > >> > >> <wsp:Policy> > >> <sp:WssX509V3Token10/> > >> </wsp:Policy> > >> </sp:X509Token> > >> </wsp:Policy> > >> </sp:InitiatorToken> > >> <sp:RecipientToken> > >> <wsp:Policy> > >> <sp:X509Token > >> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In > cludeToken/Never"> > >> > >> <wsp:Policy> > >> <sp:WssX509V3Token10/> > >> </wsp:Policy> > >> </sp:X509Token> > >> </wsp:Policy> > >> </sp:RecipientToken> > >> <sp:AlgorithmSuite> > >> <wsp:Policy> > >> <sp:Basic256Rsa15/> > >> </wsp:Policy> > >> </sp:AlgorithmSuite> > >> <sp:Layout> > >> <wsp:Policy> > >> <sp:Strict/> > >> </wsp:Policy> > >> </sp:Layout> > >> <sp:IncludeTimestamp/> > >> </wsp:Policy> > >> </sp:AsymmetricBinding> > >> <sp:Wss10 > >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > >> <wsp:Policy> > >> <sp:MustSupportRefKeyIdentifier/> > >> <sp:MustSupportRefEmbeddedToken/> > >> <sp:MustSupportRefIssuerSerial/> > >> </wsp:Policy> > >> </sp:Wss10> > >> <sp:SignedParts > >> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > >> <sp:Body/> > >> <!--sp:Header > >> Namespace="http://www.w3.org/2005/08/addressing"/--> > >> </sp:SignedParts> > >> <rampc:RampartConfig > >> xmlns:rampc="http://ws.apache.org/rampart/c/policy";> > >> <rampc:TimeToLive>360</rampc:TimeToLive> > >> > >> <rampc:ReceiverCertificate>C:\cacert.pem</rampc:ReceiverCertificate> > >> <rampc:Certificate>C:\mycert.pem</rampc:Certificate> > >> <rampc:PrivateKey>C:\mykey.pem</rampc:PrivateKey> > >> </rampc:RampartConfig> > >> </wsp:All> > >> </wsp:ExactlyOne> > >> </wsp:Policy> > >> > >> > ------------------------------------------------------------------------ > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
