Hi Harsha,
1) When I set <EncryptedParts> and <SignedParts> to <Body>,
> <ReferenceList> gets added as a direct child of the <wsse:Security>
> header. However, when I use <SignBeforeEncrypting>, <ReferenceList>
> gets added to <EncryptedKey>. Why this difference?
This is because Rampart processes the elements in the security header in the
order they appear in the security header. So the signature to be correctly
verified,
SignBeforeEncrypt case :
Reference List must appear before the Signature element. ( so the
signature is verified over decrypted elements ).
EncryptBeforeSign case :
Signature must appear before the Reference List element. ( so the
signature is verified over encrypted elements ).
So in the sign before encrypt case we can add the reference list to
encrypted
key as a internal reference.
But in the encrypt before sign case, we have to use external reference as
the
reference list have to go after the signature element.
2) When I set <EncryptedParts> and <SignedParts> to some header,
> Rampart does the encryption correctly, but doesn't sign. I dug into
> the code and found that after the message is encrypted the original
> nodes are no longer there (because they have been replaced by
> <EncryptedData> elements) and therefore, the signing function can't
> find any nodes to sign.
>
Can you please raise a JIRA in Rampart with the policy you used ?
Thanks,
Nandana
>
>
> Regards,
> Harsha
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
