Colm O hEigeartaigh created WSS-457:
---------------------------------------
Summary: Incorrect validation of ProtectTokens assertion
Key: WSS-457
URL: https://issues.apache.org/jira/browse/WSS-457
Project: WSS4J
Issue Type: Bug
Reporter: Colm O hEigeartaigh
Assignee: Marc Giger
Fix For: 2.0
The streaming code doesn't validate the ProtectTokens assertion properly in the
case of a SymmetricBinding. The scenario is that the Signature should reference
(sign) the EncryptedKey, and also reference it in the signing KeyInfo. However,
the streaming code complains with:
Original Exception was org.apache.wss4j.policy.stax.PolicyViolationException:
Token
/{http://schemas.xmlsoap.org/soap/envelope/}Envelope/{http://schemas.xmlsoap.org/soap/envelope/}Header/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security/{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken
must be signed by its signature.
However, the BinarySecurityToken in question is the certificate used to encrypt
the symmetric key, and not the signing credential.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
