Hello, I have a bit of a technical question on how Rampart works. I have the following policy on my client side and a matching policy on the server side.
<wsp:All> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:RequireThumbprintReference/> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic128Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> </wsp:Policy> </sp:SymmetricBinding> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefThumbprint/> <sp:MustSupportRefEncryptedKey/> </wsp:Policy> </sp:Wss11> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> Now this is an example of a request <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="C3ADEBCF3D197693D513680190191211">MIICUTCCAbqgAwIBAgIESy9OZzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJMSzEQMA4GA1UECBMHV2VzdGVybjEQMA4GA1UEBxMHQ29sb21ibzEPMA0GA1UEChMGQXBhY2hlMRAwDgYDVQQLEwdSYW1wYXJ0MRcwFQYDVQQDEw5TYW1wbGUgU2VydmljZTAeFw0wOTEyMjExMDMxMDNaFw0zNzA1MDcxMDMxMDNaMG0xCzAJBgNVBAYTAkxLMRAwDgYDVQQIEwdXZXN0ZXJuMRAwDgYDVQQHEwdDb2xvbWJvMQ8wDQYDVQQKEwZBcGFjaGUxEDAOBgNVBAsTB1JhbXBhcnQxFzAVBgNVBAMTDlNhbXBsZSBTZXJ2aWNlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJlCGEscCBZF0iS87nQIae6/dl4GiKuP/KVpWF15dtlX3MlYPciUtE64khoj8D/xlZFpDQ1V6B4gMVgdNtCzWRyd/dQ+YofjLEzCmgmQ7Ze32Y+QCnagYoTyLnXWXbAKHLrnFNu0BUdKm5IpKF8ZayhOn4tTqnMKPBHaN28m1BNQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABJZprOOBsOStSYd1AeKS4Nslo6JX3Xsz7dKxl2OSekzWQhMIeKxbdvHqCf2rGzinMomGLBie1lndhzmd7qxpCeQGLJHdttCTNKleOjt+s+U7vHzLKi0wOcmdTc3xWBgXOcfgyw3HDXVrXUlnnrAWNeU4tnm+Obu9LkmRcDF7Op0</wsse:BinarySecurityToken> <xenc:EncryptedKey Id="EncKeyId-C3ADEBCF3D197693D513680190194962"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:Reference URI="#C3ADEBCF3D197693D513680190191211" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>Kh4l6qP0YHMF26cdV4kQg/iu333O6AJnV+Nm274xA8+cNIK/5kL+biIE+NiUiPmyYx3g5fi59Py8xQ9EnozBJ0agrlakWPzWPaGLc601wMOosNv2a4WQUp3TeodToxqL69QUWNWwAaz80oj9dQty9cedKhOjXCEsLK5aNoUzcEI=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-1" /> </xenc:ReferenceList> </wsse:Security> Now, I want to do further processing on <wsse:BinarySecurityToken> at server side. I tried to decode the certificate from its Base64 form into something readable but it seems that it is encrypted or I am doing something wrong because it doesn't make sense to encrypt an X.509 certificate. So the other option is to find where Rampart processes the token after it is dycrepted and work from there. After examining Rampart core source code, I can say that I could not find or understand how the certificate is being handled So my question is, at what part can I modify or work on the X.509 certificate being sent here? or if the wsse:BinarySecurityToken can easily be decoded into human readable form? Much appreciated, Mclaw.
