[
https://issues.apache.org/jira/browse/RAMPART-411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved RAMPART-411.
-------------------------------------
Resolution: Fixed
Resolved in 2.0.0.
The original failure was with the legacy WSS4J parameter-based
"signatureParts"
configuration, which referenced the BinarySecurityToken by QName and could not
resolve it at signing time ("Element to encrypt/sign not found:
...BinarySecurityToken"). The example configuration also used the wrong
namespace for
the BinarySecurityToken (the WS-Security utility namespace instead of the
WS-Security
secext namespace where wsse:BinarySecurityToken is defined).
In 2.0.0, signing the BinarySecurityToken is done through WS-SecurityPolicy:
adding
<sp:ProtectTokens/> to the binding enables token protection, and Rampart's
binding
builders add the BinarySecurityToken to the signature by its wsu:Id rather
than by
QName, so it is signed reliably. The parameter-based signatureParts signing
path that
produced the original error is no longer used.
Added a regression test
(AsymmetricBindingBuilderTest.testAsymmBindingProtectTokens
with rampart-asymm-binding-protecttokens.xml): a message built under a
ProtectTokens
policy contains a signed BinarySecurityToken and Signature; if BST signing
were
broken the build would fail with the original "Element to encrypt/sign not
found"
error. Verified with a full clean 'mvn verify -Papache-release' across all
modules
including the nine policy samples on OpenJDK 17/21/25.
> Unable to sign the BinarySecurityToken using Rampart 1.6.2
> ----------------------------------------------------------
>
> Key: RAMPART-411
> URL: https://issues.apache.org/jira/browse/RAMPART-411
> Project: Rampart
> Issue Type: Bug
> Components: rampart-policy
> Affects Versions: 1.6.2
> Environment: Axis2 1.6.2 , Java 7 and Rampart 1.6.2
> Reporter: Ashok T
> Assignee: Robert Lazarski
> Priority: Critical
> Fix For: 2.0.0
>
>
> While try to enable the binarysecuritytoken in the signatureparts in the
> axis2.xml am getting this error . This is happpened only when adding BST
> element
> axis2.xml
> ----------
> <action>
> <items>Timestamp Signature</items>
> <user>Test User</user>
> <passwordCallbackClass>com.PWCBHandler</passwordCallbackClass>
> <signaturePropFile>client.properties</signaturePropFile>
>
> <signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
> {Element}{http://schemas.xmlsoap.org/soap/envelope/} Body;
>
> {Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}
> BinarySecurityToken
> </signatureParts>
> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> </action
> org.apache.ws.security.WSSecurityException: General security error
> (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found:
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd,
> BinarySecurityToken)
> at
> org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
