ผมเห็นใน http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/ เขา commit code ไปเยอะเลยอะครับ ไม่แน่ว่าอาจจะเกี่ยวกับของเราหรือป่าวนะครับ
-----Original Message----- From: Taweewat Luangwiriya [mailto:[EMAIL PROTECTED] Sent: Monday, November 19, 2007 4:53 PM To: rampart-dev; nandana Cc: Sirikul Rodjanapanyanon; Sanpet Tumvised; twl Subject: Question about digital signature reference Hi dev, I have some question about digital signature reference. I use rampart for generating soap message with SymmetricBinding policy, they generate the soap message as below and when microsoft's wse3.0 receive this message. It return this error back to my console. "WSE502: The target element referenced by the following id can not be found in the message: Id-11985823. Make sure that the element is present at the time when the signing or encryption operation is performed." Notice wse3.0 tell that the Id-11985823 can not be found but in my soap message it clearly present in signature token. What does i can do for this problem? thank you for your kindness. twl ---------------------------------------------------------------------------------- Here is my SOAP message <?xml version='1.0' encoding='UTF-8'?> <soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";> <soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="true"> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-6166426"> <wsu:Created>2007-11-19T09:16:23.065Z</wsu:Created> <wsu:Expires>2007-11-22T20:36:23.065Z</wsu:Expires> </wsu:Timestamp> <xenc:EncryptedKey Id="EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";>Xi3VZkuCbzgfoFI2Qr1Gkz6haf4=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>oyFtUYbPYy8JlYCCsmP/n6VYzotMk14bF3pvFVIQ0ibqmveh5V0HPsfBjit4Zg9FY9FMN0lx0iy9KpnDDMWXW+iapcFTfl81XXP5eDU5tpc8iMuedWNlISSVkHf0NnYIUyQ7pw9JiqYAA4XSslcHBaPrXW/vzKofpwnD0PRImUE=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="derivedKeyId-1114115"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <wsc:Length>16</wsc:Length> <wsc:Nonce>2VbeA7yLrv/sgvPmqV9JDw==</wsc:Nonce> </wsc:DerivedKeyToken> <xenc:ReferenceList /> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-7979854">MIID2DCCAsCgAwIBAgIKKJGEBAAAAAAAIDANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdJQkRldkNBMB4XDTA3MDYyNzA1MTUxM1oXDTA4MDYyNzA1MjUxM1owFzEVMBMGA1UEAxMMU0lQQUNsaWVudC0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/xUrOHpHEooNR74V+H0cy4RM/PIzNG0DYpO+69soo94ABE0BcLtu4QxEPkZ9D3hExgN0DOIyPg3p7T8wYBK/ypGcUp/e3ZBg2s1E4DKQt6ZygS9+p/o/ueNQkSbBvSYKXm+o8dyXBqourBVE8nMAtqqXebMCsWpTxhktBPdAXXQIDAQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUi+nAwmxOh3dWDVys8K32ET9NE+EwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUQwA/Ut9S4xeFQ3GtSJKwH0yOjNUwZQYDVR0fBF4wXDBaoFigVoYoaHR0cDovL2liLWRldi1zcnYvQ2VydEVucm9sbC9JQkRldkNBLmNybIYqZmlsZTovL1xcSUItREVWLVNSVlxDZXJ0RW5yb2xsXElCRGV2Q0EuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDA/BggrBgEFBQcwAoYzaHR0cDovL2liLWRldi1zcnYvQ2VydEVucm9sbC9JQi1ERVYtU1JWX0lCRGV2Q0EuY3J0MEEGCCsGAQUFBzAChjVmaWxlOi8vXFxJQi1ERVYtU1JWXENlcnRFbnJvbGxcSUItREVWLVNSVl9JQkRldkNBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAJ0IaQT0K3piyZJWTjWRR6h6ZkEyQLQjdMJJlUSmjPKPTQ/JSgv3py86LhaU0bP//IYEN8kvqejVOtxZf5+kV1tGr/o3jay7bRt/gFcLJHLlj3iAfWmFRVP2umtaS5P5uLzD13pOfJCkdWEKms2ZJt/0iERkFDTb3jYPuibMD7nPkS77XovCFbmOcRJYT2N0zGrCa7WSbopbFX4OPZxski/A4M06OpYAlF7v38lrpjWqc/qfAQ2aJXYseJGmzDDd0jOxLWLHtlu9YNKyuesZxKkJqVvyGBO9jSMhT14cwa5XJOuXY6LQMDXIyipFh17TfsK7akre9avyvuEHLWPD9LQ==</wsse:BinarySecurityToken> <wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="derivedKeyId-4999541"> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> </wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset> <f9cwsc:Length>32</wsc:Length> <wsc:Nonce>BY2ND6tlnxKYHDS8+PcHmg==</wsc:Nonce> </wsc:DerivedKeyToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; Id="Signature-25352765" wsu:Id="Id-11985823"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"; /> <ds:Reference URI="#Id-19583390"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>/1/0RJJno+Qcl8s4wcJ84PwKwgk=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-2628939"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>doL49U3f+krfxWP+jsUbi6wmL+c=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-26956311"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>eqbsLithYKIgP758VrdLDGr8/eg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-2780950"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>N8p2mRNQ+/lTBaufxEzPZnuhZdI=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-31658378"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>o6SwMiCtAUqORLDGMXjpg4GUceg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-6166426"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>P/8AowVuRGNVfKNIFkkVLaTyiD0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>A6wlWm9jFyQeammvxQodK5VNh+s=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-29751107"> <wsse:SecurityTokenReference wsu:Id="STRId-32278793"> <wsse:Reference URI="#derivedKeyId-4999541" /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-14525019"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#Id-11985823"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>/K8QdsCye7TKDDBPRBE1libbLAw=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ZDLdiHZ7WMVMyzaLZSKO30LdRokkwOSUnKgIu1whpDQdeLIHxUDb6lgm98BU4IE3Uo87z0r75ZDoEjIMAg3er2dCs3m8XYddywTaH3Nq91G94CoOotQT2EWEuMRig1QNyPShmzxjViB8FwM5HtpKUuDVU+bG9yh7lz/LnLX9pVY=</ds:SignatureValue> <ds:KeyInfo Id="KeyId-16471729"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-16291471"> <wsse:Reference URI="#CertId-7979854" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> <wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-19583390">http://192.168.99.177:8888/wsewebservice/service.asmx</wsa:To> <wsa:ReplyTo xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-2628939"> <wsa:Address>http://schemas.xmlsoap.org/ws/273c004/08/addressing/role/anonymous</wsa:Address> </wsa:ReplyTo> <wsa:MessageID xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-26956311">urn:uuid:F20F7B0D983382431C1195463783058</wsa:MessageID> <wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-2780950">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action> </soapenv:Header> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-31658378"> <wst:RequestSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust";> <wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType> <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing";> <wsa:Address>http://192.168.99.177:8888/wsewebservice/service.asmx</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wst:Lifetime> <wsu:Created>2007-11-19T09:16:22.784Z</wsu:Created> <wsu:Expires>2007-11-19T09:21:22.784Z</wsu:Expires> </wst:Lifetime> <wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType> <wst:Entropy> <wst:BinarySecret Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce";>O0ChTFwz/rifmkfPAD4OfTw8pIqLb4oYrhdwIPlZXqLT2sirVLb9Fx2EbOq1wbI+gidDoB1VxLjGnFckUYBM0qqC5YLw0q7wlyqiSi1McLVMA9bnx1gnjrASHA/6PCAeAmb9zLnzfyC7TVFq0NVxjzeYAjAhR/ATjxw+O5BDV0M0P7hdZ1opuKJR65+uzpG4S/LHDkeCDM0ur4+9MdiSmu/iAgGbpFqIHuEZ4gwjADuEIGUub6aFssqErRBeMx0al1KEUDYs3/ub1Eg/TDesWb/tqrtCY+IQs3DCWvdZGZ5x+a7DT7shwMwzEJ9QrRE71N/Y/GkeuhQ/je1iqNSVcQ==</wst:BinarySecret> </wst:Entropy> <wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm> </wst:RequestSecurityToken> </soapenv:Body> </soapenv:Envelope> -------------------------------------------------------------------------------------- Here is my Policy <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:BootstrapPolicy> <wsp:Policy> <sp:SymmetricBinding> <wsp:Policy> <sp:ProtectionToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:RequireDerivedKeys/> <sp:RequireKeyIdentifierReference/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> <sp:EndorsingSupportingTokens> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:RequireThumbprintRefderence/> <sp:WssX509V3Token11/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:EndorsingSupportingTokens> <sp:Wss11> <wsp:Policy> <sp:MustSupportRefEncryptedKey/> <sp:RequireSignatureConfirmation/> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> <sp:MustSupportRefThumbprint/> </sp:Wss11> <sp:Trust10> <wsp:Policy> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> </wsp:Policy> </sp:BootstrapPolicy> </wsp:Policy> </sp:SecureConversationToken> </wsp:Policy> </sp:ProtectionToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256Rsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:SymmetricBinding> Confidentiality and Disclaimer :This e-mail and any attachments hereto (the E-mail) may contain information which is confidential and/or proprietary and transmitted for the sole use of the recipient(s) named above and for the intended purpose only. If you are not the intended recipient of the E-mail, you are hereby notified that any review, copy, retransmission, distribution, or use of the E-mail in any manner for any purpose is strictly prohibited and please notify the sender, delete the original of the E-mail and destroy all copies immediately. Bangkok Bank accepts no responsibility for any mis-transmission or virus contamination of, or interference with, the E-mail, or for any loss or damage that may be incurred as a result of the use of any information contained in the E-mail.
