[jira] Created: (RAMPART-125) Encryption of SOAP Headers broken

Harsha Venkataramu (JIRA) Tue, 18 Dec 2007 00:07:16 -0800

Encryption of SOAP Headers broken
---------------------------------

                 Key: RAMPART-125
                 URL: https://issues.apache.org/jira/browse/RAMPART-125
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.1, 1.2, 1.3
         Environment: Linux/JDK 1.5
            Reporter: Harsha Venkataramu
             Fix For: 1.3



Right now, only signing of SOAP headers seems to work. EncryptionOnly, 
SignBeforeEncrypting and EncryptBeforeSiging are all broken. Basically, the 
issue seems to be that, when encrypting a header, Rampart ends up replacing the 
entire header with the <EncryptedData> element. As per my understanding (which 
could be wrong!), only the "content" of the header should be replaced by 
<EncryptedData>, going by this:

http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#EncryptedHeaders

Here is the policy I used:

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/09/policy";>
        <wsp:ExactlyOne>
                <wsp:All>
                        <sp:AsymmetricBinding
                                
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                                <wsp:Policy>
                                        <sp:InitiatorToken>
                                                <wsp:Policy>
                                                        <sp:X509Token
                                                                
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
                                                                <wsp:Policy>
                                                                        
<sp:WssX509V3Token10 />
                                                                </wsp:Policy>
                                                        </sp:X509Token>
                                                </wsp:Policy>
                                        </sp:InitiatorToken>
                                        <sp:RecipientToken>
                                                <wsp:Policy>
                                                        <sp:X509Token
                                                                
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
                                                                <wsp:Policy>
                                                                        
<sp:WssX509V3Token10 />
                                                                </wsp:Policy>
                                                        </sp:X509Token>
                                                </wsp:Policy>
                                        </sp:RecipientToken>
                                        <sp:AlgorithmSuite>
                                                <wsp:Policy>
                                                        <sp:Basic256Rsa15 />
                                                </wsp:Policy>
                                        </sp:AlgorithmSuite>
                                        <sp:Layout>
                                                <wsp:Policy>
                                                        <sp:Strict />
                                                </wsp:Policy>
                                        </sp:Layout>
                                        <sp:EncryptBeforeSigning />
                                </wsp:Policy>
                        </sp:AsymmetricBinding>
                        <sp:SignedParts
                                
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                                <sp:Header Name="Header1" 
Namespace="http://www.foo.com"; />
                                <sp:Header Name="Header2" 
Namespace="http://www.foo.com"; />
                        </sp:SignedParts>
                        <sp:EncryptedParts
                                
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
                                <sp:Header Name="Header1" 
Namespace="http://www.foo.com"; />
                                <sp:Header Name="Header2" 
Namespace="http://www.foo.com"; />
                        </sp:EncryptedParts>
                </wsp:All>
        </wsp:ExactlyOne>
</wsp:Policy>



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (RAMPART-125) Encryption of SOAP Headers broken

Reply via email to