[
https://issues.apache.org/jira/browse/RAMPART-125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nandana Mihindukulasooriya resolved RAMPART-125.
------------------------------------------------
Resolution: Fixed
Fixed in 610736. Rampart now generates Encrypted headers as defined in WSS 1.1
SOAP Message Security specification.
> Encryption of SOAP Headers broken
> ---------------------------------
>
> Key: RAMPART-125
> URL: https://issues.apache.org/jira/browse/RAMPART-125
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.1, 1.2, 1.3
> Environment: Linux/JDK 1.5
> Reporter: Harsha Venkataramu
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.3
>
>
> Right now, only signing of SOAP headers seems to work. EncryptionOnly,
> SignBeforeEncrypting and EncryptBeforeSiging are all broken. Basically, the
> issue seems to be that, when encrypting a header, Rampart ends up replacing
> the entire header with the <EncryptedData> element. As per my understanding
> (which could be wrong!), only the "content" of the header should be replaced
> by <EncryptedData>, going by this:
> http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#EncryptedHeaders
> Here is the policy I used:
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/09/policy";>
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
>
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always";>
> <wsp:Policy>
>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256Rsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:EncryptBeforeSigning />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp:SignedParts
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Header Name="Header1"
> Namespace="http://www.foo.com"; />
> <sp:Header Name="Header2"
> Namespace="http://www.foo.com"; />
> </sp:SignedParts>
> <sp:EncryptedParts
>
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> <sp:Header Name="Header1"
> Namespace="http://www.foo.com"; />
> <sp:Header Name="Header2"
> Namespace="http://www.foo.com"; />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
