Hi,At the moment seems like we do not validate the exact elements that are required to be encrypted.
IMHO we will have to improve the org.apache.ws.security.processor.ReferenceListProcessor to include the decrypted element information (in addition to the ref URI) for rampart to be able to validate the encrypted parts correctly.
Thanks Dobri for pointing this out. Please file an issue here [1]. Thanks, Ruchith 1. https://issues.apache.org/jira/browse/RAMPART Dobri Kitipov wrote:
Hi everybody, currently I am researching how Rampart is validating and verifying the secured artifacts. Let me give you a sample scenario. Let's say we have a WS which policy defines that a specific <sp:EncryptedElements/> should be encrypted (corresponding to a given XPath expression). I am interested in understanding the mechanism that is used to verify that the incoming message has encrypted exactly that <sp:EncryptedElements/> with the given specific XPath expression, but not something else. I suppose rampart is not just counting scheme to ensure that the right number of encrypted/signed parts/elements is reached? I have not finished my research, but I will appreciate any good thoughts and references related to this topic. Regards, Dobri
signature.asc
Description: OpenPGP digital signature
