Hi, I'm using CXF and WSS4J to develop consumers and providers that exchange signed soap messages. Signing the body and timestamp elements works just fine. However, I also need to sign the x509 certificate that is included in the security header (using the direct reference strategy).
Below I've outlined the structure of the soap message that I would like to produce. <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope ...> <soapenv:Header> <wsse:Security xmlns:wsse="..." soapenv:mustUnderstand="1"> <wsse:BinarySecurityToken ... wsu:Id="CertId-24950043"> MIIE...<!--an x509v3 certificate--> </wsse:BinarySecurityToken> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-excc14n#"> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsasha1"> </ds:SignatureMethod> <ds:Reference URI="#id-10168913"> <!--reference to body. Works OK!--> ... </ds:Reference> <ds:Reference URI="#Timestamp-30487154"> <!--reference to timestamp. Works OK!--> ... </ds:Reference> <ds:Reference URI="#CertId-24950043"> <!-- Reference to certificate. This is the reference I want to generate--> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> MkA... </ds:SignatureValue> <ds:KeyInfo Id="KeyId-19714461"> <wsse:SecurityTokenReference...> <wsse:Reference URI="#CertId-24950043" ...></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp...> <wsu:Created>2007-09-11T12:49:35.499Z</wsu:Created> <wsu:Expires>2007-09-11T12:54:35.499Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body ... wsu:Id="id-10168913"> ... </soapenv:Body> </soapenv:Envelope> I've tried to get it to work by configuring setting the org.apache.ws.security.handler.WSHandlerConstants.SIGNATURE_PARTS property to this value: "{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken", but it doesn't work. Has anyone tried to sign the BinarySecurityToken? Any help will be appreciated! best regards, Jakob Bendsen BEC, Denmark www.bec.dk -- View this message in context: http://www.nabble.com/signing-the-Binary-Security-Token-%28BST%29-tf4593716.html#a13114086 Sent from the cxf-user mailing list archive at Nabble.com.