I presume that wst:RequestSecurityToken is
not your root, though in the sample you pasted, it is the root element.
Can you share the piece of code you have
for this and the input xml?
From: Nicholas G
Harlow [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 19, 2005 11:38
AM
To: security-dev@xml.apache.org
Subject: Enveloped signature on a
non-root document element
Hello,
I
am trying to add an enveloped signature to a particular element of a document. The
element is not the root element of the document. The problem is that the
signature element generated has no digest value. I have tried using
element id attributes to make this work, but clearly I am missing some key
step. Can anyone tell what actual classes/calls I need to use/make in
order for me to succeed in what I am trying to do. I will be grateful for
any insights. Thanks.
Nick
I
have pasted the xml below with the result I am getting:
<wst:RequestSecurityToken
wsu:Id="RST-uuid30512502-0105-f0b5-0b04-86339ffce1f5"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:AppliesTo
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference>
<wsa:Address>
some-appliesto
</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Issuer
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsa:Address>
some-issuer
</wsa:Address>
</wst:Issuer>
<wst:Base>
<wss:UsernameToken
xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wss:Username>
foobar
</wss:Username>
<wss:Password>
********
</wss:Password>
<wsu:Created
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
2005-07-19T18:18:06Z
</wsu:Created>
</wss:UsernameToken>
</wst:Base>
<wst:RequestType>
http://schemas.xmlsoap.org/ws/2005/02/security/trust/Validate
</wst:RequestType>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference
URI="#RST-uuid30512502-0105-f0b5-0b04-86339ffce1f5"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
FA9ab72kKuB5geYGeckbBrcgPnZk
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:DSAKeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:P
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
K2HXKu/yIgMZndFIAcc=
</ds:P>
<ds:Q
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
l2BQjxUjC8yykrmCouuEC/BYHPU=
</ds:Q>
<ds:G xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
Zl6Ae1UlZAFMO/7PSSo=
</ds:G>
<ds:Y
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY
qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3
x04lGaZ8jUYZL3gZTNI=
</ds:Y>
</ds:DSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</wst:RequestSecurityToken>
|
