I need to sign Body and BinarySecurityToken elements.
I get this exception when creating signature for the message:
Caused by: org.apache.ws.security.WSSecurityException: Error during Signature:
... 35 more
Caused by: org.apache.ws.security.WSSecurityException: Signature
creation failed (Cannot setup signature data structure)
... 38 more
Caused by: org.apache.ws.security.WSSecurityException: General
security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign
not found:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd,
BinarySecurityToken)
at
org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
This is my Spring config part:
<bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
<constructor-arg>
<map>
<entry key="action" value="Signature" />
<entry key="user" value="mySuer" />
<entry key="passwordCallbackRef">
<bean id="myPasswordCallback"
class="com.myCompany.MyPasswordCallback" />
</entry>
<entry key="signaturePropFile" value="client_sign.properties" />
<entry key="signatureKeyIdentifier" value="DirectReference" />
<entry key="signatureParts"
value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken";
/>
<entry key="isBSPCompliant" value="false" />
</map>
</constructor-arg>
</bean>
I also tried to change signatureParts value to:
<entry key="signatureParts"
value="Token;{}{http://schemas.xmlsoap.org/soap/envelope/}Body"; />
then I get the same exception:
Caused by: org.apache.ws.security.WSSecurityException: General
security error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign
not found: http://schemas.xmlsoap.org/soap/envelope/, Token)
at
org.apache.ws.security.message.WSSecSignatureBase.addReferencesToSign(WSSecSignatureBase.java:160)
... 41 more
There is no problem with producing signature for Body and BST elements
on Weblogic server.
This is what I expect to produce:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:soap="http://soap.my.company.com/";>
<soapenv:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-270e5823-573d-4252-9607-db5f6286969b">MIIDg...
</wsse:BinarySecurityToken>
<Signature Id="cd56d279-7479-41ec-94e1-b0d72f961cf0"
xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<Reference URI="#SecurityToken-270e5823-573d-4252-9607-db5f6286969b">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<DigestValue>oGYH...g=</DigestValue>
</Reference>
<Reference URI="#Id-117b61be-9ca0-4745-b0fa-946e2492f0a3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<DigestValue>Qo8S...=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>KV2eV.....=
</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-270e5823-573d-4252-9607-db5f6286969b"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
/>
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="Id-117b61be-9ca0-4745-b0fa-946e2492f0a3">
.....
</soapenv:Body>
</soapenv:Envelope>
