ws-rampart-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nandana Mihindukulasooriya (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (RAMPART-125) Encryption of SOAP Headers broken
Date Thu, 10 Jan 2008 11:44:34 GMT

     [ https://issues.apache.org/jira/browse/RAMPART-125?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Nandana Mihindukulasooriya reassigned RAMPART-125:
--------------------------------------------------

    Assignee: Nandana Mihindukulasooriya

> Encryption of SOAP Headers broken
> ---------------------------------
>
>                 Key: RAMPART-125
>                 URL: https://issues.apache.org/jira/browse/RAMPART-125
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>    Affects Versions: 1.1, 1.2, 1.3
>         Environment: Linux/JDK 1.5
>            Reporter: Harsha Venkataramu
>            Assignee: Nandana Mihindukulasooriya
>             Fix For: 1.3
>
>
> Right now, only signing of SOAP headers seems to work. EncryptionOnly, SignBeforeEncrypting
and EncryptBeforeSiging are all broken. Basically, the issue seems to be that, when encrypting
a header, Rampart ends up replacing the entire header with the <EncryptedData> element.
As per my understanding (which could be wrong!), only the "content" of the header should be
replaced by <EncryptedData>, going by this:
> http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#EncryptedHeaders
> Here is the policy I used:
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/09/policy">
>         <wsp:ExactlyOne>
>                 <wsp:All>
>                         <sp:AsymmetricBinding
>                                 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                                 <wsp:Policy>
>                                         <sp:InitiatorToken>
>                                                 <wsp:Policy>
>                                                         <sp:X509Token
>                                                                 sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
>                                                                 <wsp:Policy>
>                                                                         <sp:WssX509V3Token10
/>
>                                                                 </wsp:Policy>
>                                                         </sp:X509Token>
>                                                 </wsp:Policy>
>                                         </sp:InitiatorToken>
>                                         <sp:RecipientToken>
>                                                 <wsp:Policy>
>                                                         <sp:X509Token
>                                                                 sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
>                                                                 <wsp:Policy>
>                                                                         <sp:WssX509V3Token10
/>
>                                                                 </wsp:Policy>
>                                                         </sp:X509Token>
>                                                 </wsp:Policy>
>                                         </sp:RecipientToken>
>                                         <sp:AlgorithmSuite>
>                                                 <wsp:Policy>
>                                                         <sp:Basic256Rsa15 />
>                                                 </wsp:Policy>
>                                         </sp:AlgorithmSuite>
>                                         <sp:Layout>
>                                                 <wsp:Policy>
>                                                         <sp:Strict />
>                                                 </wsp:Policy>
>                                         </sp:Layout>
>                                         <sp:EncryptBeforeSigning />
>                                 </wsp:Policy>
>                         </sp:AsymmetricBinding>
>                         <sp:SignedParts
>                                 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                                 <sp:Header Name="Header1" Namespace="http://www.foo.com"
/>
>                                 <sp:Header Name="Header2" Namespace="http://www.foo.com"
/>
>                         </sp:SignedParts>
>                         <sp:EncryptedParts
>                                 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>                                 <sp:Header Name="Header1" Namespace="http://www.foo.com"
/>
>                                 <sp:Header Name="Header2" Namespace="http://www.foo.com"
/>
>                         </sp:EncryptedParts>
>                 </wsp:All>
>         </wsp:ExactlyOne>
> </wsp:Policy>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message