Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.1, 1.2, 1.3
-
None
-
Linux/JDK 1.5
Description
Right now, only signing of SOAP headers seems to work. EncryptionOnly, SignBeforeEncrypting and EncryptBeforeSiging are all broken. Basically, the issue seems to be that, when encrypting a header, Rampart ends up replacing the entire header with the <EncryptedData> element. As per my understanding (which could be wrong!), only the "content" of the header should be replaced by <EncryptedData>, going by this:
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#EncryptedHeaders
Here is the policy I used:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2005/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:EncryptBeforeSigning />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Header Name="Header1" Namespace="http://www.foo.com" />
<sp:Header Name="Header2" Namespace="http://www.foo.com" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Header Name="Header1" Namespace="http://www.foo.com" />
<sp:Header Name="Header2" Namespace="http://www.foo.com" />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>