Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.3
-
None
Description
*Issue: Rampart doesnt support X509 certification path token type X509PKIPathv1.
*Example:
If I use following ws-policy, Rampart still generates the SOAP message with X509V3 token.
**policy:
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509PkiPathV1Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
**Security token generated:
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-1813950">MIIC...g==</wsse:BinarySecurityToken>
*Resolution:
org.apache.rampart.builder.BindingBuilder.getSignatureBuider(..) should set org.apache.ws.security.message.WSSecSignature.useSingleCert to false if token type is Constants.WSS_X509_PKI_PATH_V1_TOKEN10 or
Constants.WSS_X509_PKI_PATH_V1_TOKEN11