[WSS-457] Incorrect validation of ProtectTokens assertion - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.0.0
Component/s: None
Labels:
None

Description

The streaming code doesn't validate the ProtectTokens assertion properly in the case of a SymmetricBinding. The scenario is that the Signature should reference (sign) the EncryptedKey, and also reference it in the signing KeyInfo. However, the streaming code complains with:

Original Exception was org.apache.wss4j.policy.stax.PolicyViolationException: Token /

{http://schemas.xmlsoap.org/soap/envelope/}

Envelope/

{http://schemas.xmlsoap.org/soap/envelope/}

Header/

{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}

Security/

{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}

BinarySecurityToken must be signed by its signature.

However, the BinarySecurityToken in question is the certificate used to encrypt the symmetric key, and not the signing credential.

Attachments

Activity

People

Assignee:: Marc Giger

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Jun/13 15:22

Updated:: 06/May/14 09:10

Resolved:: 10/Jul/13 10:24