Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.6.11
Description
In the 1.5.x versions, when we wanted to sign the BST, we used a special keyword 'Token' and the signed element was the BST.
In 1.6.x, the Token keyword doesn' t exist anymore, When the Token is used, a general security error is raised (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: http://schemas.xmlsoap.org/soap/envelope/, Token).
If we use STRTransform, the validation fails because the signed element is the SecurityTokenReference and not the BST.
if we use {}
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken as WSEncryptionPart, we have the same general error => element not found. I check the SingatureAction.java, the BST is appended at the end whereas if it was appened just after the prepare method (line 70), the last issue is OK.
I tested it and it works, the validation BST signature is OK.
wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHeader());
wsSign.prependBSTElementToHeader(reqData.getSecHeader());
Could you tell me first if it's a correct workaround?
And in the second time, if the correction could be packaged in the 1.6.12 quickly ?
Best regards
Stéphane
