'BST signature problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jaxme-dev
Subject:    BST signature problem
From:       CIZERON,_STÉPHANE <STCIZERO () bouyguestelecom ! fr>
Date:       2013-07-25 14:44:38
Message-ID: 400B50937067FA4A86BC33467CF75E470FADB1B8 () bt1shktp ! bt0d0000 ! w2k ! bouyguestelecom ! fr
[Download RAW message or body]

Hi,
Since 1.6.x, it's impossible to sing BST with the key word Token.
When we use  the STRTransform keyword, the signed element is not the BST bu=
t a SecurityTokenReference.

When we declare signatureParts, we can use :
{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex=
t-1.0.xsd}BinarySecurityToken

The fwk doesn't find the element in the DOM because in SignatureAction.java=
, the BST is append at the end.
I modify SignatureAction.java for testing and put wsSign.prependBSTElementT=
oHeader(reqData.getSecHeader()); at line 70
, just after wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHead=
er());
and it works, the BST is found and the signed element is the BST and not th=
e SecurityTokenReference.

Could tell me if it's  a valid workaround ? And if a new release can contai=
ns this update ?
wsSign.prependBSTElementToHeader(reqData.getSecHeader());

Best regards
St=E9phane

________________________________

L'int=E9grit=E9 de ce message n'=E9tant pas assur=E9e sur internet, la soci=
=E9t=E9 exp=E9ditrice ne peut =EAtre tenue responsable de son contenu ni de=
 ses pi=E8ces jointes. Toute utilisation ou diffusion non autoris=E9e est i=
nterdite. Si vous n'=EAtes pas destinataire de ce message, merci de le d=E9=
truire et d'avertir l'exp=E9diteur.

The integrity of this message cannot be guaranteed on the Internet. The com=
pany that sent this message cannot therefore be held liable for its content=
 nor attachments. Any unauthorized use or dissemination is prohibited. If y=
ou are not the intended recipient of this message, then please delete it an=
d notify the sender.

[Attachment #3 (text/html)]

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style>
<!--
@font-face
	{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline}
span.EmailStyle17
	{font-family:"Calibri","sans-serif";
	color:windowtext}
.MsoChpDefault
	{font-family:"Calibri","sans-serif"}
@page WordSection1
	{margin:70.85pt 70.85pt 70.85pt 70.85pt}
div.WordSection1
	{}
-->
</style>
</head>
<body lang="FR" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi,</span></p>
<p class="MsoNormal"><span lang="EN-US">Since 1.6.x, it&#8217;s impossible to sing \
BST with the key word Token.</span></p> <p class="MsoNormal"><span lang="EN-US">When \
we use&nbsp; the STRTransform keyword, the signed element is not the BST but a \
SecurityTokenReference.</span></p> <p class="MsoNormal"><span \
lang="EN-US">&nbsp;</span></p> <p class="MsoNormal"><span lang="EN-US">When we \
declare signatureParts, we can use : </span></p>
<p class="MsoNormal"><span \
lang="EN-US">{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken</span></p>
 <p class="MsoNormal"><span lang="EN-US">&nbsp;</span></p>
<p class="MsoNormal"><span lang="EN-US">The fwk doesn&#8217;t find the element in the \
DOM because in SignatureAction.java, the BST is append at the end.</span></p> <p \
class="MsoNormal"><span lang="EN-US">I modify SignatureAction.java for testing and \
put wsSign.prependBSTElementToHeader(reqData.getSecHeader()); at line 70</span></p> \
<p class="MsoNormal"><span lang="EN-US">, just after wsSign.prepare(doc, \
reqData.getSigCrypto(), reqData.getSecHeader());</span></p> <p \
class="MsoNormal"><span lang="EN-US">and it works, the BST is found and the signed \
element is the BST and not the SecurityTokenReference.</span></p> <p \
class="MsoNormal"><span lang="EN-US">&nbsp;</span></p> <p class="MsoNormal"><span \
lang="EN-US">Could tell me if it&#8217;s &nbsp;a valid workaround ? And if a new \
release can contains this update ?</span></p> <p class="MsoNormal"><span \
lang="EN-US">wsSign.prependBSTElementToHeader(reqData.getSecHeader());</span></p> <p \
class="MsoNormal"><span lang="EN-US">&nbsp;</span></p> <p class="MsoNormal"><span \
lang="EN-US">Best regards</span></p> <p class="MsoNormal"><span \
lang="EN-US">Stéphane</span></p> </div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne \
peut être tenue responsable de son contenu ni de ses pièces jointes. Toute \
utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire \
de ce message,  merci de le détruire et d'avertir l'expéditeur.<br>
<br>
The integrity of this message cannot be guaranteed on the Internet. The company that \
sent this message cannot therefore be held liable for its content nor attachments. \
Any unauthorized use or dissemination is prohibited. If you are not the intended \
recipient  of this message, then please delete it and notify the sender.<br>
</font>
</body>
</html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic