[prev in list] [next in list] [prev in thread] [next in thread]
List: jaxme-dev
Subject: BST signature problem
From: CIZERON,_STÉPHANE <STCIZERO () bouyguestelecom ! fr>
Date: 2013-07-25 14:44:38
Message-ID: 400B50937067FA4A86BC33467CF75E470FADB1B8 () bt1shktp ! bt0d0000 ! w2k ! bouyguestelecom ! fr
[Download RAW message or body]
Hi,
Since 1.6.x, it's impossible to sing BST with the key word Token.
When we use the STRTransform keyword, the signed element is not the BST bu=
t a SecurityTokenReference.
When we declare signatureParts, we can use :
{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secex=
t-1.0.xsd}BinarySecurityToken
The fwk doesn't find the element in the DOM because in SignatureAction.java=
, the BST is append at the end.
I modify SignatureAction.java for testing and put wsSign.prependBSTElementT=
oHeader(reqData.getSecHeader()); at line 70
, just after wsSign.prepare(doc, reqData.getSigCrypto(), reqData.getSecHead=
er());
and it works, the BST is found and the signed element is the BST and not th=
e SecurityTokenReference.
Could tell me if it's a valid workaround ? And if a new release can contai=
ns this update ?
wsSign.prependBSTElementToHeader(reqData.getSecHeader());
Best regards
St=E9phane
________________________________
L'int=E9grit=E9 de ce message n'=E9tant pas assur=E9e sur internet, la soci=
=E9t=E9 exp=E9ditrice ne peut =EAtre tenue responsable de son contenu ni de=
ses pi=E8ces jointes. Toute utilisation ou diffusion non autoris=E9e est i=
nterdite. Si vous n'=EAtes pas destinataire de ce message, merci de le d=E9=
truire et d'avertir l'exp=E9diteur.
The integrity of this message cannot be guaranteed on the Internet. The com=
pany that sent this message cannot therefore be held liable for its content=
nor attachments. Any unauthorized use or dissemination is prohibited. If y=
ou are not the intended recipient of this message, then please delete it an=
d notify the sender.
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style>
<!--
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:70.85pt 70.85pt 70.85pt 70.85pt}
div.WordSection1
{}
-->
</style>
</head>
<body lang="FR" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi,</span></p>
<p class="MsoNormal"><span lang="EN-US">Since 1.6.x, it’s impossible to sing \
BST with the key word Token.</span></p> <p class="MsoNormal"><span lang="EN-US">When \
we use the STRTransform keyword, the signed element is not the BST but a \
SecurityTokenReference.</span></p> <p class="MsoNormal"><span \
lang="EN-US"> </span></p> <p class="MsoNormal"><span lang="EN-US">When we \
declare signatureParts, we can use : </span></p>
<p class="MsoNormal"><span \
lang="EN-US">{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}BinarySecurityToken</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">The fwk doesn’t find the element in the \
DOM because in SignatureAction.java, the BST is append at the end.</span></p> <p \
class="MsoNormal"><span lang="EN-US">I modify SignatureAction.java for testing and \
put wsSign.prependBSTElementToHeader(reqData.getSecHeader()); at line 70</span></p> \
<p class="MsoNormal"><span lang="EN-US">, just after wsSign.prepare(doc, \
reqData.getSigCrypto(), reqData.getSecHeader());</span></p> <p \
class="MsoNormal"><span lang="EN-US">and it works, the BST is found and the signed \
element is the BST and not the SecurityTokenReference.</span></p> <p \
class="MsoNormal"><span lang="EN-US"> </span></p> <p class="MsoNormal"><span \
lang="EN-US">Could tell me if it’s a valid workaround ? And if a new \
release can contains this update ?</span></p> <p class="MsoNormal"><span \
lang="EN-US">wsSign.prependBSTElementToHeader(reqData.getSecHeader());</span></p> <p \
class="MsoNormal"><span lang="EN-US"> </span></p> <p class="MsoNormal"><span \
lang="EN-US">Best regards</span></p> <p class="MsoNormal"><span \
lang="EN-US">Stéphane</span></p> </div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne \
peut être tenue responsable de son contenu ni de ses pièces jointes. Toute \
utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire \
de ce message, merci de le détruire et d'avertir l'expéditeur.<br>
<br>
The integrity of this message cannot be guaranteed on the Internet. The company that \
sent this message cannot therefore be held liable for its content nor attachments. \
Any unauthorized use or dissemination is prohibited. If you are not the intended \
recipient of this message, then please delete it and notify the sender.<br>
</font>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic