[prev in list] [next in list] [prev in thread] [next in thread]
List: rampart-dev
Subject: RE: Question about digital signature reference
From: "Sanpet Tumvised" <sanpet.tum () bbl ! co ! th>
Date: 2007-11-22 1:37:33
Message-ID: B4588E6B0B90F94C855CD3EC460A992E31A82757 () oahqexmb01 ! oa ! bbl
[Download RAW message or body]
ผมเห็นใน http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/
เขา commit code ไปเ อะเล อะครับ ไม่แน่ว่าอาจจะเกี่ วกับของเราหรือป่าวนะครับ
-----Original Message-----
From: Taweewat Luangwiriya [mailto:taweewat.lu@sipa.or.th]
Sent: Monday, November 19, 2007 4:53 PM
To: rampart-dev; nandana
Cc: Sirikul Rodjanapanyanon; Sanpet Tumvised; twl
Subject: Question about digital signature reference
Hi dev,
I have some question about digital signature reference. I use rampart for generating \
soap message with SymmetricBinding policy, they generate the soap message as below \
and when microsoft's wse3.0 receive this message. It return this error back to my \
console.
"WSE502: The target element referenced by the following id can not be found in the \
message: Id-11985823. Make sure that the element is present at the time when the \
signing or encryption operation is performed."
Notice wse3.0 tell that the Id-11985823 can not be found but in my soap message it \
clearly present in signature token.
What does i can do for this problem?
thank you for your kindness.
twl
----------------------------------------------------------------------------------
Here is my SOAP message
<?xml version='1.0' encoding='UTF-8'?>
<soapenv:Envelope xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" \
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" \
xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Header>
<wsse:Security \
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
soapenv:mustUnderstand="true">
<wsu:Timestamp \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="Timestamp-6166426"> <wsu:Created>2007-11-19T09:16:23.065Z</wsu:Created>
<wsu:Expires>2007-11-22T20:36:23.065Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey \
Id="EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012">
<xenc:EncryptionMethod \
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <ds:KeyInfo \
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference>
<wsse:KeyIdentifier \
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" \
ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">Xi3VZkuCbzgfoFI2Qr1Gkz6haf4=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>oyFtUYbPYy8JlYCCsmP/n6VYzotMk14bF3pvFVIQ0ibqmveh5V \
0HPsfBjit4Zg9FY9FMN0lx0iy9KpnDDMWXW+iapcFTfl81XXP5eDU5tpc8iMuedWNlISSVkHf0NnYIUyQ7pw9JiqYAA4XSslcHBaPrXW/vzKofpwnD0PRImUE=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="derivedKeyId-1114115"> <wsse:SecurityTokenReference>
<wsse:Reference \
URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> \
</wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset>
<wsc:Length>16</wsc:Length>
<wsc:Nonce>2VbeA7yLrv/sgvPmqV9JDw==</wsc:Nonce>
</wsc:DerivedKeyToken>
<xenc:ReferenceList />
<wsse:BinarySecurityToken \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" \
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
wsu:Id="CertId-7979854">MIID2DCCAsCgAwIBAgIKKJGEBAAAAAAAIDANBgkqhkiG9w0BAQUFADASMRAwDg \
YDVQQDEwdJQkRldkNBMB4XDTA3MDYyNzA1MTUxM1oXDTA4MDYyNzA1MjUxM1owFzEVMBMGA1UEAxMMU0lQQUNs \
aWVudC0xMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/xUrOHpHEooNR74V+H0cy4RM/PIzNG0DYpO+69s \
oo94ABE0BcLtu4QxEPkZ9D3hExgN0DOIyPg3p7T8wYBK/ypGcUp/e3ZBg2s1E4DKQt6ZygS9+p/o/ueNQkSbBv \
SYKXm+o8dyXBqourBVE8nMAtqqXebMCsWpTxhktBPdAXXQIDAQABo4IBrTCCAakwDgYDVR0PAQH/BAQDAgTwME \
QGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG \
9w0DBzAdBgNVHQ4EFgQUi+nAwmxOh3dWDVys8K32ET9NE+EwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBB \
gwFoAUQwA/Ut9S4xeFQ3GtSJKwH0yOjNUwZQYDVR0fBF4wXDBaoFigVoYoaHR0cDovL2liLWRldi1zcnYvQ2Vy \
dEVucm9sbC9JQkRldkNBLmNybIYqZmlsZTovL1xcSUItREVWLVNSVlxDZXJ0RW5yb2xsXElCRGV2Q0EuY3JsMI \
GUBggrBgEFBQcBAQSBhzCBhDA/BggrBgEFBQcwAoYzaHR0cDovL2liLWRldi1zcnYvQ2VydEVucm9sbC9JQi1E \
RVYtU1JWX0lCRGV2Q0EuY3J0MEEGCCsGAQUFBzAChjVmaWxlOi8vXFxJQi1ERVYtU1JWXENlcnRFbnJvbGxcSU \
ItREVWLVNSVl9JQkRldkNBLmNydDANBgkqhkiG9w0BAQUFAAOCAQEAJ0IaQT0K3piyZJWTjWRR6h6ZkEyQLQjd \
MJJlUSmjPKPTQ/JSgv3py86LhaU0bP//IYEN8kvqejVOtxZf5+kV1tGr/o3jay7bRt/gFcLJHLlj3iAfWmFRVP \
2umtaS5P5uLzD13pOfJCkdWEKms2ZJt/0iERkFDTb3jYPuibMD7nPkS77XovCFbmOcRJYT2N0zGrCa7WSbopbF \
X4OPZxski/A4M06OpYAlF7v38lrpjWqc/qfAQ2aJXYseJGmzDDd0jOxLWLHtlu9YNKyuesZxKkJqVvyGBO9jSM \
hT14cwa5XJOuXY6LQMDXIyipFh17TfsK7akre9avyvuEHLWPD9LQ==</wsse:BinarySecurityToken> \
<wsc:DerivedKeyToken xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc" \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="derivedKeyId-4999541"> <wsse:SecurityTokenReference>
<wsse:Reference \
URI="#EncKeyId-urn:uuid:CFF32D377A126ACAC111954637874012" /> \
</wsse:SecurityTokenReference> <wsc:Offset>0</wsc:Offset>
<f9cwsc:Length>32</wsc:Length>
<wsc:Nonce>BY2ND6tlnxKYHDS8+PcHmg==</wsc:Nonce>
</wsc:DerivedKeyToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
Id="Signature-25352765" wsu:Id="Id-11985823"> <ds:SignedInfo>
<ds:CanonicalizationMethod \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <ds:Reference \
URI="#Id-19583390"> <ds:Transforms>
<ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/1/0RJJno+Qcl8s4wcJ84PwKwgk=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Id-2628939">
<ds:Transforms>
<ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>doL49U3f+krfxWP+jsUbi6wmL+c=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Id-26956311">
<ds:Transforms>
<ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>eqbsLithYKIgP758VrdLDGr8/eg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Id-2780950">
<ds:Transforms>
<ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>N8p2mRNQ+/lTBaufxEzPZnuhZdI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Id-31658378">
<ds:Transforms>
<ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>o6SwMiCtAUqORLDGMXjpg4GUceg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-6166426">
<ds:Transforms>
<ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>P/8AowVuRGNVfKNIFkkVLaTyiD0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>A6wlWm9jFyQeammvxQodK5VNh+s=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-29751107">
<wsse:SecurityTokenReference wsu:Id="STRId-32278793">
<wsse:Reference URI="#derivedKeyId-4999541" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" \
Id="Signature-14525019"> <ds:SignedInfo>
<ds:CanonicalizationMethod \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference \
URI="#Id-11985823"> <ds:Transforms>
<ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms>
<ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>/K8QdsCye7TKDDBPRBE1libbLAw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ZDLdiHZ7WMVMyzaLZSKO30LdRokkwOSUnKgIu1whpDQdeLIHxUDb \
6lgm98BU4IE3Uo87z0r75ZDoEjIMAg3er2dCs3m8XYddywTaH3Nq91G94CoOotQT2EWEuMRig1QNyPShmzxjViB8FwM5HtpKUuDVU+bG9yh7lz/LnLX9pVY=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-16471729">
<wsse:SecurityTokenReference \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="STRId-16291471">
<wsse:Reference URI="#CertId-7979854" \
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
/> </wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:To xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="Id-19583390">http://192.168.99.177:8888/wsewebservice/service.asmx</wsa:To>
<wsa:ReplyTo \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="Id-2628939">
<wsa:Address>http://schemas.xmlsoap.org/ws/273c004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:MessageID \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="Id-26956311">urn:uuid:F20F7B0D983382431C1195463783058</wsa:MessageID> \
<wsa:Action xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="Id-2780950">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</wsa:Action> \
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
wsu:Id="Id-31658378">
<wst:RequestSecurityToken \
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference \
xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsa:Address>http://192.168.99.177:8888/wsewebservice/service.asmx</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:Lifetime>
<wsu:Created>2007-11-19T09:16:22.784Z</wsu:Created>
<wsu:Expires>2007-11-19T09:21:22.784Z</wsu:Expires>
</wst:Lifetime>
<wst:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</wst:TokenType>
<wst:Entropy>
<wst:BinarySecret \
Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">O0ChTFwz/rifmkfPAD4OfTw8pIqLb \
4oYrhdwIPlZXqLT2sirVLb9Fx2EbOq1wbI+gidDoB1VxLjGnFckUYBM0qqC5YLw0q7wlyqiSi1McLVMA9bnx1g \
njrASHA/6PCAeAmb9zLnzfyC7TVFq0NVxjzeYAjAhR/ATjxw+O5BDV0M0P7hdZ1opuKJR65+uzpG4S/LHDkeCD \
M0ur4+9MdiSmu/iAgGbpFqIHuEZ4gwjADuEIGUub6aFssqErRBeMx0al1KEUDYs3/ub1Eg/TDesWb/tqrtCY+IQs3DCWvdZGZ5x+a7DT7shwMwzEJ9QrRE71N/Y/GkeuhQ/je1iqNSVcQ==</wst:BinarySecret>
</wst:Entropy>
<wst:ComputedKeyAlgorithm>http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1</wst:ComputedKeyAlgorithm>
</wst:RequestSecurityToken>
</soapenv:Body>
</soapenv:Envelope>
--------------------------------------------------------------------------------------
Here is my Policy
<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken \
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireDerivedKeys/>
<sp:RequireKeyIdentifierReference/>
<sp:WssX509V3Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EndorsingSupportingTokens>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintRefderence/>
<sp:WssX509V3Token11/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefEncryptedKey/>
<sp:RequireSignatureConfirmation/>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
Confidentiality and Disclaimer :This e-mail and any attachments hereto (the E-mail) \
may contain information which is confidential and/or proprietary and transmitted for \
the sole use of the recipient(s) named above and for the intended purpose only. If \
you are not the intended recipient of the E-mail, you are hereby notified that any \
review, copy, retransmission, distribution, or use of the E-mail in any manner for \
any purpose is strictly prohibited and please notify the sender, delete the original \
of the E-mail and destroy all copies immediately. Bangkok Bank accepts no \
responsibility for any mis-transmission or virus contamination of, or interference \
with, the E-mail, or for any loss or damage that may be incurred as a result of the \
use of any information contained in the E-mail.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic