'[jira] [Commented] (WSS-456) Not possible to support SymmetricBinding ProtectTokens policy'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webservices-general
Subject:    [jira] [Commented] (WSS-456) Not possible to support SymmetricBinding ProtectTokens policy
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2018-08-31 11:55:00
Message-ID: JIRA.12654907.1372243486000.203057.1535716500056 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/WSS-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16598640#comment-16598640 \
] 

Colm O hEigeartaigh commented on WSS-456:
-----------------------------------------

ProtectTokens + SymmericBinding is actually supported for the DOM code, but not the \
StAX code. Do you specifically need it for the StAX code?

You can reproduce the error by removing the if statement in this piece of test-code \
in CXF:

[https://github.com/apache/cxf/blob/ce2fcd19c63b7f666b778d482c5aa40e0e0c1828/systests/ \
ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java#L962]

The error that results is "org.apache.xml.security.exceptions.XMLSecurityException: \
Part to sign not found: \{http://www.w3.org/2001/04/xmlenc#}EncryptedKey". The \
problem is that as we have "sign before encrypting", the EncryptedKey is not yet \
available to the Signature when we are trying to sign the EncryptedKey. It might be \
possible to get it working with some hacking, but it would probably be quite tricky.

  

> Not possible to support SymmetricBinding ProtectTokens policy
> -------------------------------------------------------------
> 
> Key: WSS-456
> URL: https://issues.apache.org/jira/browse/WSS-456
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Priority: Major
> 
> It is not possible currently to support the SymmetricBinding ProtectTokens policy. \
> In this scenario, the Signature KeyInfo references an EncryptedKey Element, and \
> also signs the EncryptedKey Element.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic