[prev in list] [next in list] [prev in thread] [next in thread]
List: webservices-general
Subject: [jira] [Commented] (WSS-456) Not possible to support SymmetricBinding ProtectTokens policy
From: "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date: 2018-08-31 11:55:00
Message-ID: JIRA.12654907.1372243486000.203057.1535716500056 () Atlassian ! JIRA
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16598640#comment-16598640 \
]
Colm O hEigeartaigh commented on WSS-456:
-----------------------------------------
ProtectTokens + SymmericBinding is actually supported for the DOM code, but not the \
StAX code. Do you specifically need it for the StAX code?
You can reproduce the error by removing the if statement in this piece of test-code \
in CXF:
[https://github.com/apache/cxf/blob/ce2fcd19c63b7f666b778d482c5aa40e0e0c1828/systests/ \
ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java#L962]
The error that results is "org.apache.xml.security.exceptions.XMLSecurityException: \
Part to sign not found: \{http://www.w3.org/2001/04/xmlenc#}EncryptedKey". The \
problem is that as we have "sign before encrypting", the EncryptedKey is not yet \
available to the Signature when we are trying to sign the EncryptedKey. It might be \
possible to get it working with some hacking, but it would probably be quite tricky.
> Not possible to support SymmetricBinding ProtectTokens policy
> -------------------------------------------------------------
>
> Key: WSS-456
> URL: https://issues.apache.org/jira/browse/WSS-456
> Project: WSS4J
> Issue Type: Bug
> Reporter: Colm O hEigeartaigh
> Assignee: Marc Giger
> Priority: Major
>
> It is not possible currently to support the SymmetricBinding ProtectTokens policy. \
> In this scenario, the Signature KeyInfo references an EncryptedKey Element, and \
> also signs the EncryptedKey Element.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic