[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: wss4j BinarySecurityToken and Signature
From: CIZERON,_STÉPHANE <STCIZERO () bouyguestelecom ! fr>
Date: 2013-07-25 13:53:05
Message-ID: 400B50937067FA4A86BC33467CF75E470FADB11F () bt1shktp ! bt0d0000 ! w2k ! bouyguestelecom ! fr
[Download RAW message or body]
Hi,
I have a big problem with Wss4j when I updagred the version 1.5.8 to 1.6.4.
Here is the context :
In my application, I have a ws-security layer in order to send SOAP messages.
I must do 2 actions : TimeStamp and Signature
I have 3 signature parts :
· The timestamp :
· A specific soap header
· The BinarySecurityToken
In the previous version, there was a key word "Token" to add a BinarySecurtyToken \
Reference easily as below.
<ds:Reference URI="#CertId-A73A92DB43D56384C612911246718561">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>6zOxaDkBL288Y0BkMFi3TVelQPg=</ds:DigestValue>
</ds:Reference>
</ds:Reference>
<wsse:BinarySecurityToken \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" \
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
wsu:Id="CertId-A73A92DB43D56384C612911246718561">...
Nowadays, the keyword "Token" is unknown, the condition ''Token".equals(...) has been \
removed, the WSSecSignature tries to find an element Token in the document but didn't \
find it ... In this cas, the security elements are not added ... (General security \
error (WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: \
http://schemas.xmlsoap.org/soap/envelope/, Token)
If I use the STRTransform keyword, the result is different but not good. We have a \
reference to a SecurityTokenReference and not the BinarySecurityToken. The validation \
server fails (<faultstring>Signature failed to validate. Reference: \
#STR-FD1CEFEA8CA78AC72413747600704523 does not validate</faultstring>)
<ds:Reference URI="#STR-C6274A0EA1AF588B6213745943622143">
<ds:Transforms>
<ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
<wsse:TransformationParameters>
<ds:CanonicalizationMethod \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> \
</wsse:TransformationParameters> </ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>0PwY2kqEetUc0lUm+rrSCT8owsw=</ds:DigestValue>
</ds:Reference>
<ds:KeyInfo Id="KI-C6274A0EA1AF588B6213745943622082">
<wsse:SecurityTokenReference wsu:Id="STR-C6274A0EA1AF588B6213745943622143">
<wsse:Reference URI="#X509-C6274A0EA1AF588B6213745943621941"
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
/> </wsse:SecurityTokenReference>
</ds:KeyInfo>
If someone could help me, I find some cases like me but nobody found an compliant \
issue.
Best regards,
Stéphane
________________________________
L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne \
peut être tenue responsable de son contenu ni de ses pièces jointes. Toute \
utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire \
de ce message, merci de le détruire et d'avertir l'expéditeur.
The integrity of this message cannot be guaranteed on the Internet. The company that \
sent this message cannot therefore be held liable for its content nor attachments. \
Any unauthorized use or dissemination is prohibited. If you are not the intended \
recipient of this message, then please delete it and notify the sender.
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style>
<!--
@font-face
{font-family:Wingdings}
@font-face
{font-family:Wingdings}
@font-face
{font-family:Calibri}
@font-face
{font-family:Consolas}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:70.85pt 70.85pt 70.85pt 70.85pt}
div.WordSection1
{}
ol
{margin-bottom:0cm}
ul
{margin-bottom:0cm}
-->
</style>
</head>
<body lang="FR" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi,</span></p>
<p class="MsoNormal"><span lang="EN-US">I have a big problem with Wss4j when I \
updagred the version 1.5.8 to 1.6.4.</span></p> <p class="MsoNormal"><span \
lang="EN-US">Here is the context : </span></p> <p class="MsoNormal"><span \
lang="EN-US">In my application, I have a ws-security layer in order to send SOAP \
messages.</span></p> <p class="MsoNormal"><span lang="EN-US">I must do 2 actions : \
TimeStamp and Signature</span></p> <p class="MsoNormal"><span lang="EN-US">I have 3 \
signature parts :</span></p> <p class="MsoListParagraph" \
style="text-indent:-18.0pt"><span lang="EN-US" style="font-family:Symbol"><span \
style="">·<span style="font:7.0pt "Times New \
Roman""> \
</span></span></span><span lang="EN-US">The timestamp : </span></p> <p \
class="MsoListParagraph" style="text-indent:-18.0pt"><span lang="EN-US" \
style="font-family:Symbol"><span style="">·<span style="font:7.0pt "Times New \
Roman""> \
</span></span></span><span lang="EN-US">A specific soap header</span></p> <p \
class="MsoListParagraph" style="text-indent:-18.0pt"><span lang="EN-US" \
style="font-family:Symbol"><span style="">·<span style="font:7.0pt "Times New \
Roman""> \
</span></span></span><span lang="EN-US">The BinarySecurityToken</span></p> <p \
class="MsoNormal"><span lang="EN-US"> </span></p> <p class="MsoNormal"><span \
lang="EN-US">In the previous version, there was a key word “Token” to add \
a BinarySecurtyToken Reference easily as below.</span></p> <p class="MsoNormal"><span \
lang="EN-US"> </span></p> <p class="MsoNormal" style="text-autospace:none"><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas"><ds:Reference URI<span \
style="background:yellow">="#CertId-A73A92DB43D56384C612911246718561</span>"></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"> \
<ds:Transforms></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> <ds:Transform \
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></span></p> <p \
class="MsoNormal" style="text-autospace:none"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"> \
</ds:Transforms></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> <ds:DigestMethod \
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /></span></p> <p \
class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt; \
font-family:Consolas"> \
<ds:DigestValue>6zOxaDkBL288Y0BkMFi3TVelQPg=</ds:DigestValue></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:Consolas"> \
</ds:Reference></span></p> <p class="MsoNormal"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"></ds:Reference></span></p> <p \
class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> </span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"><wsse:BinarySecurityToken \
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
wsu:Id="<span style="background:yellow">CertId-A73A92DB43D56384C612911246718561</span>">…</span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"> </span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US">Nowadays, the keyword \
“Token” is unknown, the condition \
‘’Token”.equals(…) has been removed, the WSSecSignature tries \
to find an element Token in the document but didn’t find it …</span></p> \
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US">In this cas, the \
security elements are not added … (</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:black">General security error \
(WSEncryptBody/WSSignEnvelope: Element to encrypt/sign not found: \
http://schemas.xmlsoap.org/soap/envelope/, Token)</span><span \
lang="EN-US"></span></p> <p class="MsoNormal" style="text-autospace:none"><span \
lang="EN-US"> </span></p> <p class="MsoNormal" style="text-autospace:none"><span \
lang="EN-US">If I use the <b> STRTransform</b> keyword, the result is different but \
not good. We have a reference to a SecurityTokenReference and not the \
BinarySecurityToken.</span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US">The validation server fails \
(</span><span lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:black"><faultstring>Signature failed to validate. Reference: \
#STR-FD1CEFEA8CA78AC72413747600704523 does not \
validate</faultstring>)</span><span lang="EN-US"></span></p> <p \
class="MsoNormal" style="text-autospace:none"><span lang="EN-US"> </span></p> <p \
class="MsoNormal" style="text-autospace:none"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:teal"><</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; color:#3F7F7F; \
background:silver">ds:Reference</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> <span style="color:#7F007F; background:yellow">URI</span><span \
style="color:black; background:yellow">=</span><i><span style="color:#2A00FF; \
background:yellow">"#STR-C6274A0EA1AF588B6213745943622143"</span></i><span \
style="color:teal; background:yellow">></span></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal"> <</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:Transforms</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:black"> </span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:teal"><</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:Transform </span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:#7F007F">Algorithm</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:black">=</span><i><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:#2A00FF">"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"</span></i><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:teal">></span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:black"> </span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F"><wsse:TransformationParameters</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:teal">></span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas"></span></p> <p \
class="MsoNormal" style="text-autospace:none"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; \
color:teal"> <</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:CanonicalizationMethod </span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:#7F007F">Algorithm</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:black">=</span><i><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; \
color:#2A00FF">"http://www.w3.org/2001/10/xml-exc-c14n#"</span></i><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas"> <span \
style="color:teal">/></span></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:black"> </span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:teal"></</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:#3F7F7F">wsse:TransformationParameters</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:teal">></span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:black"> </span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:teal"></</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:Transform</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:black"> </span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:teal"></</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:Transforms</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal"> <</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:DigestMethod</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> <span style="color:#7F007F">Algorithm</span><span \
style="color:black">=</span><i><span \
style="color:#2A00FF">"http://www.w3.org/2000/09/xmldsig#sha1"</span></i> \
<span style="color:teal">/></span></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal"> <</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:DigestValue</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; \
color:black">0PwY2kqEetUc0lUm+rrSCT8owsw=</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:teal"></</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">ds:DigestValue</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-size:10.0pt; font-family:Consolas; \
color:teal"></</span><span style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F; background:silver">ds:Reference</span><span style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-size:10.0pt; font-family:Consolas; \
color:teal"> </span></p> <p class="MsoNormal" style="text-autospace:none"><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas; \
color:teal"><</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:#3F7F7F; background:silver">ds:KeyInfo</span><span \
lang="EN-US" style="font-size:10.0pt; font-family:Consolas"> <span \
style="color:#7F007F">Id</span><span style="color:black">=</span><i><span \
style="color:#2A00FF">"KI-C6274A0EA1AF588B6213745943622082"</span></i><span \
style="color:teal">></span></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:#3F7F7F"> \
<wsse:SecurityTokenReference</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> <span style="color:#7F007F">wsu:Id</span><span \
style="color:black">=</span><i><span style="color:#2A00FF">"<span \
style="background:yellow">STR-C6274A0EA1AF588B6213745943622143</span>"</span></i><span \
style="color:teal">></span></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal"> <</span><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">wsse:Reference</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> <span style="color:#7F007F">URI</span><span \
style="color:black">=</span><i><span \
style="color:#2A00FF">"#X509-C6274A0EA1AF588B6213745943621941"</span></i></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas"> \
v<span style="color:#7F007F">alueType</span><span \
style="color:black">=</span><i><span \
style="color:#2A00FF">"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"</span></i>
<span style="color:teal">/></span></span></p>
<p class="MsoNormal" style="text-autospace:none"><span lang="EN-US" \
style="font-size:10.0pt; font-family:Consolas; color:black"> </span><span \
style="font-size:10.0pt; font-family:Consolas; color:teal"></</span><span \
style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F">wsse:SecurityTokenReference</span><span style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span><span style="font-size:10.0pt; \
font-family:Consolas"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-size:10.0pt; font-family:Consolas; \
color:teal"></</span><span style="font-size:10.0pt; font-family:Consolas; \
color:#3F7F7F; background:silver">ds:KeyInfo</span><span style="font-size:10.0pt; \
font-family:Consolas; color:teal">></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span style="font-size:10.0pt; font-family:Consolas; \
color:teal"> </span></p> <p class="MsoNormal" style="text-autospace:none"><span \
style="font-size:10.0pt; font-family:Consolas; color:teal"> </span></p> <p \
class="MsoNormal" style="text-autospace:none"><span lang="EN-US">If someone could \
help me, I find some cases like me but nobody found an compliant issue.</span></p> <p \
class="MsoNormal" style="text-autospace:none"><span lang="EN-US"> </span></p> <p \
class="MsoNormal" style="text-autospace:none"><span lang="EN-US">Best \
regards,</span></p> <p class="MsoNormal" style="text-autospace:none"><span \
lang="EN-US">Stéphane</span><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal"></span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal"> </span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas; color:teal"> </span></p> <p class="MsoNormal" \
style="text-autospace:none"><span lang="EN-US" style="font-size:10.0pt; \
font-family:Consolas"> </span></p> </div>
<br>
<hr>
<font face="Arial" color="Gray" size="1"><br>
L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne \
peut être tenue responsable de son contenu ni de ses pièces jointes. Toute \
utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire \
de ce message, merci de le détruire et d'avertir l'expéditeur.<br>
<br>
The integrity of this message cannot be guaranteed on the Internet. The company that \
sent this message cannot therefore be held liable for its content nor attachments. \
Any unauthorized use or dissemination is prohibited. If you are not the intended \
recipient of this message, then please delete it and notify the sender.<br>
</font>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic