Hi,
I am yet to try to verify the soap msg you attached earlier. I have
one concern about it: the security header looks to be pretty printed.
Are you sure the message was not modified after signature?
Thanks,
Ruchith
p.s. I applied your patch to axiom ... running the axis2 tests now
with the axiom changes, will commit on success.
On 9/19/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> No luck. Now I don't get any exception (after fixing a npe) but the
> signature verification still fails.
>
> I had to apply this tiny patch to get to the stage of signature
verification
> failing. All long
> it has been exceptions!. Not sure whether the patch is the right one.Iwould
> appreciate if you could verify the xml file that I sent earlier at your
end.
> Or if you have any tools/utilities to verify a standlone xml message.
>
>
>
>
> --- org/apache/axiom/om/impl/dom/ElementImpl.java.orig 2006-09-19
09:55:
> 31.445213500 -0400
> +++ org/apache/axiom/om/impl/dom/ElementImpl.java 2006-09-19
09:32:
> 13.461364400 -0400
> @@ -361,8 +361,9 @@
>
> if (namespaceURI == OMConstants.XMLNS_NS_URI) {
> OMNamespace ns = this.findNamespaceURI(localName);
> - AttrImpl namespaceAttr = new AttrImpl(this.ownerNode,
> localName, ns
> - .getNamespaceURI(), this.factory);
> + String nsuri = ns != null ? ns.getNamespaceURI() : "";
> + AttrImpl namespaceAttr = new AttrImpl(this.ownerNode,
> localName, nsuri,
> + this.factory);
> NamespaceImpl xmlNs = new NamespaceImpl(
> OMConstants.XMLNS_NS_URI);
> namespaceAttr.setOMNamespace(xmlNs);
> return namespaceAttr;
>
>
> On 9/18/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> >
> > Hi,
> >
> > This is a Bug in DOOM. Thanks for reporting it.
> > I just fixed it in the latest svn - revision - 447543.
> >
> > Please try it out.
> >
> > Thanks,
> > Ruchith
> >
> > On 9/18/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > > I updated from subversion today( 20060918 10AM EST). The
> > > NullPointerException is gone but a new exception
> > > UnsupportedOperationException is being thrown.
> > >
> > > A basic question. Does axiom+wss4j support blank URI's? Using
> > > XPath? The xml message that fails actually uses blank URIs and XPath
to
> > > refer to the subset that is signed. Here is the stack trace.
> > >
> > > Thread [http-8888-Processor25] (Suspended (exception
> > > UnsupportedOperationException))
> > > SOAPMessageImpl(DocumentImpl).getNextSibling() line: 111
> > > XMLUtils.circumventBug2650internal(Node) line: 490
> > > XMLUtils.circumventBug2650(Document) line: 436
> > >
> > >
> >
Canonicalizer20010315ExclOmitComments(CanonicalizerBase).engineCanonicalize(XMLSignatureInput)
> > > line: 150
> > >
> > >
> >
Canonicalizer20010315ExclOmitComments(Canonicalizer20010315Excl).engineCanonicalize(XMLSignatureInput,
> > > String) line: 115
> > > TransformC14NExclusive.enginePerformTransform(XMLSignatureInput,
> > > OutputStream) line: 93
> > > Transform.performTransform(XMLSignatureInput, OutputStream)
line:
> > 340
> > >
> > > Transforms.performTransforms(XMLSignatureInput, OutputStream)
line:
> > > 237
> > > Reference.getContentsAfterTransformation(XMLSignatureInput,
> > > OutputStream) line: 433
> > > Reference.dereferenceURIandPerformTransforms(OutputStream) line:
603
> > > Reference.calculateDigest() line: 688
> > > Reference.verify() line: 736
> > > SignedInfo(Manifest).verifyReferences(boolean) line: 317
> > > SignedInfo.verify(boolean) line: 224
> > > XMLSignature.checkSignatureValue(Key) line: 590
> > > XMLSignature.checkSignatureValue(X509Certificate) line: 557
> > > SignatureProcessor.verifyXMLSignature(Element, Crypto,
> > > X509Certificate[], Set, byte[][]) line: 264
> > > SignatureProcessor.handleToken(Element, Crypto, Crypto,
> > CallbackHandler,
> > > WSDocInfo, Vector, WSSConfig) line: 79
> > > WSSecurityEngine.processSecurityHeader(Element, CallbackHandler,
> > Crypto,
> > > Crypto) line: 269
> > > WSSecurityEngine.processSecurityHeader(Document, String,
> > > CallbackHandler, Crypto, Crypto) line: 191
> > > WSDoAllReceiver.processMessage(MessageContext) line: 180
> > > WSDoAllReceiver(WSDoAllHandler).invoke(MessageContext) line: 82
> > > Phase.invoke(MessageContext) line: 381
> > > AxisEngine.invoke(MessageContext) line: 473
> > > AxisEngine.receive(MessageContext) line: 445
> > > OutInAxisOperationClient.send(MessageContext) line: 355
> > > OutInAxisOperationClient.execute(boolean) line: 279
> > > CustomerInformationServiceStub.isAliveRequest
> > (IsAliveRequestDocument)
> > > line: 317
> > > CustomerInformationClient.queryIsAlive() line: 66
> > > IsAliveRequestAction.processRequest(HttpServletRequest,
> > > HttpServletResponse) line: 42
> > >
IsAliveRequestAction(SimpleAction).executeAction(ActionConfigExt,
> > > ActionForm, HttpServletRequest, HttpServletResponse) line: 185
> > >
> > >
> >
IsAliveRequestAction(AbstractRequestAction).executeAction(ActionConfigExt,
> > > ActionForm, HttpServletRequest, HttpServletResponse) line: 162
> > > IsAliveRequestAction(SimpleAction).execute(ActionMapping,
> > ActionForm,
> > > HttpServletRequest, HttpServletResponse) line: 123
> > >
> > >
> >
RequestProcessorExt(RequestProcessor).processActionPerform(HttpServletRequest,
> > > HttpServletResponse, Action, ActionForm, ActionMapping) line: 484
> > >
RequestProcessorExt(RequestProcessor).process(HttpServletRequest,
> > > HttpServletResponse) line: 274
> > > RequestProcessorExt.process(HttpServletRequest,
HttpServletResponse)
> > > line: 126
> > > ActionServletExt(ActionServlet).process(HttpServletRequest,
> > > HttpServletResponse) line: 1482
> > > ActionServletExt.process(HttpServletRequest,
HttpServletResponse)
> > line:
> > > 111
> > > ActionServletExt(ActionServlet).doGet(HttpServletRequest,
> > > HttpServletResponse) line: 507
> > > ActionServletExt(HttpServlet).service(HttpServletRequest,
> > > HttpServletResponse) line: 697
> > > ActionServletExt(HttpServlet).service(ServletRequest,
> > ServletResponse)
> > > line: 810
> > > ApplicationFilterChain.internalDoFilter(ServletRequest,
> > ServletResponse)
> > > line: 237
> > > ApplicationFilterChain.doFilter(ServletRequest, ServletResponse)
> > line:
> > > 157
> > > StandardWrapperValve.invoke(Request, Response, ValveContext)
line:
> > > 214
> > > StandardValveContext.invokeNext(Request, Response) line: 104
> > > StandardPipeline.invoke(Request, Response) line: 520
> > > StandardContextValve.invokeInternal(Wrapper, Request, Response)
> > line:
> > > 198
> > > StandardContextValve.invoke(Request, Response, ValveContext)
line:
> > > 152
> > > StandardValveContext.invokeNext(Request, Response) line: 104
> > > StandardPipeline.invoke(Request, Response) line: 520
> > > StandardHostValve.invoke(Request, Response, ValveContext) line:
137
> > > StandardValveContext.invokeNext(Request, Response) line: 104
> > > ErrorReportValve.invoke(Request, Response, ValveContext) line:
118
> > > StandardValveContext.invokeNext(Request, Response) line: 102
> > > StandardPipeline.invoke(Request, Response) line: 520
> > > StandardEngineValve.invoke(Request, Response, ValveContext)
line:
> > 109
> > >
> > > StandardValveContext.invokeNext(Request, Response) line: 104
> > > StandardPipeline.invoke(Request, Response) line: 520
> > > StandardEngine(ContainerBase).invoke(Request, Response) line:
929
> > > CoyoteAdapter.service(Request, Response) line: 160
> > > Http11Processor.process(InputStream, OutputStream) line: 799
> > >
> >
Http11Protocol$Http11ConnectionHandler.processConnection(TcpConnection,
> > > Object[]) line: 705
> > > TcpWorkerThread.runIt(Object[]) line: 577
> > > ThreadPool$ControlRunnable.run() line: 684
> > > ThreadWithAttributes(Thread).run() line: 534
> > >
> > >
> > >
> > >
> > >
> > >
> > > On 9/18/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > > >
> > > > Hi Aravind,
> > > >
> > > > I just checked the latest axiom-dom impl code and there is a null
> > > > check in line #353 in ElementImpl. Therefore IMHO this exception
is
> > > > not possible. Are you sure you are using the latest
axiom-*-SNAPSHOT
> > > > jars?
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > On 9/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > > > > I upgraded to stax-1.0.1 and wstx-asl-3.0.0.jar as you said. And
I
> > get a
> > > > > NullPointerException. Here is the stack trace. I have also
attached
> > the
> > > > xml
> > > > > message.
> > > > > In the soap message that causes the problem,I have commented out
the
> > > > private
> > > > > information as confidential. I hope that doesn't cause a
problem
> > for
> > > > you as
> > > > > it is outside
> > > > > the signed part. The odd thing is the URI is blank and the
message
> > uses
> > > > > XPath to refer to the part that is signed. I am not sure how
good is
> > the
> > > > > support for XPath in xmlsecurity library suite.
> > > > >
> > > > > Any help will be greatly appreciated. Thanks in advance.
> > > > >
> > > > > Aravind
> > > > >
> > > > > >
> > > > >
> > > >
> >
-------------------------------------------------------------------------------------
> > > > > >
> > > > > > SOAPEnvelopeImpl(ElementImpl).getAttributeNodeNS(String,
> > > > > String) line: 353
> > > > > > XMLUtils.circumventBug2650(Document) line: 429
> > > > > >
> > > > >
> > > >
> >
Canonicalizer20010315ExclOmitComments(CanonicalizerBase).engineCanonicalize(XMLSignatureInput)
> > > > > line: 150
> > > > > >
> > > > >
> > > >
> >
Canonicalizer20010315ExclOmitComments(Canonicalizer20010315Excl).engineCanonicalize(XMLSignatureInput,
> > > > > String) line: 115
> > > > > >
> > > > > TransformC14NExclusive.enginePerformTransform(XMLSignatureInput,
> > > > > OutputStream) line: 93
> > > > > > Transform.performTransform(XMLSignatureInput, OutputStream)
line:
> > 340
> > > > > > Transforms.performTransforms(XMLSignatureInput, OutputStream)
> > line:
> > > > 237
> > > > > >
> > > > > Reference.getContentsAfterTransformation(XMLSignatureInput,
> > > > > OutputStream) line: 433
> > > > > >
> > > > > Reference.dereferenceURIandPerformTransforms(OutputStream)
> > > > > line: 603
> > > > > > Reference.calculateDigest() line: 688
> > > > > > Reference.verify() line: 736
> > > > > > SignedInfo(Manifest).verifyReferences(boolean) line: 317
> > > > >
> > > > > > SignedInfo.verify(boolean) line: 224
> > > > > > XMLSignature.checkSignatureValue(Key) line: 590
> > > > > > XMLSignature.checkSignatureValue(X509Certificate) line:
> > > > > 557
> > > > > > SignatureProcessor.verifyXMLSignature(Element, Crypto,
> > > > > X509Certificate[], Set, byte[][]) line: 264
> > > > > > SignatureProcessor.handleToken(Element, Crypto, Crypto,
> > > > CallbackHandler,
> > > > > WSDocInfo, Vector, WSSConfig) line: 79
> > > > > > WSSecurityEngine.processSecurityHeader(Element,
> > > > > CallbackHandler, Crypto, Crypto) line: 269
> > > > > > WSSecurityEngine.processSecurityHeader(Document, String,
> > > > > CallbackHandler, Crypto, Crypto) line: 191
> > > > > > WSDoAllReceiver.processMessage(MessageContext) line: 180
> > > > > > WSDoAllReceiver(WSDoAllHandler).invoke(MessageContext)
> > > > > line: 82
> > > > > > Phase.invoke(MessageContext) line: 381
> > > > > > AxisEngine.invoke(MessageContext) line: 473
> > > > > > AxisEngine.receive(MessageContext) line: 445
> > > > > > OutInAxisOperationClient.send(MessageContext) line: 355
> > > > > > OutInAxisOperationClient.execute (boolean) line: 279
> > > > > >
> > > > >
> > > >
> >
-------------------------------------------------------------------------
> > > > >
> > > > >
> > > > >
> > > > > On 9/13/06, Ruchith Fernando < [EMAIL PROTECTED]>
wrote:
> > > > > > Yes !
> > > > > >
> > > > > > You have to use stax-1.0.1. Please replace your stax-api jar
with
> > this
> > > > > > [1] and woodstox (wstx-asl-*.jar) with this [2].
> > > > > >
> > > > > > Thanks,
> > > > > > Ruchith
> > > > > >
> > > > > > [1]
> > > > > http://www.ibiblio.org/maven/stax/jars/stax-api-1.0.1.jar
> > > > > > [2]
> > > > > http://www.ibiblio.org/maven/woodstox/jars/wstx-asl-3.0.0.jar
> > > > > >
> > > > > > On 9/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
wrote:
> > > > > > > Hi,
> > > > > > >
> > > > > > > Do I need to upgrade any other libraries? When I used the
the
> > latest
> > > > > > > snapshot I get this error in my application. I have pasted
only
> > > > > > > the relevant portion of the stack trace as the other parts
are
> > > > > > > confidential.
> > > > > > >
> > > > > > > thanks
> > > > > > >
> > > > > > > Aravind
> > > > > > >
> > > > > > > Error is
> > > > > > >
> > > > > > > java.lang.NoSuchMethodError:
> > > > > > > javax.xml.stream.XMLOutputFactory.newInstance
> > > > >
> > > >
> >
(Ljava/lang/String;Ljava/lang/ClassLoader;)Ljavax/xml/stream/XMLOutputFactory;
> > > > > > > at
> > > > > org.apache.axiom.om.util.StAXUtils.getXMLOutputFactory(
> > StAXUtils.java
> > > > :97)
> > > > > > > at
> > > > > org.apache.axiom.om.util.StAXUtils.createXMLStreamWriter
> > > > > (StAXUtils.java:111)
> > > > > > > at
> > > > > org.apache.axiom.om.impl.dom.NodeImpl.serialize(NodeImpl.java
:577)
> > > > > > > at
> > > > > org.apache.axiom.om.impl.dom.ElementImpl.toString(
ElementImpl.java
> > :1139)
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On 9/13/06, Ruchith Fernando <[EMAIL PROTECTED]>
wrote:
> > > > > > > >
> > > > > > > > Hi,
> > > > > > > >
> > > > > > > > Can you please try this with the latest axiom-*-SNAPSHOT
jars.
> > > > > > > >
> > > > > > > >
> > > > >
> > > >
> >
http://people.apache.org/repository/ws-commons/jars/axiom-api-SNAPSHOT.jar
> > > > > > > >
> > > > >
> > > >
> >
http://people.apache.org/repository/ws-commons/jars/axiom-dom-SNAPSHOT.jar
> > > > > > > >
> > > > > > > >
> > > > >
> > > >
> >
http://people.apache.org/repository/ws-commons/jars/axiom-impl-SNAPSHOT.jar
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > Ruchith
> > > > > > > >
> > > > > > > > On 9/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] >
> > wrote:
> > > > > > > > > At ResolverFragment.java:60
> > > > > > > > >
> > > > > > > > > Document doc = uri.getOwnerElement().getOwnerDocument();
> > > > > > > > >
> > > > > > > > > This happens when we try to verify a xml signature. We
are
> > using
> > > > > > > > > axiom(version
> > > > > 1)/wss4j-1.5.0/xerces-2.7.1/xml-api-1.3.02/xmlsec-1.3.0with
> > > > > > > > > Tomcat.
> > > > > > > > >
> > > > > > > > > uri.getOwnerElement() is of type DocumentImpl that can't
be
> > type
> > > > > cast
> > > > > > > > > into Element as none of the super classes implement the
> > Element
> > > > > > > > interface.
> > > > > > > > > Am I right? I am new to web services and I don't
understand
> > > > fully.
> > > > > But
> > > > > > > > this
> > > > > > > > > problem is always reproducible in our environment.
> > > > > > > > >
> > > > > > > > > Any help will be greatly appreciated.
> > > > > > > > >
> > > > > > > > > thanks
> > > > > > > > >
> > > > > > > > > Aravind
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > www.ruchith.org
> > > > > > > >
> > > > > > > >
> > > > >
> > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > > > > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > www.ruchith.org
> > > > > >
> > > > > >
> > > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail:
[EMAIL PROTECTED]
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > www.ruchith.org
> > > >
> > > >
---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
