Brian, the message "Verification successful for URI" means that the computed digest value over the referenced part of the messag is ok.
The SignatureValue is then computed over the part that is enclosed by "<SignedInfo>" tags. If somehow this part of the message is modified then the computation of the hash for this part fails. Even inserting a blank or an additional linefeed causes failure - so _no_ modification after Signature. AFAIK the SignatureValue is the hash over the SignedInfo encrypted with the private key of the Signer, the check the signature decrypt with public key, compute hash over SignedInfo (after checking the enclosed DigestValues) and compare the results. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Brian Nielsen [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 29. Juni 2005 14:30 > An: [email protected] > Betreff: Problem checking signatures > > > > My scenario is signature/ecrypt request/response from wss4j > to WSE2.0SP3. > The request sign/encrypt goes fine, and for the reponse the > decryption is > also okay, but the signature fails. The strange thing is that > i get the > following on the console: > > Verification successful for URI > "#Id-e1f13ac7-1af6-4f79-a76c-2489d05e3816" > > I can see that this message comes from the call to > "sig.checkSignatureValue(certs[0]);" in WSSecurityEngine and > that the return > value is "false". [1] is a pretty print of the reponse, that > I've confined > to just signing to focus on the problem. > > Has anyone got an idea of what's happening and a solution? I > know that there > could be more information nessesary, so please write back if > you've got any > clues. > > Best regards > Brian Nielsen > > > [1] > <?xml version="1.0" encoding="utf-8"?> > <soap:Envelope > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"; > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > 1-wss-wssecuri > ty-secext-1.0.xsd" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurit > y-utility-1.0.xsd"> > <soap:Header> > > <wsa:Action>http://www.oio.dk/arkitektur/webservice/security/a > tedResponse</w > sa:Action> > > <wsa:MessageID>uuid:d7a59b71-f5c8-4789-b9a9-5e27b08dbdad</wsa: > MessageID> > > <wsa:RelatesTo>uuid:3de201e3-1b79-48c7-b195-0207ea3bad58</wsa: > RelatesTo> > > <wsa:To>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/ > anonymous</wsa > :To> > <wsse:Security soap:mustUnderstand="1"> > <wsu:Timestamp > wsu:Id="Timestamp-8ba94dc8-5688-4fb9-9d05-31ccb1ec9f94"> > <wsu:Created>2005-06-29T11:31:55Z</wsu:Created> > <wsu:Expires>2005-06-29T11:36:55Z</wsu:Expires> > </wsu:Timestamp> > <wsse:BinarySecurityToken > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-toke > n-profile-1.0#X509v3" > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > 401-wss-soap-m > essage-security-1.0#Base64Binary" > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurit > y-utility-1.0.xsd" > wsu:Id="SecurityToken-0170d0e7-53ad-4bf4-8176-5598acd0a7ae">MI > IELzCCAxegAwIB > AgIKG07I7gAAAAAAAjANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtYbWx0b2 > 9scyBDQTAeFw0w > NDA4MTUxMzAxMDRaFw0wNTA4MTUxMzExMDRaMHYxCzAJBgNVBAYTAkRLMRUwEw > YDVQQHEwxDb3Bl > bmhhZ2VuIEsxJzAlBgNVBAoTHk5hdGlvbmFsIElUIGFuZCBUZWxlY29tIEFnZW > 5jeTENMAsGA1UE > CxMETklUQTEYMBYGA1UEAxMPeG1sdG9vbHMub2lvLmRrMIGfMA0GCSqGSIb3DQ > EBAQUAA4GNADCB > iQKBgQCqypgPb9QasSHVapTIO5tKj9B1QyQBJqDLzCq8+j1yipiG+bOUUsj4xW > CtbJq2fkw/ > iQKBgQCqypgPb9QasSHVapTIO5tKj9B1QyQBJqDLzCq8+j1yipiG+tOgt > Cb25W0Qkd7nq8IfLcYplYlrIeniZY03nyvm2S5dXiwDC0hMME+NqDhv9JRkmKn > Ho5UjOVoyv > Cb25W0Qkd7nq8IfLcYplYlrIeniZY03nyvm2S5dXiwDC0hMME+DgLb > bDSVQM2WK/zQLhXjxfn/yYsHDwIDAQABo4IBoTCCAZ0wDgYDVR0PAQH/BAQDAg > TwMEQGCSqGSIb3 > DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDg > MCBzAKBggqhkiG > 9w0DBzATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUK955SSfcZEG27E > fKy76R64hB4Jcw > HwYDVR0jBBgwFoAUI9iI5DYhchM3V6IfXb3cq8DiJZYwZQYDVR0fBF4wXDBaoF > igVoYpaHR0cDov > L2l0czI2L0NlcnRFbnJvbGwvWG1sdG9vbHMlMjBDQS5jcmyGKWZpbGU6Ly9cXG > l0czI2XENlcnRF > bnJvbGxcWG1sdG9vbHMgQ0EuY3JsMIGIBggrBgEFBQcBAQR8MHowOwYIKwYBBQ > UHMAKGL2h0dHA6 > Ly9pdHMyNi9DZXJ0RW5yb2xsL2l0czI2X1htbHRvb2xzJTIwQ0EuY3J0MDsGCC > sGAQUFBzAChi9m > aWxlOi8vXFxpdHMyNlxDZXJ0RW5yb2xsXGl0czI2X1htbHRvb2xzIENBLmNydD > ANBgkqhkiG9w0B > AQUFAAOCAQEAkSKwxWUsGnkLe+ogRfFBoGwVvTSpJKR41Qjri5e0LKndG7BrU8 > 2ZmAsWreUa > AQUFAAOCAQEAkSKwxWUsGnkLe+PbVp > WrlrsRwoPHuwXrtm0LHRLrjKLSzkW9fxjMoKJejlKGwwNJHYi2XzumTtt7DSSw > VfR6zgJrY27xKj > 1gs8Qm2GefZW0xIWefNZ82l0f86gaHogVVSF05v3QL5X6tnAphS0EI5PFWG+ss > 6ajvdcRCW0 > 1gs8Qm2GefZW0xIWefNZ82l0f86gaHogVVSF05v3QL5X6tnAphS0EI5PFWG+k13L > H9DCF5mweaHIQ5pjxCfdbMieFiDR0RF5wXPAJIAjkIkPPYF6Rewf7XPI+kDDK6 > /Y+8UqfLTc > H9DCF5mweaHIQ5pjxCfdbMieFiDR0RF5wXPAJIAjkIkPPYF6Rewf7XPI+gJiG > QUWuUq1JUAd/qCcdOujsefNAG0Uraj//2azQrtjA1sXx2V6tMw==</wsse:Bin > arySecurityTok > en> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> > <SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <Reference > URI="#Id-4130cb51-eb27-4f46-aa92-c7db3e906e4c"> > <Transforms> > <Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </Transforms> > <DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <DigestValue>iDgY5vodA7dsKqrWWXJT0ynFJzI=</DigestValue> > </Reference> > </SignedInfo> > > <SignatureValue>TQ1okwAi9CQS5vNCSxR2p2vaRKjbYF2YYx3XtOA/lhm9yk > wxCQpNlOwio4U0 > eE3ko1IwRmG8/ATqkTEZ8AKQVsg6w3xRqTcKjs2jQPj3Q8epOsXeie6OEuYeD1 > wSbsPYoaP0jBAC > Wbdd1TR2OMiqjEENvIPGAw9jaTz0Ldp4uSU=</SignatureValue> > <KeyInfo> > <wsse:SecurityTokenReference> > <wsse:Reference > URI="#SecurityToken-0170d0e7-53ad-4bf4-8176-5598acd0a7ae" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-toke > n-profile-1.0#X509v3" /> > </wsse:SecurityTokenReference> > </KeyInfo> > </Signature> > </wsse:Security> > </soap:Header> > <soap:Body wsu:Id="Id-4130cb51-eb27-4f46-aa92-c7db3e906e4c"> > <PersonalCPRDataStructure > xmlns="http://rep.oio.dk/xkom.dk/xml/schemas/2004/08/01/";> > <PersonName> > <PersonGivenName > xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/";>F > ornavn</Person > GivenName> > <PersonMiddleName > xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/";>M > ellemnavn</Per > sonMiddleName> > <PersonSurnameName > xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/";>E > fternavn</Pers > onSurnameName> > </PersonName> > </PersonalCPRDataStructure> > </soap:Body> > </soap:Envelope> > > >
