Werner,
Thanks. "InclusiveNamespace" is stuff of the WS-I, but WSE
doesn't support this stuff (inclusivenamespace), therefore
the WSE dosn't accept the signature. Have I understand it right?
I have tried it and found 2 problems. When I use the wss4j.jar file
(the newest version) the "inclusivenamespace"-stuff is added, but when
I use the "src" files of the project folder the "inclusivenamepsace" isn't
added - without any changes on the wssconfig.java file.
Now the java-client send a soap-message without the "inclusivenamespace"=stuff,
due to the WS-I, but the WSE still dowsn't accept the signature. The exception
is
still the same:
AxisFault
faultCode:
{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}FailedCheck
faultSubcode:
faultString: Microsoft.Web.Services2.Security.SecurityFault: The signature or
decryption was invalid
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage
message)
faultActor: http://localhost/WebServiceGMC/webservicegmc.asmx
The message is now:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="usernameTokenId-5862378">
<wsse:Username>usuario3</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password>
<wsu:Created>2005-07-11T12:43:38.552Z</wsu:Created>
<wsse:Nonce>85DpuTBD4f14uJhdklt2hA==</wsse:Nonce>
</wsse:UsernameToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
<ds:Reference URI="#id-8706595">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>6m7QGOVJoQGzFpxEIHqFISlwvOg=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-15606519">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>OrbC+oWPDqjF8d22jSIM+Z7mUf0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-3779465">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>lr2fB700eMiCriQD7hrukW13eLk=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2929821">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>aX77bRqKYnP9W1LZnXYy42DNhDI=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-17160330">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>hyPLuTIjh/hATPYWwwHxqiqU8ko=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-13328393">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>FAiQvuh29IyJoZTvOZl7MbHwFgU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-927929">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>zI1HezB6OwqrvwlhMDbvpKX3Bag=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>TplVnW4j2/FeIgZVI2PRctbAgHc=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-2780950">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-25197736">
<wsse:Reference URI="#usernameTokenId-5862378"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-3779465">
<wsu:Created>2005-07-11T12:43:38.536Z</wsu:Created>
<wsu:Expires>2005-07-11T12:48:38.536Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
<wsa:MessageID
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-2929821"
soapenv:mustUnderstand="0">uuid:672b03c0-f209-11d9-9218-cb301b6f3efb</wsa:MessageID>
<wsa:To
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-927929"
soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To>
<wsa:Action
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-15606519"
soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action>
<wsa:From
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-13328393" soapenv:mustUnderstand="0">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:From>
<wsa:ReplyTo
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-17160330" soapenv:mustUnderstand="0">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
</soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="id-8706595">
<anunciar xmlns="http://weg.net/service";>
<ns1:usuario
xmlns:ns1="http://weg.net/service/";>usuario1</ns1:usuario>
</anunciar>
</soapenv:Body>
</soapenv:Envelope>
Any body see a difference between the working message sent by the old wss4
and this from the up-to-date wss4j?
STEVE
-----Mensagem original-----
De: Werner Dittmann [mailto:[EMAIL PROTECTED]
Enviada em: sábado, 9 de julho de 2005 04:19
Para: Steve Behrendt
Cc: [EMAIL PROTECTED]; Dittmann, Werner; Gürkan Vural; Granqvist, Hans;
[email protected]
Assunto: Re: RES: AW: AW: order of sign and encr in .NET
Brian, Steve, all,
looking at it I see the difference. Soemtime ago one of the
contributers implemented some additons to be WS-I compliant.
This "InclusiveNamespace" stuff is due to this, and as it turned
out WSE is not yet ready to handle this. Due to this there is
a boolean in WSSConfig.java (wsiBSPCompliant). If this boolean
is true WSS4J works in BS-I compliant mode, setting it to false
WSS4J works as before.
Can you crosscheck and give it a try?
Thanks,
Werner
Steve Behrendt schrieb:
> Brian,
>
> You are right. I have tested the attached wss4j.jar file too and I had
> success. My client now can produce a message that the .net client understand.
> The signature should be right, because the .NET WebService now don't respond
> with the Exception (Signature invalid).
>
> I have build 2 Messsages, one with the new and one with the "old" wss4j.jar
> and attached.
>
> The old one, which don't works:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="usernameTokenId-12455463">
> <wsse:Username>usuario3</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password>
> <wsu:Created>2005-07-05T14:10:26Z</wsu:Created>
> <wsse:Nonce>yOBObBQ+sbevlt2XM0Xukg==</wsse:Nonce>
> </wsse:UsernameToken>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soapenv wsa
> xsd xsi"></ec:InclusiveNamespaces>
> </ds:CanonicalizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
> <ds:Reference URI="#id-7866553">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsa xsd
> xsi"></ec:InclusiveNamespaces>
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>PmQSgFYbhiZciP5F6CRT5MZOPPk=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-3874052">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soapenv wsa
> wsse xsd xsi"></ec:InclusiveNamespaces>
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>jcRns/iJ1hxPJZEqUt1DIG0iDdo=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-15606519">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> xsi"></ec:InclusiveNamespaces>
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>TB1t5JzPv1WQ4uMX05qKqIl2s9o=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-3779465">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> xsi"></ec:InclusiveNamespaces>
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>erDZuYXo9WJn29GSh6Kood6guzw=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-2929821">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> xsi"></ec:InclusiveNamespaces>
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>QbIGZGq03FxN6tA2aE9d11/hvh0=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-17160330">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> <ec:InclusiveNamespaces
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> xsi"></ec:InclusiveNamespaces>
> </ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>Y4vVT5KZ9FKbXLumKcaqvHaWhHM=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
> <ds:SignatureValue>aLSM1mbqLMfNLKPVoi7dRqeVMT4=</ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-26956311">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STRId-9734221">
> <wsse:Reference URI="#usernameTokenId-12455463"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> <wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-3874052">
> <wsu:Created>2005-07-05T14:10:26Z</wsu:Created>
> <wsu:Expires>2005-07-05T14:15:26Z</wsu:Expires>
> </wsu:Timestamp>
> </wsse:Security>
> <wsa:MessageID
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-3779465"
> soapenv:mustUnderstand="0">uuid:8912a6f0-ed5e-11d9-8c80-a1e4097e4740</wsa:MessageID>
> <wsa:To
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-17160330"
> soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To>
> <wsa:Action
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-15606519"
> soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action>
> <wsa:From
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-2929821" soapenv:mustUnderstand="0">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:From>
> </soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-7866553">
> <anunciar xmlns="http://weg.net/service";>
> <ns1:usuario
> xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario>
> </anunciar>
> </soapenv:Body>
> </soapenv:Envelope>
>
> ------------------------------------------------------
>
> and the new one working:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="usernameTokenId-32956236">
> <wsse:Username>usuario3</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password>
> <wsu:Created>2005-07-08T18:21:20Z</wsu:Created>
> <wsse:Nonce>RKPwh5ELWCBqUa0FhZtP9A==</wsse:Nonce>
> </wsse:UsernameToken>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
> <ds:Reference URI="#id-9734221">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>FaQ7O3MS6a3e82I/jsfOhoDL+2M=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-867695">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>HinR+8MaMcU59CYiC25On0mv67U=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-20727434">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>YmbgnQ/0F+mxw9s3NrOibFvRj8w=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-3874052">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>iGemJhTiJd71u03JJWG22tLwfQ4=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-15606519">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>3m17MdDRPyAuUKi93W08Xdh2XQg=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-3779465">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>4Tb0yMaDPpAwiQXVpXdfJYWmvR0=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-2929821">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>t0XvlW4iqR3Qo2SirI+6sqkG4gk=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
> <ds:SignatureValue>Q1NqxNLzcBL4wIjc6UToVyJ6+Kc=</ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-19583390">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STRId-2780950">
> <wsse:Reference URI="#usernameTokenId-32956236"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> <wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-20727434">
> <wsu:Created>2005-07-08T18:21:20Z</wsu:Created>
> <wsu:Expires>2005-07-08T18:26:20Z</wsu:Expires>
> </wsu:Timestamp>
> </wsse:Security>
> <wsa:MessageID
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-3874052"
> soapenv:mustUnderstand="0">uuid:14e28260-efdd-11d9-a841-a743b9d3b3f7</wsa:MessageID>
> <wsa:To
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-2929821"
> soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To>
> <wsa:Action
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-867695"
> soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action>
> <wsa:From
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-3779465" soapenv:mustUnderstand="0">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:From>
> <wsa:ReplyTo
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-15606519" soapenv:mustUnderstand="0">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:ReplyTo>
> </soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-9734221">
> <anunciar xmlns="http://weg.net/service";>
> <ns1:usuario
> xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario>
> </anunciar>
> </soapenv:Body>
> </soapenv:Envelope>
>
> -----------------------------------------------------------------------
>
> Now we have an example to work on it. I have already compared each other.
> The main difference I had found was the "CanonicalizationMethod" - Tag and
> the
> "Transform" Tag of the "Transforms" tags.
> Perhaps there are the problems?!?!?
>
> Steve
>
>
> -----Mensagem original-----
> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Enviada em: sexta-feira, 8 de julho de 2005 07:59
> Para: Dittmann, Werner; Steve Behrendt
> Cc: Gürkan Vural; Granqvist, Hans; [email protected]
> Assunto: Re: AW: AW: order of sign and encr in .NET
>
>
> Werner, Gürkan and David,
>
> Since Steve's post to the list concerning his problems using wss4j with
> UsernameToken Signature I've look at it again. My personal conclusion is
> that it once worked, but that in the meantime it's become broken. At the
> present time I can't say when exactly. I've tried various version of
> wss4j, axis and bouncycastle and the only way I can get it working is by
> using an older version of wss4j that I build. I've attached it, so you can
> try it out and hopefully have a request come through.
>
> Regards Brian
>
>
>
>
>
>
>>Gürkan,
>>
>>is this a real log of the request? If I save the file and try
>>to open it with an XML editor it fails because of non-well
>>formed document. Looking at it with emacs I see some linebreaks
>>at unusual points, e.g. in the middle of an element name.
>>
>>I'm not sure if this is due to e-mail transport or similar.
>>But because you sent it as an attachement I would suspect that is
>>not the case.
>>
>>Can you verify this?
>>
>>Regards,
>>Werner
>>
>>
>>>-----Ursprüngliche Nachricht-----
>>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED]
>>>Gesendet: Freitag, 8. Juli 2005 11:06
>>>An: Dittmann, Werner
>>>Cc: Granqvist, Hans; [email protected]
>>>Betreff: Re: AW: order of sign and encr in .NET
>>>
>>>
>>>sorry wss4j can verify all elements but not final signature value. it
>>>processes all elements in the correct order. I am trying to verify
>>>username token signature with
>>>http://www.w3.org/2000/09/xmldsig#hmac-sha1 algorithm. I can
>>>verify what
>>>i send to biztalk but not from biztalk. In the attachment there is a
>>>sample soap message. Can anyone try to verify this?
>>>
>>>--
>>>gurkan
>>>
>>>Dittmann, Werner wrote:
>>>
>>>
>>>>Gürkan,
>>>>
>>>>to me it seems a problem of BizTalk and/or the .Net WSE
>>>>implementation. According to the OASIS WSS specification,
>>>>chapter 5:
>>>>
>>>><quote>
>>>>As elements are added to a <wsse:Security> header block,
>>>>they SHOULD be prepended to the existing elements. As such,
>>>>the <wsse:Security> header block represents the signing and
>>>>encryption steps the message producer took to create the message.
>>>>This prepending rule ensures that the receiving application can
>>>>process sub-elements in the order they appear in the
>>>><wsse:Security> header block, because there will be no forward
>>>>dependency among the sub-elements. Note that this specification
>>>>does not impose any specific order of processing the
>>>>sub-elements. The receiving application can use whatever order
>>>>is required.
>>>></quote>
>>>>
>>>>This means, if the receiver sees an encryption sub-element
>>>>before a Signature sub-element if processes encryption first.
>>>>The ordering of elements is the _only_ information about the
>>>>processing sequence. How could the receiver otherweise
>>>>determine that it should first check Signature, then decrypt?
>>>>
>>>>Maybe you may crosscheck with the MS folks to clarfiy that?
>>>>Are there known problems with BizTalk / .Net WSE? In general
>>>>we tested interop with .Net WSE.
>>>>
>>>>Regards,
>>>>Werner
>>>>
>>>>
>>>>
>>>>
>>>>>-----Ursprüngliche Nachricht-----
>>>>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED]
>>>>>Gesendet: Freitag, 8. Juli 2005 07:59
>>>>>An: Granqvist, Hans
>>>>>Cc: [email protected]
>>>>>Betreff: Re: order of sign and encr in .NET
>>>>>
>>>>>
>>>>>Granqvist, Hans wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>>... biztalk outputs
>>>>>>>DataReference above Signature element and this causes
>>>>>>>decryption before signature and sign validation fails because
>>>>>>>decryption changes the value of body element.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>Is it you or biztalk that implies processing order from
>>>>>>the element order?
>>>>>>
>>>>>>Hans
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>Whatever order I send data to Biztalk it processes correctly.
>>>>>Because my
>>>>>java client (wss4j) puts the headers of last operation above
>>>>>the others.
>>>>>However Biztalk always sends DataReference above Signature
>>>
>>>element and
>>>
>>>>>my java client (wss4j) first processes the encrypted body
>>>
>>>so signature
>>>
>>>>>validation fails.
>>>>>
>>>>>--
>>>>>gurkan
>>>>>
>>>>>==========================================================-
>>>>>Bu e-posta sadece yukarida isimleri belirtilen kisiler
>>>>>arasinda özel haberlesme amacini tasimaktadir. Size
>>>>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz
>>>>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez
>>>>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir
>>>>>hukuksal sorumlulugu kabul etmez.
>>>>>
>>>>>This e-mail communication is intended for the private use of
>>>>>the people named above. If you received this message in
>>>>>error, please immediately notify the sender and delete it
>>>>
>>>>>from your system. The Central Bank of The Republic of Turkey
>>>>
>>>>>does not accept legal responsibility for the contents of
>>>
>>>this message.
>>>
>>>>>
>>>>>
>>>
>>>
>>>==========================================================-
>>>Bu e-posta sadece yukarida isimleri belirtilen kisiler
>>>arasinda özel haberlesme amacini tasimaktadir. Size
>>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz
>>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez
>>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir
>>>hukuksal sorumlulugu kabul etmez.
>>>
>>>This e-mail communication is intended for the private use of
>>>the people named above. If you received this message in
>>>error, please immediately notify the sender and delete it
>>>from your system. The Central Bank of The Republic of Turkey
>>>does not accept legal responsibility for the contents of this message.
>>>
>>
>
