Steve,
Without tracing the whole thread: I had troubles with WSE interop as
long as I didn't specify following global parameter in the deploy.wsdd:
<parameter name="enableNamespacePrefixOptimization" value="false"/>
Yves
On Mon, 2005-07-11 at 09:58 -0300, Steve Behrendt wrote:
> Werner,
>
> Thanks. "InclusiveNamespace" is stuff of the WS-I, but WSE
> doesn't support this stuff (inclusivenamespace), therefore
> the WSE dosn't accept the signature. Have I understand it right?
>
> I have tried it and found 2 problems. When I use the wss4j.jar file
> (the newest version) the "inclusivenamespace"-stuff is added, but when
> I use the "src" files of the project folder the "inclusivenamepsace" isn't
> added - without any changes on the wssconfig.java file.
>
> Now the java-client send a soap-message without the
> "inclusivenamespace"=stuff,
> due to the WS-I, but the WSE still dowsn't accept the signature. The
> exception is
> still the same:
>
> AxisFault
> faultCode:
> {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}FailedCheck
> faultSubcode:
> faultString: Microsoft.Web.Services2.Security.SecurityFault: The signature
> or decryption was invalid
> at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
> at
> Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope
> envelope)
> at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
> envelope)
> at
> Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage
> message)
> faultActor: http://localhost/WebServiceGMC/webservicegmc.asmx
>
> The message is now:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <soapenv:Envelope
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
> xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> <soapenv:Header>
> <wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> soapenv:mustUnderstand="1">
> <wsse:UsernameToken
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="usernameTokenId-5862378">
> <wsse:Username>usuario3</wsse:Username>
> <wsse:Password
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password>
> <wsu:Created>2005-07-11T12:43:38.552Z</wsu:Created>
> <wsse:Nonce>85DpuTBD4f14uJhdklt2hA==</wsse:Nonce>
> </wsse:UsernameToken>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
> <ds:Reference URI="#id-8706595">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>6m7QGOVJoQGzFpxEIHqFISlwvOg=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-15606519">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>OrbC+oWPDqjF8d22jSIM+Z7mUf0=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-3779465">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>lr2fB700eMiCriQD7hrukW13eLk=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-2929821">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>aX77bRqKYnP9W1LZnXYy42DNhDI=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-17160330">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>hyPLuTIjh/hATPYWwwHxqiqU8ko=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-13328393">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>FAiQvuh29IyJoZTvOZl7MbHwFgU=</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-927929">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
>
> <ds:DigestValue>zI1HezB6OwqrvwlhMDbvpKX3Bag=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
> <ds:SignatureValue>TplVnW4j2/FeIgZVI2PRctbAgHc=</ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-2780950">
> <wsse:SecurityTokenReference
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="STRId-25197736">
> <wsse:Reference URI="#usernameTokenId-5862378"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> <wsu:Timestamp
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-3779465">
> <wsu:Created>2005-07-11T12:43:38.536Z</wsu:Created>
> <wsu:Expires>2005-07-11T12:48:38.536Z</wsu:Expires>
> </wsu:Timestamp>
> </wsse:Security>
> <wsa:MessageID
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-2929821"
> soapenv:mustUnderstand="0">uuid:672b03c0-f209-11d9-9218-cb301b6f3efb</wsa:MessageID>
> <wsa:To
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-927929"
> soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To>
> <wsa:Action
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-15606519"
> soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action>
> <wsa:From
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-13328393" soapenv:mustUnderstand="0">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:From>
> <wsa:ReplyTo
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-17160330" soapenv:mustUnderstand="0">
>
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> </wsa:ReplyTo>
> </soapenv:Header>
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="id-8706595">
> <anunciar xmlns="http://weg.net/service";>
> <ns1:usuario
> xmlns:ns1="http://weg.net/service/";>usuario1</ns1:usuario>
> </anunciar>
> </soapenv:Body>
> </soapenv:Envelope>
>
>
>
> Any body see a difference between the working message sent by the old wss4
> and this from the up-to-date wss4j?
>
> STEVE
>
>
>
>
>
>
>
> -----Mensagem original-----
> De: Werner Dittmann [mailto:[EMAIL PROTECTED]
> Enviada em: sábado, 9 de julho de 2005 04:19
> Para: Steve Behrendt
> Cc: [EMAIL PROTECTED]; Dittmann, Werner; Gürkan Vural; Granqvist, Hans;
> [email protected]
> Assunto: Re: RES: AW: AW: order of sign and encr in .NET
>
>
> Brian, Steve, all,
>
> looking at it I see the difference. Soemtime ago one of the
> contributers implemented some additons to be WS-I compliant.
> This "InclusiveNamespace" stuff is due to this, and as it turned
> out WSE is not yet ready to handle this. Due to this there is
> a boolean in WSSConfig.java (wsiBSPCompliant). If this boolean
> is true WSS4J works in BS-I compliant mode, setting it to false
> WSS4J works as before.
>
> Can you crosscheck and give it a try?
>
> Thanks,
> Werner
>
> Steve Behrendt schrieb:
> > Brian,
> >
> > You are right. I have tested the attached wss4j.jar file too and I had
> > success. My client now can produce a message that the .net client
> > understand.
> > The signature should be right, because the .NET WebService now don't respond
> > with the Exception (Signature invalid).
> >
> > I have build 2 Messsages, one with the new and one with the "old" wss4j.jar
> > and attached.
> >
> > The old one, which don't works:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <soapenv:Envelope
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> > soapenv:mustUnderstand="1">
> > <wsse:UsernameToken
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="usernameTokenId-12455463">
> > <wsse:Username>usuario3</wsse:Username>
> > <wsse:Password
> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password>
> > <wsu:Created>2005-07-05T14:10:26Z</wsu:Created>
> > <wsse:Nonce>yOBObBQ+sbevlt2XM0Xukg==</wsse:Nonce>
> > </wsse:UsernameToken>
> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> > <ec:InclusiveNamespaces
> > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soapenv wsa
> > xsd xsi"></ec:InclusiveNamespaces>
> > </ds:CanonicalizationMethod>
> > <ds:SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
> > <ds:Reference URI="#id-7866553">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> > <ec:InclusiveNamespaces
> > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsa xsd
> > xsi"></ec:InclusiveNamespaces>
> > </ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>PmQSgFYbhiZciP5F6CRT5MZOPPk=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-3874052">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> > <ec:InclusiveNamespaces
> > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soapenv wsa
> > wsse xsd xsi"></ec:InclusiveNamespaces>
> > </ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>jcRns/iJ1hxPJZEqUt1DIG0iDdo=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-15606519">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> > <ec:InclusiveNamespaces
> > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> > xsi"></ec:InclusiveNamespaces>
> > </ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>TB1t5JzPv1WQ4uMX05qKqIl2s9o=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-3779465">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> > <ec:InclusiveNamespaces
> > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> > xsi"></ec:InclusiveNamespaces>
> > </ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>erDZuYXo9WJn29GSh6Kood6guzw=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-2929821">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> > <ec:InclusiveNamespaces
> > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> > xsi"></ec:InclusiveNamespaces>
> > </ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>QbIGZGq03FxN6tA2aE9d11/hvh0=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-17160330">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";>
> > <ec:InclusiveNamespaces
> > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd
> > xsi"></ec:InclusiveNamespaces>
> > </ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>Y4vVT5KZ9FKbXLumKcaqvHaWhHM=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> >
> > <ds:SignatureValue>aLSM1mbqLMfNLKPVoi7dRqeVMT4=</ds:SignatureValue>
> > <ds:KeyInfo Id="KeyId-26956311">
> > <wsse:SecurityTokenReference
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="STRId-9734221">
> > <wsse:Reference URI="#usernameTokenId-12455463"
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > </ds:Signature>
> > <wsu:Timestamp
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-3874052">
> > <wsu:Created>2005-07-05T14:10:26Z</wsu:Created>
> > <wsu:Expires>2005-07-05T14:15:26Z</wsu:Expires>
> > </wsu:Timestamp>
> > </wsse:Security>
> > <wsa:MessageID
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-3779465"
> > soapenv:mustUnderstand="0">uuid:8912a6f0-ed5e-11d9-8c80-a1e4097e4740</wsa:MessageID>
> > <wsa:To
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-17160330"
> > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To>
> > <wsa:Action
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-15606519"
> > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action>
> > <wsa:From
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-2929821" soapenv:mustUnderstand="0">
> >
> > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> > </wsa:From>
> > </soapenv:Header>
> > <soapenv:Body
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-7866553">
> > <anunciar xmlns="http://weg.net/service";>
> > <ns1:usuario
> > xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario>
> > </anunciar>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> > ------------------------------------------------------
> >
> > and the new one working:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <soapenv:Envelope
> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema";
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
> > <soapenv:Header>
> > <wsse:Security
> > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
> > soapenv:mustUnderstand="1">
> > <wsse:UsernameToken
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="usernameTokenId-32956236">
> > <wsse:Username>usuario3</wsse:Username>
> > <wsse:Password
> > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password>
> > <wsu:Created>2005-07-08T18:21:20Z</wsu:Created>
> > <wsse:Nonce>RKPwh5ELWCBqUa0FhZtP9A==</wsse:Nonce>
> > </wsse:UsernameToken>
> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
> > <ds:SignatureMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod>
> > <ds:Reference URI="#id-9734221">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>FaQ7O3MS6a3e82I/jsfOhoDL+2M=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-867695">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>HinR+8MaMcU59CYiC25On0mv67U=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-20727434">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>YmbgnQ/0F+mxw9s3NrOibFvRj8w=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-3874052">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>iGemJhTiJd71u03JJWG22tLwfQ4=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-15606519">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>3m17MdDRPyAuUKi93W08Xdh2XQg=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-3779465">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>4Tb0yMaDPpAwiQXVpXdfJYWmvR0=</ds:DigestValue>
> > </ds:Reference>
> > <ds:Reference URI="#id-2929821">
> > <ds:Transforms>
> > <ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> > </ds:Transforms>
> > <ds:DigestMethod
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> >
> > <ds:DigestValue>t0XvlW4iqR3Qo2SirI+6sqkG4gk=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> >
> > <ds:SignatureValue>Q1NqxNLzcBL4wIjc6UToVyJ6+Kc=</ds:SignatureValue>
> > <ds:KeyInfo Id="KeyId-19583390">
> > <wsse:SecurityTokenReference
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="STRId-2780950">
> > <wsse:Reference URI="#usernameTokenId-32956236"
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference>
> > </wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > </ds:Signature>
> > <wsu:Timestamp
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-20727434">
> > <wsu:Created>2005-07-08T18:21:20Z</wsu:Created>
> > <wsu:Expires>2005-07-08T18:26:20Z</wsu:Expires>
> > </wsu:Timestamp>
> > </wsse:Security>
> > <wsa:MessageID
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-3874052"
> > soapenv:mustUnderstand="0">uuid:14e28260-efdd-11d9-a841-a743b9d3b3f7</wsa:MessageID>
> > <wsa:To
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-2929821"
> > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To>
> > <wsa:Action
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-867695"
> > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action>
> > <wsa:From
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-3779465" soapenv:mustUnderstand="0">
> >
> > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> > </wsa:From>
> > <wsa:ReplyTo
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-15606519" soapenv:mustUnderstand="0">
> >
> > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
> > </wsa:ReplyTo>
> > </soapenv:Header>
> > <soapenv:Body
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> > wsu:Id="id-9734221">
> > <anunciar xmlns="http://weg.net/service";>
> > <ns1:usuario
> > xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario>
> > </anunciar>
> > </soapenv:Body>
> > </soapenv:Envelope>
> >
> > -----------------------------------------------------------------------
> >
> > Now we have an example to work on it. I have already compared each other.
> > The main difference I had found was the "CanonicalizationMethod" - Tag and
> > the
> > "Transform" Tag of the "Transforms" tags.
> > Perhaps there are the problems?!?!?
> >
> > Steve
> >
> >
> > -----Mensagem original-----
> > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > Enviada em: sexta-feira, 8 de julho de 2005 07:59
> > Para: Dittmann, Werner; Steve Behrendt
> > Cc: Gürkan Vural; Granqvist, Hans; [email protected]
> > Assunto: Re: AW: AW: order of sign and encr in .NET
> >
> >
> > Werner, Gürkan and David,
> >
> > Since Steve's post to the list concerning his problems using wss4j with
> > UsernameToken Signature I've look at it again. My personal conclusion is
> > that it once worked, but that in the meantime it's become broken. At the
> > present time I can't say when exactly. I've tried various version of
> > wss4j, axis and bouncycastle and the only way I can get it working is by
> > using an older version of wss4j that I build. I've attached it, so you can
> > try it out and hopefully have a request come through.
> >
> > Regards Brian
> >
> >
> >
> >
> >
> >
> >>Gürkan,
> >>
> >>is this a real log of the request? If I save the file and try
> >>to open it with an XML editor it fails because of non-well
> >>formed document. Looking at it with emacs I see some linebreaks
> >>at unusual points, e.g. in the middle of an element name.
> >>
> >>I'm not sure if this is due to e-mail transport or similar.
> >>But because you sent it as an attachement I would suspect that is
> >>not the case.
> >>
> >>Can you verify this?
> >>
> >>Regards,
> >>Werner
> >>
> >>
> >>>-----Ursprüngliche Nachricht-----
> >>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED]
> >>>Gesendet: Freitag, 8. Juli 2005 11:06
> >>>An: Dittmann, Werner
> >>>Cc: Granqvist, Hans; [email protected]
> >>>Betreff: Re: AW: order of sign and encr in .NET
> >>>
> >>>
> >>>sorry wss4j can verify all elements but not final signature value. it
> >>>processes all elements in the correct order. I am trying to verify
> >>>username token signature with
> >>>http://www.w3.org/2000/09/xmldsig#hmac-sha1 algorithm. I can
> >>>verify what
> >>>i send to biztalk but not from biztalk. In the attachment there is a
> >>>sample soap message. Can anyone try to verify this?
> >>>
> >>>--
> >>>gurkan
> >>>
> >>>Dittmann, Werner wrote:
> >>>
> >>>
> >>>>Gürkan,
> >>>>
> >>>>to me it seems a problem of BizTalk and/or the .Net WSE
> >>>>implementation. According to the OASIS WSS specification,
> >>>>chapter 5:
> >>>>
> >>>><quote>
> >>>>As elements are added to a <wsse:Security> header block,
> >>>>they SHOULD be prepended to the existing elements. As such,
> >>>>the <wsse:Security> header block represents the signing and
> >>>>encryption steps the message producer took to create the message.
> >>>>This prepending rule ensures that the receiving application can
> >>>>process sub-elements in the order they appear in the
> >>>><wsse:Security> header block, because there will be no forward
> >>>>dependency among the sub-elements. Note that this specification
> >>>>does not impose any specific order of processing the
> >>>>sub-elements. The receiving application can use whatever order
> >>>>is required.
> >>>></quote>
> >>>>
> >>>>This means, if the receiver sees an encryption sub-element
> >>>>before a Signature sub-element if processes encryption first.
> >>>>The ordering of elements is the _only_ information about the
> >>>>processing sequence. How could the receiver otherweise
> >>>>determine that it should first check Signature, then decrypt?
> >>>>
> >>>>Maybe you may crosscheck with the MS folks to clarfiy that?
> >>>>Are there known problems with BizTalk / .Net WSE? In general
> >>>>we tested interop with .Net WSE.
> >>>>
> >>>>Regards,
> >>>>Werner
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>-----Ursprüngliche Nachricht-----
> >>>>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED]
> >>>>>Gesendet: Freitag, 8. Juli 2005 07:59
> >>>>>An: Granqvist, Hans
> >>>>>Cc: [email protected]
> >>>>>Betreff: Re: order of sign and encr in .NET
> >>>>>
> >>>>>
> >>>>>Granqvist, Hans wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>... biztalk outputs
> >>>>>>>DataReference above Signature element and this causes
> >>>>>>>decryption before signature and sign validation fails because
> >>>>>>>decryption changes the value of body element.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>Is it you or biztalk that implies processing order from
> >>>>>>the element order?
> >>>>>>
> >>>>>>Hans
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>Whatever order I send data to Biztalk it processes correctly.
> >>>>>Because my
> >>>>>java client (wss4j) puts the headers of last operation above
> >>>>>the others.
> >>>>>However Biztalk always sends DataReference above Signature
> >>>
> >>>element and
> >>>
> >>>>>my java client (wss4j) first processes the encrypted body
> >>>
> >>>so signature
> >>>
> >>>>>validation fails.
> >>>>>
> >>>>>--
> >>>>>gurkan
> >>>>>
> >>>>>==========================================================-
> >>>>>Bu e-posta sadece yukarida isimleri belirtilen kisiler
> >>>>>arasinda özel haberlesme amacini tasimaktadir. Size
> >>>>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz
> >>>>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez
> >>>>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir
> >>>>>hukuksal sorumlulugu kabul etmez.
> >>>>>
> >>>>>This e-mail communication is intended for the private use of
> >>>>>the people named above. If you received this message in
> >>>>>error, please immediately notify the sender and delete it
> >>>>
> >>>>>from your system. The Central Bank of The Republic of Turkey
> >>>>
> >>>>>does not accept legal responsibility for the contents of
> >>>
> >>>this message.
> >>>
> >>>>>
> >>>>>
> >>>
> >>>
> >>>==========================================================-
> >>>Bu e-posta sadece yukarida isimleri belirtilen kisiler
> >>>arasinda özel haberlesme amacini tasimaktadir. Size
> >>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz
> >>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez
> >>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir
> >>>hukuksal sorumlulugu kabul etmez.
> >>>
> >>>This e-mail communication is intended for the private use of
> >>>the people named above. If you received this message in
> >>>error, please immediately notify the sender and delete it
> >>>from your system. The Central Bank of The Republic of Turkey
> >>>does not accept legal responsibility for the contents of this message.
> >>>
> >>
> >
>
>
