Yves, I have tried it and there are no differences between a soap-message, which is built with the parameter "enableNamespacePrefixOptimization"=true or "..."=false nor without the whole parameter.
Steve -----Mensagem original----- De: Yves Langisch [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 11 de julho de 2005 10:16 Para: Steve Behrendt Cc: Werner Dittmann; [EMAIL PROTECTED]; Dittmann, Werner; Gürkan Vural; Granqvist, Hans; [email protected] Assunto: Re: RES: RES: AW: AW: order of sign and encr in .NET Steve, Without tracing the whole thread: I had troubles with WSE interop as long as I didn't specify following global parameter in the deploy.wsdd: <parameter name="enableNamespacePrefixOptimization" value="false"/> Yves On Mon, 2005-07-11 at 09:58 -0300, Steve Behrendt wrote: > Werner, > > Thanks. "InclusiveNamespace" is stuff of the WS-I, but WSE > doesn't support this stuff (inclusivenamespace), therefore > the WSE dosn't accept the signature. Have I understand it right? > > I have tried it and found 2 problems. When I use the wss4j.jar file > (the newest version) the "inclusivenamespace"-stuff is added, but when > I use the "src" files of the project folder the "inclusivenamepsace" isn't > added - without any changes on the wssconfig.java file. > > Now the java-client send a soap-message without the > "inclusivenamespace"=stuff, > due to the WS-I, but the WSE still dowsn't accept the signature. The > exception is > still the same: > > AxisFault > faultCode: > {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}FailedCheck > faultSubcode: > faultString: Microsoft.Web.Services2.Security.SecurityFault: The signature > or decryption was invalid > at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) > at > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope > envelope) > at > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage > message) > faultActor: http://localhost/WebServiceGMC/webservicegmc.asmx > > The message is now: > > <?xml version="1.0" encoding="UTF-8"?> > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <soapenv:Header> > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > soapenv:mustUnderstand="1"> > <wsse:UsernameToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="usernameTokenId-5862378"> > <wsse:Username>usuario3</wsse:Username> > <wsse:Password > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password> > <wsu:Created>2005-07-11T12:43:38.552Z</wsu:Created> > <wsse:Nonce>85DpuTBD4f14uJhdklt2hA==</wsse:Nonce> > </wsse:UsernameToken> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod> > <ds:Reference URI="#id-8706595"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>6m7QGOVJoQGzFpxEIHqFISlwvOg=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-15606519"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>OrbC+oWPDqjF8d22jSIM+Z7mUf0=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-3779465"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>lr2fB700eMiCriQD7hrukW13eLk=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-2929821"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>aX77bRqKYnP9W1LZnXYy42DNhDI=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-17160330"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>hyPLuTIjh/hATPYWwwHxqiqU8ko=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-13328393"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>FAiQvuh29IyJoZTvOZl7MbHwFgU=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="#id-927929"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>zI1HezB6OwqrvwlhMDbvpKX3Bag=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>TplVnW4j2/FeIgZVI2PRctbAgHc=</ds:SignatureValue> > <ds:KeyInfo Id="KeyId-2780950"> > <wsse:SecurityTokenReference > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="STRId-25197736"> > <wsse:Reference URI="#usernameTokenId-5862378" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > <wsu:Timestamp > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-3779465"> > <wsu:Created>2005-07-11T12:43:38.536Z</wsu:Created> > <wsu:Expires>2005-07-11T12:48:38.536Z</wsu:Expires> > </wsu:Timestamp> > </wsse:Security> > <wsa:MessageID > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-2929821" > soapenv:mustUnderstand="0">uuid:672b03c0-f209-11d9-9218-cb301b6f3efb</wsa:MessageID> > <wsa:To > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-927929" > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To> > <wsa:Action > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-15606519" > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action> > <wsa:From > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-13328393" soapenv:mustUnderstand="0"> > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> > </wsa:From> > <wsa:ReplyTo > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-17160330" soapenv:mustUnderstand="0"> > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> > </wsa:ReplyTo> > </soapenv:Header> > <soapenv:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-8706595"> > <anunciar xmlns="http://weg.net/service";> > <ns1:usuario > xmlns:ns1="http://weg.net/service/";>usuario1</ns1:usuario> > </anunciar> > </soapenv:Body> > </soapenv:Envelope> > > > > Any body see a difference between the working message sent by the old wss4 > and this from the up-to-date wss4j? > > STEVE > > > > > > > > -----Mensagem original----- > De: Werner Dittmann [mailto:[EMAIL PROTECTED] > Enviada em: sábado, 9 de julho de 2005 04:19 > Para: Steve Behrendt > Cc: [EMAIL PROTECTED]; Dittmann, Werner; Gürkan Vural; Granqvist, Hans; > [email protected] > Assunto: Re: RES: AW: AW: order of sign and encr in .NET > > > Brian, Steve, all, > > looking at it I see the difference. Soemtime ago one of the > contributers implemented some additons to be WS-I compliant. > This "InclusiveNamespace" stuff is due to this, and as it turned > out WSE is not yet ready to handle this. Due to this there is > a boolean in WSSConfig.java (wsiBSPCompliant). If this boolean > is true WSS4J works in BS-I compliant mode, setting it to false > WSS4J works as before. > > Can you crosscheck and give it a try? > > Thanks, > Werner > > Steve Behrendt schrieb: > > Brian, > > > > You are right. I have tested the attached wss4j.jar file too and I had > > success. My client now can produce a message that the .net client > > understand. > > The signature should be right, because the .NET WebService now don't respond > > with the Exception (Signature invalid). > > > > I have build 2 Messsages, one with the new and one with the "old" wss4j.jar > > and attached. > > > > The old one, which don't works: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <soapenv:Envelope > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > <soapenv:Header> > > <wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > soapenv:mustUnderstand="1"> > > <wsse:UsernameToken > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="usernameTokenId-12455463"> > > <wsse:Username>usuario3</wsse:Username> > > <wsse:Password > > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password> > > <wsu:Created>2005-07-05T14:10:26Z</wsu:Created> > > <wsse:Nonce>yOBObBQ+sbevlt2XM0Xukg==</wsse:Nonce> > > </wsse:UsernameToken> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soapenv wsa > > xsd xsi"></ec:InclusiveNamespaces> > > </ds:CanonicalizationMethod> > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod> > > <ds:Reference URI="#id-7866553"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsa xsd > > xsi"></ec:InclusiveNamespaces> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>PmQSgFYbhiZciP5F6CRT5MZOPPk=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-3874052"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soapenv wsa > > wsse xsd xsi"></ec:InclusiveNamespaces> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>jcRns/iJ1hxPJZEqUt1DIG0iDdo=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-15606519"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd > > xsi"></ec:InclusiveNamespaces> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>TB1t5JzPv1WQ4uMX05qKqIl2s9o=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-3779465"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd > > xsi"></ec:InclusiveNamespaces> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>erDZuYXo9WJn29GSh6Kood6guzw=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-2929821"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd > > xsi"></ec:InclusiveNamespaces> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>QbIGZGq03FxN6tA2aE9d11/hvh0=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-17160330"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="xsd > > xsi"></ec:InclusiveNamespaces> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>Y4vVT5KZ9FKbXLumKcaqvHaWhHM=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > > > <ds:SignatureValue>aLSM1mbqLMfNLKPVoi7dRqeVMT4=</ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-26956311"> > > <wsse:SecurityTokenReference > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="STRId-9734221"> > > <wsse:Reference URI="#usernameTokenId-12455463" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > <wsu:Timestamp > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-3874052"> > > <wsu:Created>2005-07-05T14:10:26Z</wsu:Created> > > <wsu:Expires>2005-07-05T14:15:26Z</wsu:Expires> > > </wsu:Timestamp> > > </wsse:Security> > > <wsa:MessageID > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-3779465" > > soapenv:mustUnderstand="0">uuid:8912a6f0-ed5e-11d9-8c80-a1e4097e4740</wsa:MessageID> > > <wsa:To > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-17160330" > > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To> > > <wsa:Action > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-15606519" > > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action> > > <wsa:From > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-2929821" soapenv:mustUnderstand="0"> > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> > > </wsa:From> > > </soapenv:Header> > > <soapenv:Body > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-7866553"> > > <anunciar xmlns="http://weg.net/service";> > > <ns1:usuario > > xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario> > > </anunciar> > > </soapenv:Body> > > </soapenv:Envelope> > > > > ------------------------------------------------------ > > > > and the new one working: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <soapenv:Envelope > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > <soapenv:Header> > > <wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > > soapenv:mustUnderstand="1"> > > <wsse:UsernameToken > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="usernameTokenId-32956236"> > > <wsse:Username>usuario3</wsse:Username> > > <wsse:Password > > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";>senha3</wsse:Password> > > <wsu:Created>2005-07-08T18:21:20Z</wsu:Created> > > <wsse:Nonce>RKPwh5ELWCBqUa0FhZtP9A==</wsse:Nonce> > > </wsse:UsernameToken> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod> > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:SignatureMethod> > > <ds:Reference URI="#id-9734221"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>FaQ7O3MS6a3e82I/jsfOhoDL+2M=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-867695"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>HinR+8MaMcU59CYiC25On0mv67U=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-20727434"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>YmbgnQ/0F+mxw9s3NrOibFvRj8w=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-3874052"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>iGemJhTiJd71u03JJWG22tLwfQ4=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-15606519"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>3m17MdDRPyAuUKi93W08Xdh2XQg=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-3779465"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>4Tb0yMaDPpAwiQXVpXdfJYWmvR0=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-2929821"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>t0XvlW4iqR3Qo2SirI+6sqkG4gk=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > > > <ds:SignatureValue>Q1NqxNLzcBL4wIjc6UToVyJ6+Kc=</ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-19583390"> > > <wsse:SecurityTokenReference > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="STRId-2780950"> > > <wsse:Reference URI="#usernameTokenId-32956236" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";></wsse:Reference> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > <wsu:Timestamp > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-20727434"> > > <wsu:Created>2005-07-08T18:21:20Z</wsu:Created> > > <wsu:Expires>2005-07-08T18:26:20Z</wsu:Expires> > > </wsu:Timestamp> > > </wsse:Security> > > <wsa:MessageID > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-3874052" > > soapenv:mustUnderstand="0">uuid:14e28260-efdd-11d9-a841-a743b9d3b3f7</wsa:MessageID> > > <wsa:To > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-2929821" > > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC/webservicegmc.asmx</wsa:To> > > <wsa:Action > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-867695" > > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webservicegmc.asmx?op=getClientes</wsa:Action> > > <wsa:From > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-3779465" soapenv:mustUnderstand="0"> > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> > > </wsa:From> > > <wsa:ReplyTo > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-15606519" soapenv:mustUnderstand="0"> > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> > > </wsa:ReplyTo> > > </soapenv:Header> > > <soapenv:Body > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > > wsu:Id="id-9734221"> > > <anunciar xmlns="http://weg.net/service";> > > <ns1:usuario > > xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario> > > </anunciar> > > </soapenv:Body> > > </soapenv:Envelope> > > > > ----------------------------------------------------------------------- > > > > Now we have an example to work on it. I have already compared each other. > > The main difference I had found was the "CanonicalizationMethod" - Tag and > > the > > "Transform" Tag of the "Transforms" tags. > > Perhaps there are the problems?!?!? > > > > Steve > > > > > > -----Mensagem original----- > > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Enviada em: sexta-feira, 8 de julho de 2005 07:59 > > Para: Dittmann, Werner; Steve Behrendt > > Cc: Gürkan Vural; Granqvist, Hans; [email protected] > > Assunto: Re: AW: AW: order of sign and encr in .NET > > > > > > Werner, Gürkan and David, > > > > Since Steve's post to the list concerning his problems using wss4j with > > UsernameToken Signature I've look at it again. My personal conclusion is > > that it once worked, but that in the meantime it's become broken. At the > > present time I can't say when exactly. I've tried various version of > > wss4j, axis and bouncycastle and the only way I can get it working is by > > using an older version of wss4j that I build. I've attached it, so you can > > try it out and hopefully have a request come through. > > > > Regards Brian > > > > > > > > > > > > > >>Gürkan, > >> > >>is this a real log of the request? If I save the file and try > >>to open it with an XML editor it fails because of non-well > >>formed document. Looking at it with emacs I see some linebreaks > >>at unusual points, e.g. in the middle of an element name. > >> > >>I'm not sure if this is due to e-mail transport or similar. > >>But because you sent it as an attachement I would suspect that is > >>not the case. > >> > >>Can you verify this? > >> > >>Regards, > >>Werner > >> > >> > >>>-----Ursprüngliche Nachricht----- > >>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED] > >>>Gesendet: Freitag, 8. Juli 2005 11:06 > >>>An: Dittmann, Werner > >>>Cc: Granqvist, Hans; [email protected] > >>>Betreff: Re: AW: order of sign and encr in .NET > >>> > >>> > >>>sorry wss4j can verify all elements but not final signature value. it > >>>processes all elements in the correct order. I am trying to verify > >>>username token signature with > >>>http://www.w3.org/2000/09/xmldsig#hmac-sha1 algorithm. I can > >>>verify what > >>>i send to biztalk but not from biztalk. In the attachment there is a > >>>sample soap message. Can anyone try to verify this? > >>> > >>>-- > >>>gurkan > >>> > >>>Dittmann, Werner wrote: > >>> > >>> > >>>>Gürkan, > >>>> > >>>>to me it seems a problem of BizTalk and/or the .Net WSE > >>>>implementation. According to the OASIS WSS specification, > >>>>chapter 5: > >>>> > >>>><quote> > >>>>As elements are added to a <wsse:Security> header block, > >>>>they SHOULD be prepended to the existing elements. As such, > >>>>the <wsse:Security> header block represents the signing and > >>>>encryption steps the message producer took to create the message. > >>>>This prepending rule ensures that the receiving application can > >>>>process sub-elements in the order they appear in the > >>>><wsse:Security> header block, because there will be no forward > >>>>dependency among the sub-elements. Note that this specification > >>>>does not impose any specific order of processing the > >>>>sub-elements. The receiving application can use whatever order > >>>>is required. > >>>></quote> > >>>> > >>>>This means, if the receiver sees an encryption sub-element > >>>>before a Signature sub-element if processes encryption first. > >>>>The ordering of elements is the _only_ information about the > >>>>processing sequence. How could the receiver otherweise > >>>>determine that it should first check Signature, then decrypt? > >>>> > >>>>Maybe you may crosscheck with the MS folks to clarfiy that? > >>>>Are there known problems with BizTalk / .Net WSE? In general > >>>>we tested interop with .Net WSE. > >>>> > >>>>Regards, > >>>>Werner > >>>> > >>>> > >>>> > >>>> > >>>>>-----Ursprüngliche Nachricht----- > >>>>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED] > >>>>>Gesendet: Freitag, 8. Juli 2005 07:59 > >>>>>An: Granqvist, Hans > >>>>>Cc: [email protected] > >>>>>Betreff: Re: order of sign and encr in .NET > >>>>> > >>>>> > >>>>>Granqvist, Hans wrote: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>>>>... biztalk outputs > >>>>>>>DataReference above Signature element and this causes > >>>>>>>decryption before signature and sign validation fails because > >>>>>>>decryption changes the value of body element. > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> > >>>>>>Is it you or biztalk that implies processing order from > >>>>>>the element order? > >>>>>> > >>>>>>Hans > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>> > >>>>>Whatever order I send data to Biztalk it processes correctly. > >>>>>Because my > >>>>>java client (wss4j) puts the headers of last operation above > >>>>>the others. > >>>>>However Biztalk always sends DataReference above Signature > >>> > >>>element and > >>> > >>>>>my java client (wss4j) first processes the encrypted body > >>> > >>>so signature > >>> > >>>>>validation fails. > >>>>> > >>>>>-- > >>>>>gurkan > >>>>> > >>>>>==========================================================- > >>>>>Bu e-posta sadece yukarida isimleri belirtilen kisiler > >>>>>arasinda özel haberlesme amacini tasimaktadir. Size > >>>>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz > >>>>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez > >>>>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir > >>>>>hukuksal sorumlulugu kabul etmez. > >>>>> > >>>>>This e-mail communication is intended for the private use of > >>>>>the people named above. If you received this message in > >>>>>error, please immediately notify the sender and delete it > >>>> > >>>>>from your system. The Central Bank of The Republic of Turkey > >>>> > >>>>>does not accept legal responsibility for the contents of > >>> > >>>this message. > >>> > >>>>> > >>>>> > >>> > >>> > >>>==========================================================- > >>>Bu e-posta sadece yukarida isimleri belirtilen kisiler > >>>arasinda özel haberlesme amacini tasimaktadir. Size > >>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz > >>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez > >>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir > >>>hukuksal sorumlulugu kabul etmez. > >>> > >>>This e-mail communication is intended for the private use of > >>>the people named above. If you received this message in > >>>error, please immediately notify the sender and delete it > >>>from your system. The Central Bank of The Republic of Turkey > >>>does not accept legal responsibility for the contents of this message. > >>> > >> > > > >
