Steve, thanks for testing it. When we introduced the millisecond stuff I was pretty sure we will hit some interop problems with this :-).
Thanks to Dims we can set it via deployment files now. Anyhow, currently we have 3 main issues with regard to .Net interoperability: - .Net does not yet support the WS-I specs with regard to security - .Net doesn't like the timestamps with the added millisecond precision - Need to set an Axis specific parameter (enableNamespacePrefixOptimization) to false > -----Ursprüngliche Nachricht----- > Von: Steve Behrendt [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 12. Juli 2005 18:53 > An: Dittmann, Werner > Cc: [EMAIL PROTECTED]; Gürkan Vural; Granqvist, Hans; > [email protected] > Betreff: RES: RES: AW: AW: order of sign and encr in .NET > > > Werner, > > I have found it. The attribute is in the WSConstants.java class. > I tried it with my .NET WS and it works fine. > > Is there a way to change the attribute in the WSConstants file without > change the file directly? Because that isn't a nice way to > configure the > client to work with a .net wse2.0 webserver in this way, I think. > E.g. for an interop scenario... > > Steve > > > -----Mensagem original----- > De: Steve Behrendt > Enviada em: terça-feira, 12 de julho de 2005 13:37 > Para: 'Dittmann, Werner' > Cc: [EMAIL PROTECTED]; Gürkan Vural; Granqvist, Hans; > [email protected] > Assunto: RES: RES: AW: AW: order of sign and encr in .NET > > > Werner, > > Sorry, but I can't find an atribute for that in the > WSSConfig.java file. > The only attributes are: > protected static WSSConfig defaultConfig = getNewInstance(); > protected String wsse_ns = WSConstants.WSSE_NS_OASIS_1_0; > protected String wsu_ns = WSConstants.WSU_NS_OASIS_1_0; > protected boolean qualifyBSTAttributes = false; > protected boolean prefixBSTValues = false; > protected boolean targetIdQualified = true; > protected boolean wsiBSPCompliant = false; > protected boolean processNonCompliantMessages = true; > public static final int TIMESTAMP_IN_SECURITY_ELEMENT = 1; > public static final int TIMESTAMP_IN_HEADER_ELEMENT = 2; > protected int timestampLocation = TIMESTAMP_IN_SECURITY_ELEMENT; > > One of them is the correct one? > > Steve > > -----Mensagem original----- > De: Dittmann, Werner [mailto:[EMAIL PROTECTED] > Enviada em: terça-feira, 12 de julho de 2005 03:16 > Para: Steve Behrendt > Cc: [EMAIL PROTECTED]; Gürkan Vural; Granqvist, Hans; > [email protected] > Assunto: AW: RES: AW: AW: order of sign and encr in .NET > > > Steve, all, > > about your first question: yes, that was the understanding > of a e-mail discussion we had some time ago: WSE does > not yet support WS-I (inclusivenamespace). > > Your other question: yes, there is a subtle difference > between the working request you sent last Friday. The > difference is in the Timestamp. The format of the date/time > of the new request now includes the milliseconds. We added > the milliseconds due to some other interop problems and > because the XML Schema requires the milliseconds AFAIK. > > But as usual you can switch off the milliseconds (in the > WSConfig file). Look for a boolean there. > > Regards, > Werner > > > > -----Ursprüngliche Nachricht----- > > Von: Steve Behrendt [mailto:[EMAIL PROTECTED] > > Gesendet: Montag, 11. Juli 2005 14:58 > > An: Werner Dittmann > > Cc: [EMAIL PROTECTED]; Dittmann, Werner; Gürkan Vural; > > Granqvist, Hans; [email protected] > > Betreff: RES: RES: AW: AW: order of sign and encr in .NET > > > > > > Werner, > > > > Thanks. "InclusiveNamespace" is stuff of the WS-I, but WSE > > doesn't support this stuff (inclusivenamespace), therefore > > the WSE dosn't accept the signature. Have I understand it right? > > > > I have tried it and found 2 problems. When I use the wss4j.jar file > > (the newest version) the "inclusivenamespace"-stuff is added, > > but when > > I use the "src" files of the project folder the > > "inclusivenamepsace" isn't > > added - without any changes on the wssconfig.java file. > > > > Now the java-client send a soap-message without the > > "inclusivenamespace"=stuff, > > due to the WS-I, but the WSE still dowsn't accept the > > signature. The exception is > > still the same: > > > > AxisFault > > faultCode: > > {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > > urity-secext-1.0.xsd}FailedCheck > > faultSubcode: > > faultString: Microsoft.Web.Services2.Security.SecurityFault: > > The signature or decryption was invalid > > at > > > Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) > > at > > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMe > > ssage(SoapEnvelope envelope) > > at > > Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvel > > ope envelope) > > at > > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserialize > > Server(SoapServerMessage message) > > faultActor: http://localhost/WebServiceGMC/webservicegmc.asmx > > > > The message is now: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <soapenv:Envelope > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > <soapenv:Header> > > <wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > > 1-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> > > <wsse:UsernameToken > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameTokenId-5862378"> > > <wsse:Username>usuario3</wsse:Username> > > <wsse:Password > > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > > username-token-profile-1.0#PasswordText">senha3</wsse:Password> > > <wsu:Created>2005-07-11T12:43:38.552Z</wsu:Created> > > <wsse:Nonce>85DpuTBD4f14uJhdklt2hA==</wsse:Nonce> > > </wsse:UsernameToken> > > <ds:Signature > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Canon > > icalizationMethod> > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:S > > ignatureMethod> > > <ds:Reference URI="#id-8706595"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>6m7QGOVJoQGzFpxEIHqFISlwvOg=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-15606519"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>OrbC+oWPDqjF8d22jSIM+Z7mUf0=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-3779465"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>lr2fB700eMiCriQD7hrukW13eLk=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-2929821"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>aX77bRqKYnP9W1LZnXYy42DNhDI=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-17160330"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>hyPLuTIjh/hATPYWwwHxqiqU8ko=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-13328393"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>FAiQvuh29IyJoZTvOZl7MbHwFgU=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="#id-927929"> > > <ds:Transforms> > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > <ds:DigestValue>zI1HezB6OwqrvwlhMDbvpKX3Bag=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > > > <ds:SignatureValue>TplVnW4j2/FeIgZVI2PRctbAgHc=</ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-2780950"> > > <wsse:SecurityTokenReference > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-25197736"> > > <wsse:Reference > > URI="#usernameTokenId-5862378" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-username-token-profile-1.0#UsernameToken"></wsse:Reference> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > <wsu:Timestamp > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3779465"> > > <wsu:Created>2005-07-11T12:43:38.536Z</wsu:Created> > > <wsu:Expires>2005-07-11T12:48:38.536Z</wsu:Expires> > > </wsu:Timestamp> > > </wsse:Security> > > <wsa:MessageID > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2929821" > > soapenv:mustUnderstand="0">uuid:672b03c0-f209-11d9-9218-cb301b > > 6f3efb</wsa:MessageID> > > <wsa:To > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-927929" > > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC > > /webservicegmc.asmx</wsa:To> > > <wsa:Action > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15606519" > > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webs > > ervicegmc.asmx?op=getClientes</wsa:Action> > > <wsa:From > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-13328393" > > soapenv:mustUnderstand="0"> > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/ > > role/anonymous</wsa:Address> > > </wsa:From> > > <wsa:ReplyTo > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-17160330" > > soapenv:mustUnderstand="0"> > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/ > > role/anonymous</wsa:Address> > > </wsa:ReplyTo> > > </soapenv:Header> > > <soapenv:Body > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-8706595"> > > <anunciar xmlns="http://weg.net/service";> > > <ns1:usuario > > xmlns:ns1="http://weg.net/service/";>usuario1</ns1:usuario> > > </anunciar> > > </soapenv:Body> > > </soapenv:Envelope> > > > > > > > > Any body see a difference between the working message sent by > > the old wss4 > > and this from the up-to-date wss4j? > > > > STEVE > > > > > > > > > > > > > > > > -----Mensagem original----- > > De: Werner Dittmann [mailto:[EMAIL PROTECTED] > > Enviada em: sábado, 9 de julho de 2005 04:19 > > Para: Steve Behrendt > > Cc: [EMAIL PROTECTED]; Dittmann, Werner; Gürkan Vural; > > Granqvist, Hans; > > [email protected] > > Assunto: Re: RES: AW: AW: order of sign and encr in .NET > > > > > > Brian, Steve, all, > > > > looking at it I see the difference. Soemtime ago one of the > > contributers implemented some additons to be WS-I compliant. > > This "InclusiveNamespace" stuff is due to this, and as it turned > > out WSE is not yet ready to handle this. Due to this there is > > a boolean in WSSConfig.java (wsiBSPCompliant). If this boolean > > is true WSS4J works in BS-I compliant mode, setting it to false > > WSS4J works as before. > > > > Can you crosscheck and give it a try? > > > > Thanks, > > Werner > > > > Steve Behrendt schrieb: > > > Brian, > > > > > > You are right. I have tested the attached wss4j.jar file > > too and I had > > > success. My client now can produce a message that the .net > > client understand. > > > The signature should be right, because the .NET WebService > > now don't respond > > > with the Exception (Signature invalid). > > > > > > I have build 2 Messsages, one with the new and one with the > > "old" wss4j.jar > > > and attached. > > > > > > The old one, which don't works: > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <soapenv:Envelope > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > > <soapenv:Header> > > > <wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > > 1-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> > > > <wsse:UsernameToken > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameTokenId-12455463"> > > > <wsse:Username>usuario3</wsse:Username> > > > <wsse:Password > > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > > username-token-profile-1.0#PasswordText">senha3</wsse:Password> > > > <wsu:Created>2005-07-05T14:10:26Z</wsu:Created> > > > <wsse:Nonce>yOBObBQ+sbevlt2XM0Xukg==</wsse:Nonce> > > > </wsse:UsernameToken> > > > <ds:Signature > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > > <ds:SignedInfo> > > > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="soapenv wsa xsd xsi"></ec:InclusiveNamespaces> > > > </ds:CanonicalizationMethod> > > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:S > > ignatureMethod> > > > <ds:Reference URI="#id-7866553"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="wsa xsd xsi"></ec:InclusiveNamespaces> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>PmQSgFYbhiZciP5F6CRT5MZOPPk=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-3874052"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="soapenv wsa wsse xsd xsi"></ec:InclusiveNamespaces> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>jcRns/iJ1hxPJZEqUt1DIG0iDdo=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-15606519"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="xsd xsi"></ec:InclusiveNamespaces> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>TB1t5JzPv1WQ4uMX05qKqIl2s9o=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-3779465"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="xsd xsi"></ec:InclusiveNamespaces> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>erDZuYXo9WJn29GSh6Kood6guzw=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-2929821"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="xsd xsi"></ec:InclusiveNamespaces> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>QbIGZGq03FxN6tA2aE9d11/hvh0=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-17160330"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > > > <ec:InclusiveNamespaces > > xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="xsd xsi"></ec:InclusiveNamespaces> > > > </ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>Y4vVT5KZ9FKbXLumKcaqvHaWhHM=</ds:DigestValue> > > > </ds:Reference> > > > </ds:SignedInfo> > > > > > <ds:SignatureValue>aLSM1mbqLMfNLKPVoi7dRqeVMT4=</ds:SignatureValue> > > > <ds:KeyInfo Id="KeyId-26956311"> > > > <wsse:SecurityTokenReference > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-9734221"> > > > <wsse:Reference > > URI="#usernameTokenId-12455463" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-username-token-profile-1.0#UsernameToken"></wsse:Reference> > > > </wsse:SecurityTokenReference> > > > </ds:KeyInfo> > > > </ds:Signature> > > > <wsu:Timestamp > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3874052"> > > > <wsu:Created>2005-07-05T14:10:26Z</wsu:Created> > > > <wsu:Expires>2005-07-05T14:15:26Z</wsu:Expires> > > > </wsu:Timestamp> > > > </wsse:Security> > > > <wsa:MessageID > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3779465" > > soapenv:mustUnderstand="0">uuid:8912a6f0-ed5e-11d9-8c80-a1e409 > > 7e4740</wsa:MessageID> > > > <wsa:To > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-17160330" > > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC > > /webservicegmc.asmx</wsa:To> > > > <wsa:Action > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15606519" > > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webs > > ervicegmc.asmx?op=getClientes</wsa:Action> > > > <wsa:From > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2929821" > > soapenv:mustUnderstand="0"> > > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/ > > role/anonymous</wsa:Address> > > > </wsa:From> > > > </soapenv:Header> > > > <soapenv:Body > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-7866553"> > > > <anunciar xmlns="http://weg.net/service";> > > > <ns1:usuario > > xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario> > > > </anunciar> > > > </soapenv:Body> > > > </soapenv:Envelope> > > > > > > ------------------------------------------------------ > > > > > > and the new one working: > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <soapenv:Envelope > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > > <soapenv:Header> > > > <wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > > 1-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"> > > > <wsse:UsernameToken > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameTokenId-32956236"> > > > <wsse:Username>usuario3</wsse:Username> > > > <wsse:Password > > Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- > > username-token-profile-1.0#PasswordText">senha3</wsse:Password> > > > <wsu:Created>2005-07-08T18:21:20Z</wsu:Created> > > > <wsse:Nonce>RKPwh5ELWCBqUa0FhZtP9A==</wsse:Nonce> > > > </wsse:UsernameToken> > > > <ds:Signature > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > > <ds:SignedInfo> > > > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Canon > > icalizationMethod> > > > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1";></ds:S > > ignatureMethod> > > > <ds:Reference URI="#id-9734221"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>FaQ7O3MS6a3e82I/jsfOhoDL+2M=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-867695"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>HinR+8MaMcU59CYiC25On0mv67U=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-20727434"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>YmbgnQ/0F+mxw9s3NrOibFvRj8w=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-3874052"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>iGemJhTiJd71u03JJWG22tLwfQ4=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-15606519"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>3m17MdDRPyAuUKi93W08Xdh2XQg=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-3779465"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>4Tb0yMaDPpAwiQXVpXdfJYWmvR0=</ds:DigestValue> > > > </ds:Reference> > > > <ds:Reference URI="#id-2929821"> > > > <ds:Transforms> > > > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > > > </ds:Transforms> > > > <ds:DigestMethod > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > > > > <ds:DigestValue>t0XvlW4iqR3Qo2SirI+6sqkG4gk=</ds:DigestValue> > > > </ds:Reference> > > > </ds:SignedInfo> > > > > > <ds:SignatureValue>Q1NqxNLzcBL4wIjc6UToVyJ6+Kc=</ds:SignatureValue> > > > <ds:KeyInfo Id="KeyId-19583390"> > > > <wsse:SecurityTokenReference > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-2780950"> > > > <wsse:Reference > > URI="#usernameTokenId-32956236" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-username-token-profile-1.0#UsernameToken"></wsse:Reference> > > > </wsse:SecurityTokenReference> > > > </ds:KeyInfo> > > > </ds:Signature> > > > <wsu:Timestamp > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-20727434"> > > > <wsu:Created>2005-07-08T18:21:20Z</wsu:Created> > > > <wsu:Expires>2005-07-08T18:26:20Z</wsu:Expires> > > > </wsu:Timestamp> > > > </wsse:Security> > > > <wsa:MessageID > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3874052" > > soapenv:mustUnderstand="0">uuid:14e28260-efdd-11d9-a841-a743b9 > > d3b3f7</wsa:MessageID> > > > <wsa:To > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2929821" > > soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC > > /webservicegmc.asmx</wsa:To> > > > <wsa:Action > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-867695" > > soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webs > > ervicegmc.asmx?op=getClientes</wsa:Action> > > > <wsa:From > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3779465" > > soapenv:mustUnderstand="0"> > > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/ > > role/anonymous</wsa:Address> > > > </wsa:From> > > > <wsa:ReplyTo > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15606519" > > soapenv:mustUnderstand="0"> > > > > > <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/ > > role/anonymous</wsa:Address> > > > </wsa:ReplyTo> > > > </soapenv:Header> > > > <soapenv:Body > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-9734221"> > > > <anunciar xmlns="http://weg.net/service";> > > > <ns1:usuario > > xmlns:ns1="http://weg.net/service/";>1234</ns1:usuario> > > > </anunciar> > > > </soapenv:Body> > > > </soapenv:Envelope> > > > > > > > > -------------------------------------------------------------- > > --------- > > > > > > Now we have an example to work on it. I have already > > compared each other. > > > The main difference I had found was the > > "CanonicalizationMethod" - Tag and the > > > "Transform" Tag of the "Transforms" tags. > > > Perhaps there are the problems?!?!? > > > > > > Steve > > > > > > > > > -----Mensagem original----- > > > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Enviada em: sexta-feira, 8 de julho de 2005 07:59 > > > Para: Dittmann, Werner; Steve Behrendt > > > Cc: Gürkan Vural; Granqvist, Hans; [email protected] > > > Assunto: Re: AW: AW: order of sign and encr in .NET > > > > > > > > > Werner, Gürkan and David, > > > > > > Since Steve's post to the list concerning his problems > > using wss4j with > > > UsernameToken Signature I've look at it again. My personal > > conclusion is > > > that it once worked, but that in the meantime it's become > > broken. At the > > > present time I can't say when exactly. I've tried various > version of > > > wss4j, axis and bouncycastle and the only way I can get it > > working is by > > > using an older version of wss4j that I build. I've attached > > it, so you can > > > try it out and hopefully have a request come through. > > > > > > Regards Brian > > > > > > > > > > > > > > > > > > > > >>Gürkan, > > >> > > >>is this a real log of the request? If I save the file and try > > >>to open it with an XML editor it fails because of non-well > > >>formed document. Looking at it with emacs I see some linebreaks > > >>at unusual points, e.g. in the middle of an element name. > > >> > > >>I'm not sure if this is due to e-mail transport or similar. > > >>But because you sent it as an attachement I would suspect that is > > >>not the case. > > >> > > >>Can you verify this? > > >> > > >>Regards, > > >>Werner > > >> > > >> > > >>>-----Ursprüngliche Nachricht----- > > >>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED] > > >>>Gesendet: Freitag, 8. Juli 2005 11:06 > > >>>An: Dittmann, Werner > > >>>Cc: Granqvist, Hans; [email protected] > > >>>Betreff: Re: AW: order of sign and encr in .NET > > >>> > > >>> > > >>>sorry wss4j can verify all elements but not final > > signature value. it > > >>>processes all elements in the correct order. I am > trying to verify > > >>>username token signature with > > >>>http://www.w3.org/2000/09/xmldsig#hmac-sha1 algorithm. I can > > >>>verify what > > >>>i send to biztalk but not from biztalk. In the attachment > > there is a > > >>>sample soap message. Can anyone try to verify this? > > >>> > > >>>-- > > >>>gurkan > > >>> > > >>>Dittmann, Werner wrote: > > >>> > > >>> > > >>>>Gürkan, > > >>>> > > >>>>to me it seems a problem of BizTalk and/or the .Net WSE > > >>>>implementation. According to the OASIS WSS specification, > > >>>>chapter 5: > > >>>> > > >>>><quote> > > >>>>As elements are added to a <wsse:Security> header block, > > >>>>they SHOULD be prepended to the existing elements. As such, > > >>>>the <wsse:Security> header block represents the signing and > > >>>>encryption steps the message producer took to create > the message. > > >>>>This prepending rule ensures that the receiving application can > > >>>>process sub-elements in the order they appear in the > > >>>><wsse:Security> header block, because there will be no forward > > >>>>dependency among the sub-elements. Note that this specification > > >>>>does not impose any specific order of processing the > > >>>>sub-elements. The receiving application can use whatever order > > >>>>is required. > > >>>></quote> > > >>>> > > >>>>This means, if the receiver sees an encryption sub-element > > >>>>before a Signature sub-element if processes encryption first. > > >>>>The ordering of elements is the _only_ information about the > > >>>>processing sequence. How could the receiver otherweise > > >>>>determine that it should first check Signature, then decrypt? > > >>>> > > >>>>Maybe you may crosscheck with the MS folks to clarfiy that? > > >>>>Are there known problems with BizTalk / .Net WSE? In general > > >>>>we tested interop with .Net WSE. > > >>>> > > >>>>Regards, > > >>>>Werner > > >>>> > > >>>> > > >>>> > > >>>> > > >>>>>-----Ursprüngliche Nachricht----- > > >>>>>Von: Gürkan Vural [mailto:[EMAIL PROTECTED] > > >>>>>Gesendet: Freitag, 8. Juli 2005 07:59 > > >>>>>An: Granqvist, Hans > > >>>>>Cc: [email protected] > > >>>>>Betreff: Re: order of sign and encr in .NET > > >>>>> > > >>>>> > > >>>>>Granqvist, Hans wrote: > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>>>>... biztalk outputs > > >>>>>>>DataReference above Signature element and this causes > > >>>>>>>decryption before signature and sign validation fails because > > >>>>>>>decryption changes the value of body element. > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>>> > > >>>>>> > > >>>>>>Is it you or biztalk that implies processing order from > > >>>>>>the element order? > > >>>>>> > > >>>>>>Hans > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>> > > >>>>>Whatever order I send data to Biztalk it processes correctly. > > >>>>>Because my > > >>>>>java client (wss4j) puts the headers of last operation above > > >>>>>the others. > > >>>>>However Biztalk always sends DataReference above Signature > > >>> > > >>>element and > > >>> > > >>>>>my java client (wss4j) first processes the encrypted body > > >>> > > >>>so signature > > >>> > > >>>>>validation fails. > > >>>>> > > >>>>>-- > > >>>>>gurkan > > >>>>> > > >>>>>==========================================================- > > >>>>>Bu e-posta sadece yukarida isimleri belirtilen kisiler > > >>>>>arasinda özel haberlesme amacini tasimaktadir. Size > > >>>>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz > > >>>>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez > > >>>>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir > > >>>>>hukuksal sorumlulugu kabul etmez. > > >>>>> > > >>>>>This e-mail communication is intended for the private use of > > >>>>>the people named above. If you received this message in > > >>>>>error, please immediately notify the sender and delete it > > >>>> > > >>>>>from your system. The Central Bank of The Republic of Turkey > > >>>> > > >>>>>does not accept legal responsibility for the contents of > > >>> > > >>>this message. > > >>> > > >>>>> > > >>>>> > > >>> > > >>> > > >>>==========================================================- > > >>>Bu e-posta sadece yukarida isimleri belirtilen kisiler > > >>>arasinda özel haberlesme amacini tasimaktadir. Size > > >>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz > > >>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez > > >>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir > > >>>hukuksal sorumlulugu kabul etmez. > > >>> > > >>>This e-mail communication is intended for the private use of > > >>>the people named above. If you received this message in > > >>>error, please immediately notify the sender and delete it > > >>>from your system. The Central Bank of The Republic of Turkey > > >>>does not accept legal responsibility for the contents of > > this message. > > >>> > > >> > > > > > > > >
