it works with xmlsec-1.3.0! thanks, yves >-- Originalnachricht -- >Date: Thu, 3 Nov 2005 15:22:39 +0100 >From: [EMAIL PROTECTED] >Subject: interop with sun jwsdp-1.6 II >To: [email protected] > > >Hello, >when trying to verify the attached soap message, I get a 'signature >verification >failed' error. The problem seems to be with the canonicalization method, >resp. the InclusiveNamespaces tag. Tests without InclusiveNamespaces run >fine. Is this a known issue? >Gruss, Yves > >- verify 2 References >- I am not requested to follow nested Manifests >- setElement("ds:Reference", "null") >- Request for URI http://www.w3.org/2000/09/xmldsig#sha1 >- I was asked to create a ResourceResolver and got 1 >- extra resolvers to my existing 4 system-wide resolvers >- check resolvability by class >org.apache.ws.security.message.EnvelopeIdResolver >- enter engineResolve, look for: #XWSSGID-11310269880521744768699 >- Tag: wsu:Timestamp, 'null' >- Attr: wsu:Id, 'XWSSGID-11310269880521744768699' >- Attr: xmlns, '' >- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >- Attr: xmlns:wsse, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >- Attr: xmlns:wsu, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >- Tag: wsu:Created, 'null' >- Attr: xmlns, '' >- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >- Attr: xmlns:wsse, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >- Attr: xmlns:wsu, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >- Tag: #text, '2005-11-03T14:09:47Z' >- Tag: wsu:Expires, 'null' >- Attr: xmlns, '' >- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >- Attr: xmlns:wsse, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >- Attr: xmlns:wsu, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >- Tag: #text, '2005-11-03T14:14:47Z' >- engineResolve= 115 >- exit engineResolve, result: XMLSignatureInput/NodeSet/18 nodes/null >- Verification successful for URI "#XWSSGID-11310269880521744768699" >- The Reference has Type >- setElement("ds:Reference", "null") >- Request for URI http://www.w3.org/2000/09/xmldsig#sha1 >- I was asked to create a ResourceResolver and got 1 >- extra resolvers to my existing 4 system-wide resolvers >- check resolvability by class >org.apache.ws.security.message.EnvelopeIdResolver >- enter engineResolve, look for: #XWSSGID-1131026988066-1993810997 >- Tag: SOAP-ENV:Body, 'null' >- Attr: wsu:Id, 'XWSSGID-1131026988066-1993810997' >- Attr: xmlns, '' >- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >- Attr: xmlns:wsu, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >- Tag: tru:StockSymbol, 'null' >- Attr: xmlns, '' >- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >- Attr: xmlns:tru, 'http://fabrikam123.com/payloads' >- Attr: xmlns:wsu, >'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >- Tag: #text, 'QQQ' >- engineResolve= 7 >- exit engineResolve, result: XMLSignatureInput/NodeSet/11 nodes/null >- Verification successful for URI "#XWSSGID-1131026988066-1993810997" >- The Reference has Type >- setElement("ds:SignatureMethod", "null") >- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class >"org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" >- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 >- Created SignatureDSA using SHA1withRSA >- SignatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1 >- jceSigAlgorithm = SHA1withRSA >- jceSigProvider = BC >- PublicKey = RSA Public Key > modulus: > ee182fa9ef13b4d216744b0fe5cc898e785a2a09c8de6a150a8e57b605c4b96e39627c524384a84ab5bc5e5c42d9488a99060fcb96d09930013651c563426a64725f6c961ffe86ad32432dcdb10dc0fd089ecc0be08974fa507e6432c7a268e510eaea5b58f1d9ae77f2f755b12ba560925932 3 >e53bc62306202ddabeb50f56f > public exponent: 10001 > >- SignatureValue = 52 15 C0 20 04 91 AD 6C 17 2C C2 F2 4C 0F 30 00 5C 24 >F5 68 76 F5 2B 86 56 D6 8A B6 06 8B 3C C1 F0 09 8D 38 28 FF 6F 77 EE 4A 37 >33 6B 45 4D 35 29 23 77 F0 C2 7C D6 73 19 E3 2F F6 21 16 B5 F8 97 09 C9 A0 >09 6C B3 68 83 6A 02 E5 48 77 EC CA F9 40 E8 64 EC 60 8A C1 5E 66 AC 53 31 >49 41 C2 3D 5C 10 7B 61 04 B0 F2 A4 FB 50 30 37 F5 04 EC 29 0D A1 CC 9E 0B >55 F9 0E 00 F6 9E A5 3D 5B 8B >org.apache.ws.security.WSSecurityException: The signature verification failed > at > org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198) > > >sunrise ADSL: gratis und so sicher wie noch nie >http://www.sunrise.ch/home/proint/proint_ads-2.htm > > > > >Anlage: u1.xml > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED]
sunrise ADSL: gratis und so sicher wie noch nie http://www.sunrise.ch/home/proint/proint_ads-2.htm --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
