Yinghui, that failure may have several reasons. Fist of all, you are right that modifiying/addin an element that was not part of the Signature should not cause the verification to fail.
However, my assumption is that during the modification of the body ny adding another element also the original element (A) is modifiy somehow. To add the second element (B) someone usually needs to parse the body, building a DOM tree, insert the new element and serialize the DOM into a new body. If during this parsing/inserting/serialization process the element A is modifiyied in some way the verification fails. Modification in this case mean e.g. adding a newline character, a blank, a tab or something else. This very often occurs during the above mentioned steps. After Singing an element this element _must not_ be modified in the way described above. You may check the whole stuff if you really look at the request using e.g. TCPMON before the request enters procesing of company B and after processing. Regards, Werner > -----Ursprüngliche Nachricht----- > Von: yinghui chen [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 10. November 2005 22:32 > An: [email protected] > Betreff: signature verification fail when modifying soap body > by intermediate > > Dear All, > I am currently applying the wss4j for a small project. But > we are having a > problem of signature verification failure. Here is the description. > For example, company A construct a SOAP message, and sign > element A within > the SOAP body. And then company A send the SOAP to company B. > Company B > insert an element B into the SOAP body. The element B is a sibling of > element A. And then Company B forward the SOAP to Company C. > The Company C > verifies the signature, but it fails. I have tried the case > if Company B > does not insert element B, the signature verification is success. > The thing that I do not understand is that company A sign > only element A, > why insersion of element B break the signature. > I attached the source code together with the email. > > I am looking forward to your help, > Yinghui > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
