Hi, I'm still stuck this failing signature. I now have some more information information.
First, the failure happens with Axis 1.3 jars, but not with Axis 1.2.1. It seems to be the same problem that you were discussing last October; did you ever find out what was wrong. In this specific case, I've found out from the library logging that the digests of the references are correct. Therefore, I presume that the failure is in the digesting/canonicalization/signing of the SignedInfo itself. Further, after hacking in extra checks to my handler, I find that the signature checks out OK after WSSignEnvelope has made it, but fails after I pass the enevlope with the signed message to Axis' MessageContext and then get it back again. I.e., it goes wrong before the pivot handler in the client can change anything, and way before the service handlers get to play with it. Finally, is there any chance that this can be related to the canonicalization problem reported as http://issues.apache.org/jira/browse/WSS-19 ? BTW, "go back to Axis 1.2.1" is not a cheap option for us. We'd really like to get this fixed. Cheers, Guy On Fri, 17 Mar 2006, Dittmann, Werner wrote: > Guy, > > you are right, it's part of the XMLUtils.outputDOM() method. > > It's necessary to have these c14n step and to use the > Axis parameters to ensure that the namespace handling is > correct. > > Regards, > Werner > > > -----Urspr?ngliche Nachricht----- > > Von: Guy Rixon [mailto:[EMAIL PROTECTED] > > Gesendet: Freitag, 17. M?rz 2006 15:15 > > An: Dittmann, Werner > > Cc: [EMAIL PROTECTED]; [email protected] > > Betreff: Re: AW: AW:Problems with signatures > > > > Werner, > > > > OK, code is appended. Actually, I wrote this handler _after_ > > I started seeing > > this bug. I orginally had the problem when using > > WSDoAllSender. I can't > > see a canonicalization step in WSDoAllSender itself; is it part of > > XMLUtils.outputDOM()? Originally, I used that (I lifted the > > serialization code > > from WSDoAllSender), but still got the problem. Maybe I > > didn't try that with > > the Axis don't-fiddle options set. > > > > Cheers, > > Guy > > > > // Get the SOAP envelop as a DOM. > > Document envelope = > > > > msgContext.getCurrentMessage().getSOAPEnvelope().getAsDocument(); > > if (envelope == null) { > > throw new Exception("SOAP Envelope is null"); > > } > > > > // Sign the message using WSS4J. By default, the > > WSSignEnvelope signs > > the > > // the SOAP body as a whole, which is correct for this use case. > > Init.init(); > > WSSignEnvelope signer = new WSSignEnvelope(); > > signer.setUserInfo(alias, password); // Lets it use the Crypto. > > > > signer.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // > > Includes certificates in the message. > > Document newEnvelope = signer.build(envelope, crypto); > > > > > > // DEBUG: dump the raw document. > > org.apache.axis.utils.XMLUtils.DocumentToStream(newEnvelope, new > > java.io.FileOutputStream("client.xml")); > > > > // Replace the unsigned message with the signed one. > > String serializedEnvelope = > > > > org.apache.axis.utils.XMLUtils.DocumentToString(newEnvelope); > > SOAPPart sp = > > > > (org.apache.axis.SOAPPart)(msgContext.getCurrentMessage().getS > > OAPPart()); > > sp.setCurrentMessage(serializedEnvelope.getBytes(), > > SOAPPart.FORM_BYTES); > > > > > > > > On Fri, 17 Mar 2006, Dittmann, Werner wrote: > > > > > Guy, > > > > > > I wasn't aware that you use a custom handler. > > > > > > As I can see there could be a problem when you hand over > > > the signed message to Axis for sending it over the wire. > > > It's somewhat tricky to do this. Bevor handing it over > > > to Axis the message should be fed thru a c14n method, > > > this is was WSDoAllSender does before it sets the signed > > > message as "new" message to Axis. > > > > > > Maybe you can show the code snippet where your handler > > > do this. > > > > > > Regards, > > > Werner > > > > > > > -----Urspr?ngliche Nachricht----- > > > > Von: Guy Rixon [mailto:[EMAIL PROTECTED] > > > > Gesendet: Freitag, 17. M?rz 2006 11:06 > > > > An: Dittmann, Werner > > > > Cc: [EMAIL PROTECTED]; [email protected] > > > > Betreff: Re: AW: AW: AW: Problems with signatures > > > > > > > > Test configuration: > > > > > > > > Custom handler in the client, calling WSSignEnvelope; based > > > > on WSDoAllSender, > > > > but stripped down so that it only has the code relevant > > to signature. > > > > > > > > WSDoAllReceiver in the service (tweaked with extra logging, > > > > but basically the > > > > one from WSS4J 1.0.0). > > > > > > > > Certificates generated from local CA. The trust anchor was > > > > made with OpenSSL > > > > and the user certificate with KeyStore Explorer. The trust > > > > anchor is an > > > > X.509v3 and the user one an X.509v1. The keys do work for the > > > > signature: I > > > > know that because I put a check in WSSignEnvelope to check > > > > the signature just > > > > after signing. > > > > > > > > This is the log output from the JUnit tests, starting from > > > > the entry to > > > > WSDoAllReceiver. > > > > > > > > 1051 DEBUG org.astrogrid.security.ServiceHandler - > > > > WSDoAllReceiver: enter > > > > invoke() with msg type: null > > > > 1071 DEBUG org.astrogrid.security.ServiceHandler - Received > > > > SOAP request: > > > > 1071 DEBUG org.astrogrid.security.ServiceHandler - > > > > <soapenv:Envelope xmlns="" > > > > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > > > <soapenv:Header> > > > > <wsse:Security soapenv:mustUnderstand="1" xmlns="" > > > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > > > > 1-wss-wssecurity-secext-1.0.xsd"> > > > > <wsse:BinarySecurityToken > > > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > > > > 401-wss-soap-message-security-1.0#Base64Binary" > > > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > > > -wss-x509-token-profile-1.0#X509v3" > > > > wsu:Id="CertId--273267" xmlns="" > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > > > -wss-wssecurity-utility-1.0.xsd"> > > > > MIIDETCCAfmgAwIBAAIBBDANBgkqhkiG9w0BAQIFADBCMQswCQYDVQQDEwJDQT > > > > ESMBAGA1UECxMJ > > > > dW5pdC10ZXN0MRIwEAYDVQQKEwlBc3Ryb0dyaWQxCzAJBgNVBAYTAlVLMB4XDT > > > > A2MDMwNzE4MjAz > > > > OVoXDTE2MDMwNzE4MjAzOVowVjELMAkGA1UEBhMCVUsxEjAQBgNVBAoTCUFzdH > > > > JvR3JpZDESMBAG > > > > A1UECxMJdW5pdC10ZXN0MR8wHQYDVQQDExZTZWN1cml0eS1mYWNhZGUgdGVzdG > > > > VyMIIBIjANBgkq > > > > hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA1mJfcoLg22xFvQiB9NY6tH7aY4Ub > > > > FHGIl5AjampcD8 > > > > zW/OcbaEndMaK495ODS8BbwXz8B0YPzIjczpO56k7H63sJWxrgMsDGU4oeIlh3 > > > > DiAOYywD3h9PAu > > > > c8tnoD7q5SyY0Vw9jkuRP6iOKmf+nTfi910zNB86PYjCk0zarie3Ehg7/LBYNC > > > > 0us+JV9M/q76mw > > > > OOMzypgLjM1skBjO6tMbDosnCQe58+ei2ZfRT4gnCRhHRojLfcR3ND0pi7BS5T > > > > OX8qTrQ8x++erN > > > > BlA2X+uX3yAx4Y1cvW9YkKAjx5UxpUu8uJFYfLNKoTCq86E6+OFk5+SRQLp1Kp > > > > S9EvfZ5wIDAQAB > > > > MA0GCSqGSIb3DQEBAgUAA4IBAQARtZRiqKj1IXqD7wVlwqZPvE4CuFy9fjpu0n > > > > xVN+UnKs3cNm7g > > > > QfLPpDbh7maiGmmxWA2mFobptzbnfAyRfKYJWJ/hI8neouL+05L78cz7nTDDxp > > > > jEhWpV8qtXdKp4 > > > > r5S4GhG84HzPMrEqxxc0CRXbK3KLLLudbCPMNgSFxzRwimCpBTkwe81jwYH0FZ > > > > ECyCBAsgfUMCz4 > > > > jeYwBjqKxHlGeZERD9oRfsRF28nLgNRrP5D9IMj2Y2rhbILMmb0GTK/YWFpfD3 > > > > H/DEP0hUVtRni7 > > > > ykGvaLOYA7rI1eiKwxmFWTs6H+CPgkyZ+SW3l//uY/6HnzD1XacTIRASz1UK7Bzw > > > > </wsse:BinarySecurityToken> > > > > <ds:Signature xmlns="" > > > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > > > > > > > <ds:SignedInfo xmlns=""> > > > > > > > > <ds:CanonicalizationMethod > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns=""/> > > > > > > > > <ds:SignatureMethod > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; xmlns=""/> > > > > > > > > <ds:Reference URI="#id-367156" xmlns=""> > > > > > > > > <ds:Transforms xmlns=""> > > > > > > > > <ds:Transform > > > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > > > > xmlns=""/> > > > > > > > > </ds:Transforms> > > > > > > > > <ds:DigestMethod > > > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > > > > xmlns=""/> > > > > > > > > <ds:DigestValue xmlns=""> > > > > S4XaDnlI8lOC8p5vVKlx9sLrKl8= </ds:DigestValue> > > > > > > > > </ds:Reference> > > > > > > > > </ds:SignedInfo> > > > > > > > > <ds:SignatureValue xmlns=""> > > > > > > > > fTcyC/oqssWUL1G96ma5ED/gNIaecHKgJBR7kCeXg2mzSwfSfe3gWRFEkiViGS > > > > zXE0OFvsDMjm7p > > > > JdytgsjH3iuMg9WaZOV9TU7ZaYhabZMtK0toq3zGFNJayIhfpuZq5WDAbdqvZ1 > > > > 2BnJppWvYWADvy > > > > +zX7w0UGl3ApikKbcGMp7SSnB4JRb7TS0Ln0rk0dYcpm9cAEj76dT5UFW7e+af > > > > QQeUwj03E5sQfS > > > > H9KjN1gg+YD1B3gNPFYErwI+QeX+UDY9fb+qAqFxN734NhvR+/rC3JTNgieSmu > > > > iCjXE/8MKdOfFJ > > > > QpEE1YEqTC1SH6cUU0YR3rt84Eqg91JeyrCOpQ== > > > > </ds:SignatureValue> > > > > > > > > <ds:KeyInfo Id="KeyId-12014770" xmlns=""> > > > > > > > > <wsse:SecurityTokenReference wsu:Id="STRId-28360136" xmlns="" > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > > > -wss-wssecurity-utility-1.0.xsd"> > > > > <wsse:Reference URI="#CertId--273267" > > > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > > > -wss-x509-token-profile-1.0#X509v3" > > > > xmlns=""/> > > > > </wsse:SecurityTokenReference> > > > > > > > > </ds:KeyInfo> > > > > > > > > </ds:Signature> > > > > </wsse:Security> > > > > </soapenv:Header> > > > > <soapenv:Body wsu:Id="id-367156" > > > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > > > -wss-wssecurity-utility-1.0.xsd"> > > > > <whoAmI xmlns=""/> > > > > </soapenv:Body> > > > > </soapenv:Envelope> > > > > > > > > 1071 INFO > > > > org.apache.ws.security.components.crypto.CryptoFactory - Using > > > > Crypto Engine [org.apache.ws.security.components.crypto.Merlin] > > > > 1071 DEBUG org.apache.ws.security.WSSecurityEngine - enter > > > > processSecurityHeader() > > > > 1081 DEBUG org.apache.ws.security.WSSecurityEngine - > > > > Processing WS-Security > > > > header for '' actor. > > > > 1081 DEBUG org.apache.ws.security.WSSecurityEngine - > > Unknown Element: > > > > BinarySecurityToken > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu > > > > rity-secext-1.0.xsd > > > > 1081 DEBUG org.apache.ws.security.WSSecurityEngine - Found > > > > signature element > > > > 1081 DEBUG org.apache.ws.security.WSSecurityEngine - Verify > > > > XML Signature > > > > 1081 DEBUG org.apache.xml.security.utils.ElementProxy - > > > > setElement("ds:Signature", "null") > > > > 1081 DEBUG org.apache.xml.security.utils.ElementProxy - > > > > setElement("ds:SignedInfo", "null") > > > > 1081 DEBUG org.apache.xml.security.utils.ElementProxy - > > > > setElement("ds:SignatureMethod", "null") > > > > 1081 DEBUG > > > > org.apache.xml.security.algorithms.SignatureAlgorithm - > > Create URI > > > > "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class > > > > "org.apache.xml.security.algorithms.implementations.SignatureB > > > > aseRSA$SignatureRSASHA1" > > > > 1081 DEBUG org.apache.xml.security.algorithms.JCEMapper - > > > > Request for URI > > > > http://www.w3.org/2000/09/xmldsig#rsa-sha1 > > > > 1081 DEBUG > > > > > > org.apache.xml.security.algorithms.implementations.SignatureBaseRSA > > > > - Created SignatureDSA using SHA1withRSA > > > > 1081 DEBUG org.apache.xml.security.utils.ElementProxy - > > > > setElement("ds:KeyInfo", "null") > > > > 1081 DEBUG org.apache.ws.security.WSSecurityEngine - > > > > Checking signature value > > > > with a certificate in the name of CN=Security-facade tester, > > > > OU=unit-test, > > > > O=AstroGrid, C=UK issued by C=UK, O=AstroGrid, OU=unit-test, CN=CA > > > > 1081 DEBUG org.apache.xml.security.signature.Manifest - > > > > verify 1 References > > > > 1081 DEBUG org.apache.xml.security.signature.Manifest - I am > > > > not requested to > > > > follow nested Manifests > > > > 1081 DEBUG org.apache.xml.security.utils.ElementProxy - > > > > setElement("ds:Reference", "null") > > > > 1081 DEBUG org.apache.xml.security.algorithms.JCEMapper - > > > > Request for URI > > > > http://www.w3.org/2000/09/xmldsig#sha1 > > > > 1081 DEBUG > > > > org.apache.xml.security.utils.resolver.ResourceResolver - I was > > > > asked to create a ResourceResolver and got 1 > > > > 1081 DEBUG > > > > org.apache.xml.security.utils.resolver.ResourceResolver - extra > > > > resolvers to my existing 4 system-wide resolvers > > > > 1081 DEBUG > > > > org.apache.xml.security.utils.resolver.ResourceResolver - check > > > > resolvability by class > > > > org.apache.ws.security.message.EnvelopeIdResolver > > > > 1091 DEBUG org.apache.xml.security.utils.ElementProxy - > > > > setElement("ds:Transforms", "null") > > > > 1091 DEBUG org.apache.xml.security.utils.ElementProxy - > > > > setElement("ds:Transform", "null") > > > > 1091 DEBUG org.apache.xml.security.transforms.Transforms - > > > > Preform the (0)th > > > > http://www.w3.org/2001/10/xml-exc-c14n# transform > > > > 1091 WARN org.apache.xml.security.signature.Reference - > > > > Verification failed > > > > for URI "#id-367156" > > > > 1091 DEBUG org.apache.xml.security.signature.Manifest - The > > > > Reference has > > > > Type > > > > ------------- ---------------- --------------- > > > > ------------- Standard Error ----------------- > > > > org.apache.ws.security.WSSecurityException: The signature > > > > verification failed > > > > at > > > > org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSS > > > > ecurityEngine.java:649) > > > > at > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > > > > WSSecurityEngine.java:334) > > > > at > > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > > > > WSSecurityEngine.java:259) > > > > at > > > > > > org.astrogrid.security.ServiceHandler.invoke(ServiceHandler.java:160) > > > > at > > > > org.apache.axis.strategies.InvocationStrategy.visit(Invocation > > > > Strategy.java:32) > > > > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > > > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > > > > at > > > > org.apache.axis.strategies.InvocationStrategy.visit(Invocation > > > > Strategy.java:32) > > > > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > > > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > > > > at > > > > > > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453) > > > > at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281) > > > > at > > > > org.apache.axis.transport.local.LocalSender.invoke(LocalSender > > > > .java:141) > > > > at > > > > org.apache.axis.strategies.InvocationStrategy.visit(Invocation > > > > Strategy.java:32) > > > > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > > > > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > > > > at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) > > > > at org.apache.axis.client.Call.invokeEngine(Call.java:2784) > > > > at org.apache.axis.client.Call.invoke(Call.java:2767) > > > > at org.apache.axis.client.Call.invoke(Call.java:2443) > > > > at org.apache.axis.client.Call.invoke(Call.java:2366) > > > > at org.apache.axis.client.Call.invoke(Call.java:1812) > > > > at > > > > org.astrogrid.security.sample.SamplePortSoapBindingStub.whoAmI > > > > (SamplePortSoapBindingStub.java:108) > > > > at > > > > org.astrogrid.security.sample.SampleDelegate.whoAmI(SampleDele > > > > gate.java:42) > > > > at > > > > org.astrogrid.security.EndToEndTest.testGoodCredentials(EndToE > > > > ndTest.java:58) > > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > > at > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > > > > orImpl.java:39) > > > > at > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > > > > odAccessorImpl.java:25) > > > > at java.lang.reflect.Method.invoke(Method.java:324) > > > > at junit.framework.TestCase.runTest(TestCase.java:154) > > > > at junit.framework.TestCase.runBare(TestCase.java:127) > > > > at junit.framework.TestResult$1.protect(TestResult.java:106) > > > > at junit.framework.TestResult.runProtected(TestResult.java:124) > > > > at junit.framework.TestResult.run(TestResult.java:109) > > > > at junit.framework.TestCase.run(TestCase.java:118) > > > > at junit.framework.TestSuite.runTest(TestSuite.java:208) > > > > at junit.framework.TestSuite.run(TestSuite.java:203) > > > > at > > > > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.r > > > > un(JUnitTestRunner.java:325) > > > > at > > > > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.m > > > > ain(JUnitTestRunner.java:536) > > > > > > > > > > > > I made it log the actual exception thrown by XMLSec: > > > > > > > > 1091 WARN org.apache.xml.security.signature.Reference - > > > > Verification failed > > > > for URI "#id-367156" > > > > > > > > Cheers, > > > > Guy > > > > > > > > > > > > > > > > On Fri, 17 Mar 2006, Dittmann, Werner wrote: > > > > > > > > > Guy, > > > > > > > > > > whatis your test configuration? Which certificates do you use? > > > > > > > > > > What is the exception that xml-sec throws? > > > > > > > > > > Thanks, > > > > > Werner > > > > > > > > > > > -----Urspr?ngliche Nachricht----- > > > > > > Von: Guy Rixon [mailto:[EMAIL PROTECTED] > > > > > > Gesendet: Donnerstag, 16. M?rz 2006 17:11 > > > > > > An: Dittmann, Werner > > > > > > Cc: [EMAIL PROTECTED]; [email protected] > > > > > > Betreff: Re: AW: AW: Problems with signatures > > > > > > > > > > > > I've set the options on both client and service and the > > > > > > verification still > > > > > > fails. I've dumped the raw XML messages with and without the > > > > > > options and there > > > > > > doesn't seem to be any difference. > > > > > > > > > > > > On Thu, 16 Mar 2006, Dittmann, Werner wrote: > > > > > > > > > > > > > Probably on both if the service responds with > > signed messages. > > > > > > > > > > > > > > Regards, > > > > > > > Werner > > > > > > > > > > > > > > > -----Urspr?ngliche Nachricht----- > > > > > > > > Von: Guy Rixon [mailto:[EMAIL PROTECTED] > > > > > > > > Gesendet: Donnerstag, 16. M?rz 2006 16:29 > > > > > > > > An: [EMAIL PROTECTED] > > > > > > > > Cc: Dittmann, Werner; [email protected] > > > > > > > > Betreff: Re: AW: Problems with signatures > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > Do these parameters have to be set on the client, the > > > > > > service or both? > > > > > > > > Setting them just on the service doesn't fix the > > problem, and > > > > > > > > to set them on > > > > > > > > the client I have to find out how to do it > > programmatically. > > > > > > > > > > > > > > > > On Thu, 16 Mar 2006 [EMAIL PROTECTED] wrote: > > > > > > > > > > > > > > > > > Hi Guy > > > > > > > > > setting these 2 props works for me. > > > > > > > > > <parameter name="enableNamespacePrefixOptimization" > > > > > > > > value="false" /> > > > > > > > > > <parameter name="disablePrettyXML" value="true"/> > > > > > > > > > > > > > > > > > > thanks > > > > > > > > > Anamitra > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > "Dittmann, > > > > > > > > > Werner" > > > > > > > > > <werner.dittmann@ > > > > > > > > To > > > > > > > > > siemens.com> "Guy Rixon" > > > > > > > > <[EMAIL PROTECTED]>, > > > > > > > > > > > > > <[email protected]> > > > > > > > > > 03/16/2006 09:10 > > > > > > > > cc > > > > > > > > > AM > > > > > > > > > > > > > > > > > Subject > > > > > > > > > AW: Problems > > > > > > with signatures > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > AFAIK there is a switch / parameter in the Axis > > WSDD files > > > > > > > > > to disable XML pretty printing. Maybe this > > > > "feature" is enabled > > > > > > > > > by default - pretty printing always destroys > > the signature > > > > > > > > > hashes. > > > > > > > > > > > > > > > > > > Also there is a parameter for Axis to disable some sort > > > > > > > > > of namespace optimization - sorry but I haven't the > > > > parameter > > > > > > > > > names at hand. > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > Werner > > > > > > > > > > > > > > > > > > > -----Urspr?ngliche Nachricht----- > > > > > > > > > > Von: Guy Rixon [mailto:[EMAIL PROTECTED] > > > > > > > > > > Gesendet: Donnerstag, 16. M?rz 2006 14:01 > > > > > > > > > > An: [email protected] > > > > > > > > > > Betreff: Problems with signatures > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > can you help me with a signature problem? I > > have a client > > > > > > > > > > and service, both > > > > > > > > > > using WSS4J 1.0.0. The client signs the SOAP > > body of the > > > > > > > > > > request, but the > > > > > > > > > > signature checking in the service always fails at > > > > the XMLSec > > > > > > > > > > level. The > > > > > > > > > > signature uses a direct reference to a > > > > BinarySecurityToken, > > > > > > > > > > and the service > > > > > > > > > > seems to be reading the token properly; at least, > > > > it gets the > > > > > > > > > > subject DN > > > > > > > > > > right. > > > > > > > > > > > > > > > > > > > > I've checked the signature in the client > > immediately after > > > > > > > > > > signing and it > > > > > > > > > > verifies correctly there. Something bad seems to > > > > be happening > > > > > > > > > > to the XML on > > > > > > > > > > the way to the service, but I can't think > > what. No other > > > > > > > > > > special handlers are > > > > > > > > > > involved. > > > > > > > > > > > > > > > > > > > > This is all with Axis 1.3 and "local" transport, BTW. > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > Guy > > > > > > > > > > > > > > > > > > > > Guy Rixon > > > > > > > > > [EMAIL PROTECTED] > > > > > > > > > > Institute of Astronomy > > Tel: > > > > > > > > +44-1223-337542 > > > > > > > > > > Madingley Road, Cambridge, UK, CB3 0HA > > > > > > Fax: > > > > > > > > > > +44-1223-337523 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > > To unsubscribe, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > For additional commands, e-mail: > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Guy Rixon > > > > > > [EMAIL PROTECTED] > > > > > > > > Institute of Astronomy Tel: > > > > +44-1223-337542 > > > > > > > > Madingley Road, Cambridge, UK, CB3 0HA Fax: > > > > > > > > +44-1223-337523 > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Guy Rixon > > > > [EMAIL PROTECTED] > > > > > > Institute of Astronomy Tel: > > +44-1223-337542 > > > > > > Madingley Road, Cambridge, UK, CB3 0HA Fax: > > > > > > +44-1223-337523 > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > Guy Rixon > > [EMAIL PROTECTED] > > > > Institute of Astronomy Tel: +44-1223-337542 > > > > Madingley Road, Cambridge, UK, CB3 0HA Fax: > > > > +44-1223-337523 > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > Guy Rixon [EMAIL PROTECTED] > > Institute of Astronomy Tel: +44-1223-337542 > > Madingley Road, Cambridge, UK, CB3 0HA Fax: > > +44-1223-337523 > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
