Guy, thanks alot for your in-depth analysis. I repeated your tests with Axis 1.3 (I used 1.2.1 til now) and have the same error. I somehow didn't catch that you used Axis 1.3.
I could see that Axis 1.3 modifies the document by inserting newlines at various places. This happens during re-parsing of the signed XML document to create a new SOAP enevelope. I've filed an issue with Axis 1.3 with priority "Blocker" because with Axis 1.3 all WSS4J test cases fail to work. Regards, Werner Guy Rixon wrote: > Hi, > > I'm still stuck this failing signature. I now have some more information > information. > > First, the failure happens with Axis 1.3 jars, but not with Axis 1.2.1. It > seems to be the same problem that you were discussing last October; did you > ever find out what was wrong. > > In this specific case, I've found out from the library logging that the > digests of the references are correct. Therefore, I presume that the failure > is in the digesting/canonicalization/signing of the SignedInfo itself. > > Further, after hacking in extra checks to my handler, I find that the > signature checks out OK after WSSignEnvelope has made it, but fails after I > pass the enevlope with the signed message to Axis' MessageContext and then > get it back again. I.e., it goes wrong before the pivot handler in the client > can change anything, and way before the service handlers get to play with it. > > Finally, is there any chance that this can be related to the canonicalization > problem reported as http://issues.apache.org/jira/browse/WSS-19 ? > > BTW, "go back to Axis 1.2.1" is not a cheap option for us. We'd really like to > get this fixed. > > Cheers, > Guy > > > On Fri, 17 Mar 2006, Dittmann, Werner wrote: > > >>Guy, >> >>you are right, it's part of the XMLUtils.outputDOM() method. >> >>It's necessary to have these c14n step and to use the >>Axis parameters to ensure that the namespace handling is >>correct. >> >>Regards, >>Werner >> >> >>>-----Urspr�ngliche Nachricht----- >>>Von: Guy Rixon [mailto:[EMAIL PROTECTED] >>>Gesendet: Freitag, 17. M�rz 2006 15:15 >>>An: Dittmann, Werner >>>Cc: [EMAIL PROTECTED]; [email protected] >>>Betreff: Re: AW: AW:Problems with signatures >>> >>>Werner, >>> >>>OK, code is appended. Actually, I wrote this handler _after_ >>>I started seeing >>>this bug. I orginally had the problem when using >>>WSDoAllSender. I can't >>>see a canonicalization step in WSDoAllSender itself; is it part of >>>XMLUtils.outputDOM()? Originally, I used that (I lifted the >>>serialization code >>>from WSDoAllSender), but still got the problem. Maybe I >>>didn't try that with >>>the Axis don't-fiddle options set. >>> >>>Cheers, >>>Guy >>> >>> // Get the SOAP envelop as a DOM. >>> Document envelope = >>> >>>msgContext.getCurrentMessage().getSOAPEnvelope().getAsDocument(); >>> if (envelope == null) { >>> throw new Exception("SOAP Envelope is null"); >>> } >>> >>> // Sign the message using WSS4J. By default, the >>>WSSignEnvelope signs >>>the >>> // the SOAP body as a whole, which is correct for this use case. >>> Init.init(); >>> WSSignEnvelope signer = new WSSignEnvelope(); >>> signer.setUserInfo(alias, password); // Lets it use the Crypto. >>> >>>signer.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE); // >>>Includes certificates in the message. >>> Document newEnvelope = signer.build(envelope, crypto); >>> >>> >>> // DEBUG: dump the raw document. >>> org.apache.axis.utils.XMLUtils.DocumentToStream(newEnvelope, new >>>java.io.FileOutputStream("client.xml")); >>> >>> // Replace the unsigned message with the signed one. >>> String serializedEnvelope = >>> >>>org.apache.axis.utils.XMLUtils.DocumentToString(newEnvelope); >>> SOAPPart sp = >>> >>>(org.apache.axis.SOAPPart)(msgContext.getCurrentMessage().getS >>>OAPPart()); >>> sp.setCurrentMessage(serializedEnvelope.getBytes(), >>>SOAPPart.FORM_BYTES); >>> >>> >>> >>>On Fri, 17 Mar 2006, Dittmann, Werner wrote: >>> >>> >>>> Guy, >>>> >>>>I wasn't aware that you use a custom handler. >>>> >>>>As I can see there could be a problem when you hand over >>>>the signed message to Axis for sending it over the wire. >>>>It's somewhat tricky to do this. Bevor handing it over >>>>to Axis the message should be fed thru a c14n method, >>>>this is was WSDoAllSender does before it sets the signed >>>>message as "new" message to Axis. >>>> >>>>Maybe you can show the code snippet where your handler >>>>do this. >>>> >>>>Regards, >>>>Werner >>>> >>>> >>>>>-----Urspr�ngliche Nachricht----- >>>>>Von: Guy Rixon [mailto:[EMAIL PROTECTED] >>>>>Gesendet: Freitag, 17. M�rz 2006 11:06 >>>>>An: Dittmann, Werner >>>>>Cc: [EMAIL PROTECTED]; [email protected] >>>>>Betreff: Re: AW: AW: AW: Problems with signatures >>>>> >>>>>Test configuration: >>>>> >>>>>Custom handler in the client, calling WSSignEnvelope; based >>>>>on WSDoAllSender, >>>>>but stripped down so that it only has the code relevant >>> >>>to signature. >>> >>>>>WSDoAllReceiver in the service (tweaked with extra logging, >>>>>but basically the >>>>>one from WSS4J 1.0.0). >>>>> >>>>>Certificates generated from local CA. The trust anchor was >>>>>made with OpenSSL >>>>>and the user certificate with KeyStore Explorer. The trust >>>>>anchor is an >>>>>X.509v3 and the user one an X.509v1. The keys do work for the >>>>>signature: I >>>>>know that because I put a check in WSSignEnvelope to check >>>>>the signature just >>>>>after signing. >>>>> >>>>>This is the log output from the JUnit tests, starting from >>>>>the entry to >>>>>WSDoAllReceiver. >>>>> >>>>>1051 DEBUG org.astrogrid.security.ServiceHandler - >>>>>WSDoAllReceiver: enter >>>>>invoke() with msg type: null >>>>>1071 DEBUG org.astrogrid.security.ServiceHandler - Received >>>>>SOAP request: >>>>>1071 DEBUG org.astrogrid.security.ServiceHandler - >>>>><soapenv:Envelope xmlns="" >>>>>xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >>>>>xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >>>>>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >>>>> <soapenv:Header> >>>>> <wsse:Security soapenv:mustUnderstand="1" xmlns="" >>>>>xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 >>>>>1-wss-wssecurity-secext-1.0.xsd"> >>>>> <wsse:BinarySecurityToken >>>>>EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 >>>>>401-wss-soap-message-security-1.0#Base64Binary" >>>>>ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 >>>>>-wss-x509-token-profile-1.0#X509v3" >>>>>wsu:Id="CertId--273267" xmlns="" >>>>>xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 >>>>>-wss-wssecurity-utility-1.0.xsd"> >>>>>MIIDETCCAfmgAwIBAAIBBDANBgkqhkiG9w0BAQIFADBCMQswCQYDVQQDEwJDQT >>>>>ESMBAGA1UECxMJ >>>>>dW5pdC10ZXN0MRIwEAYDVQQKEwlBc3Ryb0dyaWQxCzAJBgNVBAYTAlVLMB4XDT >>>>>A2MDMwNzE4MjAz >>>>>OVoXDTE2MDMwNzE4MjAzOVowVjELMAkGA1UEBhMCVUsxEjAQBgNVBAoTCUFzdH >>>>>JvR3JpZDESMBAG >>>>>A1UECxMJdW5pdC10ZXN0MR8wHQYDVQQDExZTZWN1cml0eS1mYWNhZGUgdGVzdG >>>>>VyMIIBIjANBgkq >>>>>hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtA1mJfcoLg22xFvQiB9NY6tH7aY4Ub >>>>>FHGIl5AjampcD8 >>>>>zW/OcbaEndMaK495ODS8BbwXz8B0YPzIjczpO56k7H63sJWxrgMsDGU4oeIlh3 >>>>>DiAOYywD3h9PAu >>>>>c8tnoD7q5SyY0Vw9jkuRP6iOKmf+nTfi910zNB86PYjCk0zarie3Ehg7/LBYNC >>>>>0us+JV9M/q76mw >>>>>OOMzypgLjM1skBjO6tMbDosnCQe58+ei2ZfRT4gnCRhHRojLfcR3ND0pi7BS5T >>>>>OX8qTrQ8x++erN >>>>>BlA2X+uX3yAx4Y1cvW9YkKAjx5UxpUu8uJFYfLNKoTCq86E6+OFk5+SRQLp1Kp >>>>>S9EvfZ5wIDAQAB >>>>>MA0GCSqGSIb3DQEBAgUAA4IBAQARtZRiqKj1IXqD7wVlwqZPvE4CuFy9fjpu0n >>>>>xVN+UnKs3cNm7g >>>>>QfLPpDbh7maiGmmxWA2mFobptzbnfAyRfKYJWJ/hI8neouL+05L78cz7nTDDxp >>>>>jEhWpV8qtXdKp4 >>>>>r5S4GhG84HzPMrEqxxc0CRXbK3KLLLudbCPMNgSFxzRwimCpBTkwe81jwYH0FZ >>>>>ECyCBAsgfUMCz4 >>>>>jeYwBjqKxHlGeZERD9oRfsRF28nLgNRrP5D9IMj2Y2rhbILMmb0GTK/YWFpfD3 >>>>>H/DEP0hUVtRni7 >>>>>ykGvaLOYA7rI1eiKwxmFWTs6H+CPgkyZ+SW3l//uY/6HnzD1XacTIRASz1UK7Bzw >>>>></wsse:BinarySecurityToken> >>>>> <ds:Signature xmlns="" >>>>>xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>>>> >>>>> <ds:SignedInfo xmlns=""> >>>>> >>>>> <ds:CanonicalizationMethod >>>>>Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns=""/> >>>>> >>>>> <ds:SignatureMethod >>>>>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; xmlns=""/> >>>>> >>>>> <ds:Reference URI="#id-367156" xmlns=""> >>>>> >>>>> <ds:Transforms xmlns=""> >>>>> >>>>> <ds:Transform >>>>>Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; >>>>>xmlns=""/> >>>>> >>>>> </ds:Transforms> >>>>> >>>>> <ds:DigestMethod >>>>>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; >>>>>xmlns=""/> >>>>> >>>>> <ds:DigestValue xmlns=""> >>>>>S4XaDnlI8lOC8p5vVKlx9sLrKl8= </ds:DigestValue> >>>>> >>>>> </ds:Reference> >>>>> >>>>> </ds:SignedInfo> >>>>> >>>>> <ds:SignatureValue xmlns=""> >>>>> >>>>>fTcyC/oqssWUL1G96ma5ED/gNIaecHKgJBR7kCeXg2mzSwfSfe3gWRFEkiViGS >>>>>zXE0OFvsDMjm7p >>>>>JdytgsjH3iuMg9WaZOV9TU7ZaYhabZMtK0toq3zGFNJayIhfpuZq5WDAbdqvZ1 >>>>>2BnJppWvYWADvy >>>>>+zX7w0UGl3ApikKbcGMp7SSnB4JRb7TS0Ln0rk0dYcpm9cAEj76dT5UFW7e+af >>>>>QQeUwj03E5sQfS >>>>>H9KjN1gg+YD1B3gNPFYErwI+QeX+UDY9fb+qAqFxN734NhvR+/rC3JTNgieSmu >>>>>iCjXE/8MKdOfFJ >>>>>QpEE1YEqTC1SH6cUU0YR3rt84Eqg91JeyrCOpQ== >>>>> </ds:SignatureValue> >>>>> >>>>> <ds:KeyInfo Id="KeyId-12014770" xmlns=""> >>>>> >>>>> <wsse:SecurityTokenReference wsu:Id="STRId-28360136" xmlns="" >>>>>xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 >>>>>-wss-wssecurity-utility-1.0.xsd"> >>>>> <wsse:Reference URI="#CertId--273267" >>>>>ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 >>>>>-wss-x509-token-profile-1.0#X509v3" >>>>>xmlns=""/> >>>>> </wsse:SecurityTokenReference> >>>>> >>>>> </ds:KeyInfo> >>>>> >>>>> </ds:Signature> >>>>> </wsse:Security> >>>>> </soapenv:Header> >>>>> <soapenv:Body wsu:Id="id-367156" >>>>>xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 >>>>>-wss-wssecurity-utility-1.0.xsd"> >>>>> <whoAmI xmlns=""/> >>>>> </soapenv:Body> >>>>></soapenv:Envelope> >>>>> >>>>>1071 INFO >>>>>org.apache.ws.security.components.crypto.CryptoFactory - Using >>>>>Crypto Engine [org.apache.ws.security.components.crypto.Merlin] >>>>>1071 DEBUG org.apache.ws.security.WSSecurityEngine - enter >>>>>processSecurityHeader() >>>>>1081 DEBUG org.apache.ws.security.WSSecurityEngine - >>>>>Processing WS-Security >>>>>header for '' actor. >>>>>1081 DEBUG org.apache.ws.security.WSSecurityEngine - >>> >>>Unknown Element: >>> >>>>>BinarySecurityToken >>>>>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu >>>>>rity-secext-1.0.xsd >>>>>1081 DEBUG org.apache.ws.security.WSSecurityEngine - Found >>>>>signature element >>>>>1081 DEBUG org.apache.ws.security.WSSecurityEngine - Verify >>>>>XML Signature >>>>>1081 DEBUG org.apache.xml.security.utils.ElementProxy - >>>>>setElement("ds:Signature", "null") >>>>>1081 DEBUG org.apache.xml.security.utils.ElementProxy - >>>>>setElement("ds:SignedInfo", "null") >>>>>1081 DEBUG org.apache.xml.security.utils.ElementProxy - >>>>>setElement("ds:SignatureMethod", "null") >>>>>1081 DEBUG >>>>>org.apache.xml.security.algorithms.SignatureAlgorithm - >>> >>>Create URI >>> >>>>>"http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class >>>>>"org.apache.xml.security.algorithms.implementations.SignatureB >>>>>aseRSA$SignatureRSASHA1" >>>>>1081 DEBUG org.apache.xml.security.algorithms.JCEMapper - >>>>>Request for URI >>>>>http://www.w3.org/2000/09/xmldsig#rsa-sha1 >>>>>1081 DEBUG >>>>> >>> >>>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA >>> >>>>>- Created SignatureDSA using SHA1withRSA >>>>>1081 DEBUG org.apache.xml.security.utils.ElementProxy - >>>>>setElement("ds:KeyInfo", "null") >>>>>1081 DEBUG org.apache.ws.security.WSSecurityEngine - >>>>>Checking signature value >>>>>with a certificate in the name of CN=Security-facade tester, >>>>>OU=unit-test, >>>>>O=AstroGrid, C=UK issued by C=UK, O=AstroGrid, OU=unit-test, CN=CA >>>>>1081 DEBUG org.apache.xml.security.signature.Manifest - >>>>>verify 1 References >>>>>1081 DEBUG org.apache.xml.security.signature.Manifest - I am >>>>>not requested to >>>>>follow nested Manifests >>>>>1081 DEBUG org.apache.xml.security.utils.ElementProxy - >>>>>setElement("ds:Reference", "null") >>>>>1081 DEBUG org.apache.xml.security.algorithms.JCEMapper - >>>>>Request for URI >>>>>http://www.w3.org/2000/09/xmldsig#sha1 >>>>>1081 DEBUG >>>>>org.apache.xml.security.utils.resolver.ResourceResolver - I was >>>>>asked to create a ResourceResolver and got 1 >>>>>1081 DEBUG >>>>>org.apache.xml.security.utils.resolver.ResourceResolver - extra >>>>>resolvers to my existing 4 system-wide resolvers >>>>>1081 DEBUG >>>>>org.apache.xml.security.utils.resolver.ResourceResolver - check >>>>>resolvability by class >>>>>org.apache.ws.security.message.EnvelopeIdResolver >>>>>1091 DEBUG org.apache.xml.security.utils.ElementProxy - >>>>>setElement("ds:Transforms", "null") >>>>>1091 DEBUG org.apache.xml.security.utils.ElementProxy - >>>>>setElement("ds:Transform", "null") >>>>>1091 DEBUG org.apache.xml.security.transforms.Transforms - >>>>>Preform the (0)th >>>>>http://www.w3.org/2001/10/xml-exc-c14n# transform >>>>>1091 WARN org.apache.xml.security.signature.Reference - >>>>>Verification failed >>>>>for URI "#id-367156" >>>>>1091 DEBUG org.apache.xml.security.signature.Manifest - The >>>>>Reference has >>>>>Type >>>>>------------- ---------------- --------------- >>>>>------------- Standard Error ----------------- >>>>>org.apache.ws.security.WSSecurityException: The signature >>>>>verification failed >>>>> at >>>>>org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSS >>>>>ecurityEngine.java:649) >>>>> at >>>>>org.apache.ws.security.WSSecurityEngine.processSecurityHeader( >>>>>WSSecurityEngine.java:334) >>>>> at >>>>>org.apache.ws.security.WSSecurityEngine.processSecurityHeader( >>>>>WSSecurityEngine.java:259) >>>>> at >>>>> >>> >>>org.astrogrid.security.ServiceHandler.invoke(ServiceHandler.java:160) >>> >>>>> at >>>>>org.apache.axis.strategies.InvocationStrategy.visit(Invocation >>>>>Strategy.java:32) >>>>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) >>>>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) >>>>> at >>>>>org.apache.axis.strategies.InvocationStrategy.visit(Invocation >>>>>Strategy.java:32) >>>>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) >>>>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) >>>>> at >>>>> >>> >>>org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453) >>> >>>>> at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281) >>>>> at >>>>>org.apache.axis.transport.local.LocalSender.invoke(LocalSender >>>>>.java:141) >>>>> at >>>>>org.apache.axis.strategies.InvocationStrategy.visit(Invocation >>>>>Strategy.java:32) >>>>> at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) >>>>> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) >>>>> at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) >>>>> at org.apache.axis.client.Call.invokeEngine(Call.java:2784) >>>>> at org.apache.axis.client.Call.invoke(Call.java:2767) >>>>> at org.apache.axis.client.Call.invoke(Call.java:2443) >>>>> at org.apache.axis.client.Call.invoke(Call.java:2366) >>>>> at org.apache.axis.client.Call.invoke(Call.java:1812) >>>>> at >>>>>org.astrogrid.security.sample.SamplePortSoapBindingStub.whoAmI >>>>>(SamplePortSoapBindingStub.java:108) >>>>> at >>>>>org.astrogrid.security.sample.SampleDelegate.whoAmI(SampleDele >>>>>gate.java:42) >>>>> at >>>>>org.astrogrid.security.EndToEndTest.testGoodCredentials(EndToE >>>>>ndTest.java:58) >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>> at >>>>>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess >>>>>orImpl.java:39) >>>>> at >>>>>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth >>>>>odAccessorImpl.java:25) >>>>> at java.lang.reflect.Method.invoke(Method.java:324) >>>>> at junit.framework.TestCase.runTest(TestCase.java:154) >>>>> at junit.framework.TestCase.runBare(TestCase.java:127) >>>>> at junit.framework.TestResult$1.protect(TestResult.java:106) >>>>> at junit.framework.TestResult.runProtected(TestResult.java:124) >>>>> at junit.framework.TestResult.run(TestResult.java:109) >>>>> at junit.framework.TestCase.run(TestCase.java:118) >>>>> at junit.framework.TestSuite.runTest(TestSuite.java:208) >>>>> at junit.framework.TestSuite.run(TestSuite.java:203) >>>>> at >>>>>org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.r >>>>>un(JUnitTestRunner.java:325) >>>>> at >>>>>org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.m >>>>>ain(JUnitTestRunner.java:536) >>>>> >>>>> >>>>>I made it log the actual exception thrown by XMLSec: >>>>> >>>>>1091 WARN org.apache.xml.security.signature.Reference - >>>>>Verification failed >>>>>for URI "#id-367156" >>>>> >>>>>Cheers, >>>>>Guy >>>>> >>>>> >>>>> >>>>>On Fri, 17 Mar 2006, Dittmann, Werner wrote: >>>>> >>>>> >>>>>>Guy, >>>>>> >>>>>>whatis your test configuration? Which certificates do you use? >>>>>> >>>>>>What is the exception that xml-sec throws? >>>>>> >>>>>>Thanks, >>>>>>Werner >>>>>> >>>>>> >>>>>>>-----Urspr�ngliche Nachricht----- >>>>>>>Von: Guy Rixon [mailto:[EMAIL PROTECTED] >>>>>>>Gesendet: Donnerstag, 16. M�rz 2006 17:11 >>>>>>>An: Dittmann, Werner >>>>>>>Cc: [EMAIL PROTECTED]; [email protected] >>>>>>>Betreff: Re: AW: AW: Problems with signatures >>>>>>> >>>>>>>I've set the options on both client and service and the >>>>>>>verification still >>>>>>>fails. I've dumped the raw XML messages with and without the >>>>>>>options and there >>>>>>>doesn't seem to be any difference. >>>>>>> >>>>>>>On Thu, 16 Mar 2006, Dittmann, Werner wrote: >>>>>>> >>>>>>> >>>>>>>>Probably on both if the service responds with >>> >>>signed messages. >>> >>>>>>>>Regards, >>>>>>>>Werner >>>>>>>> >>>>>>>> >>>>>>>>>-----Urspr�ngliche Nachricht----- >>>>>>>>>Von: Guy Rixon [mailto:[EMAIL PROTECTED] >>>>>>>>>Gesendet: Donnerstag, 16. M�rz 2006 16:29 >>>>>>>>>An: [EMAIL PROTECTED] >>>>>>>>>Cc: Dittmann, Werner; [email protected] >>>>>>>>>Betreff: Re: AW: Problems with signatures >>>>>>>>> >>>>>>>>>Thanks. >>>>>>>>> >>>>>>>>>Do these parameters have to be set on the client, the >>>>>>> >>>>>>>service or both? >>>>>>> >>>>>>>>>Setting them just on the service doesn't fix the >>> >>>problem, and >>> >>>>>>>>>to set them on >>>>>>>>>the client I have to find out how to do it >>> >>>programmatically. >>> >>>>>>>>>On Thu, 16 Mar 2006 [EMAIL PROTECTED] wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>>>Hi Guy >>>>>>>>>>setting these 2 props works for me. >>>>>>>>>> <parameter name="enableNamespacePrefixOptimization" >>>>>>>>> >>>>>>>>>value="false" /> >>>>>>>>> >>>>>>>>>> <parameter name="disablePrettyXML" value="true"/> >>>>>>>>>> >>>>>>>>>>thanks >>>>>>>>>>Anamitra >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> "Dittmann, >>>>>>>>>> Werner" >>>>>>>>>> <werner.dittmann@ >>>>>>>>> >>>>>>>>> To >>>>>>>>> >>>>>>>>>> siemens.com> "Guy Rixon" >>>>>>>>> >>>>>>>>><[EMAIL PROTECTED]>, >>>>>>>>> >>>>><[email protected]> >>>>> >>>>>>>>>> 03/16/2006 09:10 >>>>>>>>> >>>>>>>>> cc >>>>>>>>> >>>>>>>>>> AM >>>>>>>>>> >>>>>>>>> >>>>>>>>> Subject >>>>>>>>> >>>>>>>>>> AW: Problems >>>>>>> >>>>>>>with signatures >>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>AFAIK there is a switch / parameter in the Axis >>> >>>WSDD files >>> >>>>>>>>>>to disable XML pretty printing. Maybe this >>>>> >>>>>"feature" is enabled >>>>> >>>>>>>>>>by default - pretty printing always destroys >>> >>>the signature >>> >>>>>>>>>>hashes. >>>>>>>>>> >>>>>>>>>>Also there is a parameter for Axis to disable some sort >>>>>>>>>>of namespace optimization - sorry but I haven't the >>>>> >>>>>parameter >>>>> >>>>>>>>>>names at hand. >>>>>>>>>> >>>>>>>>>>Regards, >>>>>>>>>>Werner >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>>-----Urspr�ngliche Nachricht----- >>>>>>>>>>>Von: Guy Rixon [mailto:[EMAIL PROTECTED] >>>>>>>>>>>Gesendet: Donnerstag, 16. M�rz 2006 14:01 >>>>>>>>>>>An: [email protected] >>>>>>>>>>>Betreff: Problems with signatures >>>>>>>>>>> >>>>>>>>>>>Hi, >>>>>>>>>>> >>>>>>>>>>>can you help me with a signature problem? I >>> >>>have a client >>> >>>>>>>>>>>and service, both >>>>>>>>>>>using WSS4J 1.0.0. The client signs the SOAP >>> >>>body of the >>> >>>>>>>>>>>request, but the >>>>>>>>>>>signature checking in the service always fails at >>>>> >>>>>the XMLSec >>>>> >>>>>>>>>>>level. The >>>>>>>>>>>signature uses a direct reference to a >>>>> >>>>>BinarySecurityToken, >>>>> >>>>>>>>>>>and the service >>>>>>>>>>>seems to be reading the token properly; at least, >>>>> >>>>>it gets the >>>>> >>>>>>>>>>>subject DN >>>>>>>>>>>right. >>>>>>>>>>> >>>>>>>>>>>I've checked the signature in the client >>> >>>immediately after >>> >>>>>>>>>>>signing and it >>>>>>>>>>>verifies correctly there. Something bad seems to >>>>> >>>>>be happening >>>>> >>>>>>>>>>>to the XML on >>>>>>>>>>>the way to the service, but I can't think >>> >>>what. No other >>> >>>>>>>>>>>special handlers are >>>>>>>>>>>involved. >>>>>>>>>>> >>>>>>>>>>>This is all with Axis 1.3 and "local" transport, BTW. >>>>>>>>>>> >>>>>>>>>>>Thanks, >>>>>>>>>>>Guy >>>>>>>>>>> >>>>>>>>>>>Guy Rixon >>>>>>>>>> >>>>>>>>>>[EMAIL PROTECTED] >>>>>>>>>> >>>>>>>>>>>Institute of Astronomy >>> >>> Tel: >>> >>>>>>>>>+44-1223-337542 >>>>>>>>> >>>>>>>>>>>Madingley Road, Cambridge, UK, CB3 0HA >>>>>>> >>>>>>> Fax: >>>>>>> >>>>>>>>>>>+44-1223-337523 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>--------------------------------------------------------------------- >>> >>>>>>>>>>>To unsubscribe, e-mail: >>>>> >>>>>[EMAIL PROTECTED] >>>>> >>>>>>>>>>>For additional commands, e-mail: >>>>> >>>>>[EMAIL PROTECTED] >>>>> >>>>>>>>>>> >>>>>>>>>> >>>--------------------------------------------------------------------- >>> >>>>>>>>>>To unsubscribe, e-mail: >>> >>>[EMAIL PROTECTED] >>> >>>>>>>>>>For additional commands, e-mail: >>>>> >>>>>[EMAIL PROTECTED] >>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>Guy Rixon >>>>>>> >>>>>>>[EMAIL PROTECTED] >>>>>>> >>>>>>>>>Institute of Astronomy Tel: >>>>> >>>>>+44-1223-337542 >>>>> >>>>>>>>>Madingley Road, Cambridge, UK, CB3 0HA Fax: >>>>>>>>>+44-1223-337523 >>>>>>>>> >>>>>>>>> >>>>>>> >>>--------------------------------------------------------------------- >>> >>>>>>>>>To unsubscribe, e-mail: >>> >>>[EMAIL PROTECTED] >>> >>>>>>>>>For additional commands, e-mail: >>> >>>[EMAIL PROTECTED] >>> >>>>>>>>> >>>>>>>Guy Rixon >>>>> >>>>>[EMAIL PROTECTED] >>>>> >>>>>>>Institute of Astronomy Tel: >>> >>>+44-1223-337542 >>> >>>>>>>Madingley Road, Cambridge, UK, CB3 0HA Fax: >>>>>>>+44-1223-337523 >>>>>>> >>>>>>> >>>>> >>>--------------------------------------------------------------------- >>> >>>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>>>>> >>>>>>> >>>>>> >>>>>> >>>--------------------------------------------------------------------- >>> >>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>>>> >>>>>> >>>>> >>>>>Guy Rixon >>> >>>[EMAIL PROTECTED] >>> >>>>>Institute of Astronomy Tel: +44-1223-337542 >>>>>Madingley Road, Cambridge, UK, CB3 0HA Fax: >>>>>+44-1223-337523 >>>>> >>>>> >>> >>>--------------------------------------------------------------------- >>> >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>> >>>> >>>--------------------------------------------------------------------- >>> >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> >>>Guy Rixon [EMAIL PROTECTED] >>>Institute of Astronomy Tel: +44-1223-337542 >>>Madingley Road, Cambridge, UK, CB3 0HA Fax: >>>+44-1223-337523 >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > Guy Rixon [EMAIL PROTECTED] > Institute of Astronomy Tel: +44-1223-337542 > Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
