You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Hassan Faouaz <hf...@aidatech.com> on 2005/04/05 17:55:14 UTC

RE: *** Spam *** AW: setting the canonicalization algorithm using axis deployment script????

Werner,
 
I agree with you with respect of interoperability.  The reason why I am
venturing this route, is because I am trying to get WSS4J exchange
successfully a secured soap message with IBM WAS 6.0.  I was able to
verify a signature from a return message from WAS 6.0, but I am not able
to get WAS 6.0 to verify a signature coming from WSS4J.
 
I went the route of using WSDP 1.5 from SUN, and I was able to  exchange
secure messages by changing the canonicalization algorithm  on
webSphere.  So I thought to try to change the canonicalization algorithm
on WSS4J to see if that makes a difference.
 
Anyway, I will keep the resort of changing wss4j code as my last resort,
as much as I hate to maintain different set of code.
 
Thanks
 
Hassan Faouaz
 
 
 
-----Original Message-----
From: Dittmann Werner [mailto:werner.dittmann@siemens.com] 
Sent: Tuesday, April 05, 2005 9:28 AM
To: 'Hassan Faouaz'; fx-dev@ws.apache.org
Subject: *** Spam *** AW: setting the canonicalization algorithm using
axis deployment script????
 
Hassan,
 
some of the parameters used by WSS4J are hardcoded (usually as
String in WSHandlerConstants). Most, if not all, of these "hardcoded"
parameters are required to have a specific value to ensure
interoperability.
For example c14n:  AFAIK, it is required to be C14nExclusive, other
values would not work for interoperability (probably there is also a
technical
reason to have C14nExclusive - need to look at the specs).
 
Also the specific transformation algo (described in the OASIS WSS
specifications) is mandatory.
 
Thus, if you change c14n or transformation parameters you may do so
by modifying the code as you proposed. For the standard and
interoperable
use of WSS4J I wouldn't recommend it.
 
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Hassan Faouaz [mailto:hfaouaz@aidatech.com] 
Gesendet: Dienstag, 5. April 2005 16:20
An: fx-dev@ws.apache.org
Betreff: setting the canonicalization algorithm using axis deployment
script????
I have realized that if you use AXIS deploy script, the canonicalization
algorthim is hardcoded. There is no way to change it, after looking at
the code.  I had to change the WSSignEnvelope class to look at the
options in the deploy script. Is this implemented somewhere, that I am
not aware of? 
 
Code changes I made to allow setting canonicalization algorithm in
WSDoAllSender.java, WSHandlerConstants.java.
 
 
<snip>
reqData.canonicalizationAlgo = (String)
getOption(WSHandlerConstants.CONANICALIZATION_ALGO);
 
if (reqData.canonicalizationAlgo != null){
           wsSign.setSigCanonicalization(reqData.canonicalizationAlgo);
        } 
 
</snip>
 
is that true for transform algorithm as well???
 
Thanks in advance..
 
Hassan