You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Christof Soehngen <Ch...@SYRACOM.DE> on 2004/03/30 14:06:20 UTC
Bug in signatureParts?
Can anyone reproduce the following behaviour:
WSS4J gets slower each time when repeatedly signing parts of a web service call.
My Situation:
I run Tester.java from the doAll sample. Ich adjusted client-config.wsdd to do only signing (See listing below). The server side is adjusted in a similar fashion.
<service name="SecHttpSignature">
<requestFlow>
<handler name="DoSecuritySender"
type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="user" value="csoehngen"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signatureParts" value="Body"/>
</handler>
</requestFlow>
<responseFlow>
<handler name="DoSecurityReceiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.samples.wssec.doall.PWCallback"/>
<parameter name="action" value="Signature"/>
</handler>
</responseFlow>
</service>
I use the parameter -t so Tester.java calls the same web service several times (20 times in my case).
When I use the default behaviour (i.e. the body is signed), all the calls (including response) take around 600ms.
When I add the following <parameter name="signatureParts" value="Body"/>, the behaviour should not change as this is the default behaviour, only with a different syntax.
But the result is as follows:
Time used: 601ms
Time used: 610ms
Time used: 751ms
Time used: 812ms
Time used: 1031ms
Time used: 881ms
Time used: 932ms
Time used: 1091ms
Time used: 1282ms
Time used: 1262ms
Time used: 1372ms
Time used: 1793ms
Time used: 2263ms
Time used: 1792ms
Time used: 1633ms
Time used: 1892ms
Time used: 2043ms
Time used: 1873ms
Time used: 2193ms
Time used: 2123ms
This looks to me like each call takes more and more time. This behaviour reminded me of XSS4J. A while ago, I discovered, that, when encrypting/signing a DOM, the original DOM was changed, although I got a new (encrypted) DOM as a result. So I took a look at the TCP-Monitor and discovered the following: 6 References (all with the same ID: 13579577) in the 6th partly signed message:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ <http://schemas.xmlsoap.org/soap/envelope/> " xmlns:xsd="http://www.w3.org/2001/XMLSchema <http://www.w3.org/2001/XMLSchema> " xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance <http://www.w3.org/2001/XMLSchema-instance> ">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature <http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature> xmlns:ds="http://www.w3.org/2000/09/xmldsig <http://www.w3.org/2000/09/xmldsig> #">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/ <http://www.w3.org/2001/10/xml-exc-c14n#"/> >
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/ <http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> >
<ds:Reference URI="#id-13579577">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/ <http://www.w3.org/2001/10/xml-exc-c14n#"/> >
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/ <http://www.w3.org/2000/09/xmldsig#sha1"/> >
<ds:DigestValue>6Z7lIa5KT4gKw4V4goWX89jq8G4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-13579577">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/ <http://www.w3.org/2001/10/xml-exc-c14n#"/> >
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/ <http://www.w3.org/2000/09/xmldsig#sha1"/> >
<ds:DigestValue>6Z7lIa5KT4gKw4V4goWX89jq8G4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-13579577">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/ <http://www.w3.org/2001/10/xml-exc-c14n#"/> >
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/ <http://www.w3.org/2000/09/xmldsig#sha1"/> >
<ds:DigestValue>6Z7lIa5KT4gKw4V4goWX89jq8G4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-13579577">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/ <http://www.w3.org/2001/10/xml-exc-c14n#"/> >
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/ <http://www.w3.org/2000/09/xmldsig#sha1"/> >
<ds:DigestValue>6Z7lIa5KT4gKw4V4goWX89jq8G4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-13579577">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/ <http://www.w3.org/2001/10/xml-exc-c14n#"/> >
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/ <http://www.w3.org/2000/09/xmldsig#sha1"/> >
<ds:DigestValue>6Z7lIa5KT4gKw4V4goWX89jq8G4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-13579577">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/ <http://www.w3.org/2001/10/xml-exc-c14n#"/> >
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/ <http://www.w3.org/2000/09/xmldsig#sha1"/> >
<ds:DigestValue>6Z7lIa5KT4gKw4V4goWX89jq8G4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
gzxkAUHPmSVSNyy/Uf3725+ndx1G40p38cPkIlFqV2+nb+bE+EzoeXcd6chcm4z3vhJrO6VL9R0E
/A8LG4sYiquV9nYw/1pC1M16McN0RKYfho+K9alJeadJB148B6Ym/lzkVKHOooRVHDykRBOkRWtD
bILXDDl7ag/ob0p/DSE=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-5470517">
<wsse:SecurityTokenReference wsu:Id="STRId-3843985" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:X509IssuerSerial <http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:X509IssuerSerial> >
<ds:X509IssuerName>CN=Christof Soehngen,OU=MU-XC-01,O=SYRACOM AG,L=Munich,ST=Bavaria,C=DE</ds:X509IssuerName>
<ds:X509SerialNumber>1080565023</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature><wsu:Timestamp xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2004-03-30T11:44:03Z</wsu:Created><wsu:Expires>2004-03-30T11:49:03Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header <http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2004-03-30T11:44:03Z</wsu:Created><wsu:Expires>2004-03-30T11:49:03Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header> >
<soapenv:Body wsu:Id="id-13579577" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd <http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd> ">
<secSend>
<applicationName>Sample Application</applicationName>
</secSend>
</soapenv:Body>
</soapenv:Envelope>
Can anyone reproduce this behaviour? I'm using a cvs-snapshot from March 25th.
Thanks,
Christof
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.F-Secure.com/