You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Davanum Srinivas (JIRA)" <ax...@ws.apache.org> on 2005/06/09 01:09:15 UTC
[jira] Resolved: (AXIS-1968) CLONE -Problem with namespace handling in Axis 1.2 : break XML Signature
[ http://issues.apache.org/jira/browse/AXIS-1968?page=all ]
Davanum Srinivas resolved AXIS-1968:
------------------------------------
Resolution: Fixed
Closing bug as fixed. Please try latest CVS / Nightly and let me know if you still see the problem and we can reopen the bug.
thanks,
dims
> CLONE -Problem with namespace handling in Axis 1.2 : break XML Signature
> ------------------------------------------------------------------------
>
> Key: AXIS-1968
> URL: http://issues.apache.org/jira/browse/AXIS-1968
> Project: Axis
> Type: Bug
> Environment: Windows 2000, Tomcat 5.0
> Reporter: rudolf schamberger
> Assignee: Davanum Srinivas
> Attachments: MOASSRequest.xml, SignatureResponse_axis1.1.xml, SignatureResponse_axis1.2rc3_21apr05_build.xml, axis.jar, axis_namespace_testcode.zip
>
> I have a web service (Message style) working with Axis 1.1
> When upgrading to Axis 1.2, it doesn't work anymore because of a namespace management that changes in Axis 1.2.
> Details of the problem :
> The web service is of type :
> public Document execute(Document body)
> it returns a signed document
> The client have to verify the signature of the response.
> At the end of this mail, you can see the message sent by the server and the message received by the client
> You can see that the message has been changed during transfer : all
> namespace definitions have moved to the root element.
> The document is still syntactically correct, but the signature is broken...
> It's a serious problem if Axis 1.2 is no more compatible with xml
> signature.
> Message sent by the server :
> <name1:roottag xmlns:name1="http://name1.com">
> <name2:child1 xmlns:name2="http://name2.com">
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
> qjVJp7Iic3opzb8VQKpLvle1ZME=
> </ds:SignatureValue>
> </ds:Signature></name1:roottag>
> Message received by the client :
> <name1:roottag xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:name1="http://name1.com" xmlns:name2="http://name2.com">
> <name2:child1>
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
> qjVJp7Iic3opzb8VQKpLvle1ZME=
> </ds:SignatureValue>
> </ds:Signature></name1:roottag>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira