You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Dittmann Werner <we...@siemens.com> on 2005/04/06 08:12:27 UTC

AW: AW: setting the canonicalization algorithm using axis deploym ent script????

Hassan,
 
as for interop tests I would agree to go this route (and if, as a side
effect, we get a more flexible and configurable WSS4J - that's even better :-)   ).
 
What makes me wonder is that there are such problems with WAS
because we had successful interop tests with WSS4J and other
OASIS WSS implementations (pls refer to the WSS4J wiki).
 
May be we can help you if you can give use some more info
about the generated requests? Can you trace the requests and
just send it as attachment or so?
 
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Hassan Faouaz [mailto:hfaouaz@aidatech.com] 
Gesendet: Dienstag, 5. April 2005 17:55
An: Dittmann Werner; fx-dev@ws.apache.org
Betreff: RE: *** Spam *** AW: setting the canonicalization algorithm using axis deployment script????


Werner,
 
I agree with you with respect of interoperability.  The reason why I am venturing this route, is because I am trying to get WSS4J exchange successfully a secured soap message with IBM WAS 6.0.  I was able to verify a signature from a return message from WAS 6.0, but I am not able to get WAS 6.0 to verify a signature coming from WSS4J.
 
I went the route of using WSDP 1.5 from SUN, and I was able to  exchange secure messages by changing the canonicalization algorithm  on webSphere.  So I thought to try to change the canonicalization algorithm on WSS4J to see if that makes a difference.
 
Anyway, I will keep the resort of changing wss4j code as my last resort, as much as I hate to maintain different set of code.
 
Thanks
 
Hassan Faouaz
 
 
 
-----Original Message-----
From: Dittmann Werner [mailto:werner.dittmann@siemens.com] 
Sent: Tuesday, April 05, 2005 9:28 AM
To: 'Hassan Faouaz'; fx-dev@ws.apache.org
Subject: *** Spam *** AW: setting the canonicalization algorithm using axis deployment script????
 
Hassan,
 
some of the parameters used by WSS4J are hardcoded (usually as
String in WSHandlerConstants). Most, if not all, of these "hardcoded"
parameters are required to have a specific value to ensure interoperability.
For example c14n:  AFAIK, it is required to be C14nExclusive, other
values would not work for interoperability (probably there is also a technical
reason to have C14nExclusive - need to look at the specs).
 
Also the specific transformation algo (described in the OASIS WSS
specifications) is mandatory.
 
Thus, if you change c14n or transformation parameters you may do so
by modifying the code as you proposed. For the standard and interoperable
use of WSS4J I wouldn't recommend it.
 
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Hassan Faouaz [mailto:hfaouaz@aidatech.com] 
Gesendet: Dienstag, 5. April 2005 16:20
An: fx-dev@ws.apache.org
Betreff: setting the canonicalization algorithm using axis deployment script????
I have realized that if you use AXIS deploy script, the canonicalization algorthim is hardcoded. There is no way to change it, after looking at the code.  I had to change the WSSignEnvelope class to look at the options in the deploy script. Is this implemented somewhere, that I am not aware of? 
 
Code changes I made to allow setting canonicalization algorithm in WSDoAllSender.java, WSHandlerConstants.java.
 
 
<snip>
reqData.canonicalizationAlgo = (String) getOption(WSHandlerConstants.CONANICALIZATION_ALGO);
 
if (reqData.canonicalizationAlgo != null){
           wsSign.setSigCanonicalization(reqData.canonicalizationAlgo);
        } 
 
</snip>
 
is that true for transform algorithm as well???
 
Thanks in advance..
 
Hassan