You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by yv...@freesurf.ch on 2005/09/14 18:01:27 UTC
interop with sun jwsdp-1.6
hello,
has anybody tried interop with sun jwsdp-1.6?
i cannot use wss4j to verify a message signed with jwsdp...? is this a known
issue?
the problem is, that the digests when resolving the references are not equal:
- Token reference uri: #XWSSGID-1126515797640161369913
- verify 2 References
- I am not requested to follow nested Manifests
- setElement("ds:Reference", "null")
- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
- I was asked to create a ResourceResolver and got 1
- extra resolvers to my existing 4 system-wide resolvers
- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
- enter engineResolve, look for: #XWSSGID-11265158021251414682510
- Tag: wsu:Timestamp, 'null'
- Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
- Attr: xmlns, ''
- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
- Tag: #text, '
'
- Tag: wsu:Created, 'null'
- Attr: xmlns, ''
- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
- Tag: #text, '2005-09-12T09:03:21Z'
- Tag: #text, '
'
- Tag: wsu:Expires, 'null'
- Attr: xmlns, ''
- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
- Tag: #text, '2005-09-12T09:08:21Z'
- Tag: #text, '
'
- engineResolve= 33
- exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
- Verification failed for URI "#XWSSGID-11265158021251414682510"
any hints?
gruss, yves
ps: attached is the soap message
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
AW: Re: AW: Re: AW: Re: interop with sun jwsdp-1.6
Posted by yv...@freesurf.ch.
yes, that's it! i didn't consider this property of the c14n algorithm. without
the newlines pointed out below, the verification is successful. thanks werner.
gruss, yves
>-- Originalnachricht --
>Date: Thu, 15 Sep 2005 11:15:20 +0200
>From: Werner Dittmann <We...@t-online.de>
>To: yves.hauser@freesurf.ch
>CC: wss4j-dev@ws.apache.org
>Subject: Re: AW: Re: AW: Re: interop with sun jwsdp-1.6
>
>
>Yves,
>
>until now we had no problems with c14n implementation. AFAIK we also
>had some interop test with JWSDP last year - pls have look at the wikki.
>
>On the other hand: there are of course newline characters, e.g. just
>behind, as a string this would contain "...</wsu:Created>\n". These
>newlines also appear in the Body and they count for the Signature. C14n
>does _not_ remove these newlines or other significant whitespace. This
>is a common misunderstanding that c14n does this.
>
>Regards,
>Werner
>
>yves.hauser@freesurf.ch wrote:
>> hi werner,
>> i don't think that the problem is due to 'pretty printing'. the timestamp
>> tag for example:
>>
>> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> wsu:Id="XWSSGID-1126712330472-1335315878">
>> <wsu:Created>2005-09-14T15:38:50Z</wsu:Created>
>> <wsu:Expires>2005-09-14T15:43:50Z</wsu:Expires>
>> </wsu:Timestamp>
>>
>> there are no newlines, tabs or blanks in the attribute values or in the
>data.
>> moreover, signature verification is successful doing it with jwsdp.
>> perhaps it's a problem with the canonicalization method implementation?
>>
>> gruss, yves
>>
>>
>>>-- Originalnachricht --
>>>Date: Thu, 15 Sep 2005 10:24:39 +0200
>>>From: Werner Dittmann <We...@t-online.de>
>>>To: yves.hauser@freesurf.ch
>>>CC: wss4j-dev@ws.apache.org
>>>Subject: Re: AW: Re: interop with sun jwsdp-1.6
>>>
>>>
>>>Yves,
>>>
>>>according to the trace and the SOAP request all looks ok. But somehow
>>>the Body was modified after the Signature was added. This very often
>>>is due to "pretty printing" the XML SOAP request after it got signed.
>>>"Prettey Printing": adding some newline and/or blanks/tabs to make
>>>the XML data mor readable. Do you know if that happens somehow on
>>>the JWSDP side?
>>>
>>>Regards,
>>>Werner
>>>
>>>
>>>yves.hauser@freesurf.ch wrote:
>>>
>>>>hi werner,
>>>>sorry, the log and the soap message in my previous mail did not correspond.
>>>>here is the correct log:
>>>>
>>>>- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
>>>>- enter processSecurityHeader()
>>>>- Processing WS-Security header for '' actor.
>>>>- Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>>>>- Found signature element
>>>>- Verify XML Signature
>>>>- setElement("ds:Signature", "null")
>>>>- setElement("ds:SignedInfo", "null")
>>>>- setElement("ds:SignatureMethod", "null")
>>>>- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>>>
>>>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>>
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>>>- Created SignatureDSA using SHA1withRSA
>>>>- setElement("ds:KeyInfo", "null")
>>>>- Token reference uri: #XWSSGID-1126712329621513364021
>>>>- verify 2 References
>>>>- I am not requested to follow nested Manifests
>>>>- setElement("ds:Reference", "null")
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>>- I was asked to create a ResourceResolver and got 1
>>>>- extra resolvers to my existing 4 system-wide resolvers
>>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>>- enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
>>>>- Tag: wsu:Timestamp, 'null'
>>>>- Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '
>>>>'
>>>>- Tag: wsu:Created, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '2005-09-14T15:38:50Z'
>>>>- Tag: #text, '
>>>>'
>>>>- Tag: wsu:Expires, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '2005-09-14T15:43:50Z'
>>>>- Tag: #text, '
>>>>'
>>>>- engineResolve= 24
>>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
>>>>- Verification failed for URI "#XWSSGID-1126712330472-1335315878"
>>>>- The Reference has Type
>>>>- setElement("ds:Reference", "null")
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>>- I was asked to create a ResourceResolver and got 1
>>>>- extra resolvers to my existing 4 system-wide resolvers
>>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>>- enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
>>>>- Tag: SOAP-ENV:Body, 'null'
>>>>- Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '
>>>>'
>>>>- Tag: tru:StockSymbol, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, 'QQQ'
>>>>- Tag: #text, '
>>>>'
>>>>- engineResolve= 6
>>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
>>>>- Verification failed for URI "#XWSSGID-1126712330478-1126252258"
>>>>- The Reference has Type
>>>>org.apache.ws.security.WSSecurityException: The signature verification
>>>
>>>failed
>>>
>>>> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>>>>
>>>>thanks, yves
>>>>
>>>>
>>>>
>>>>>-- Originalnachricht --
>>>>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>>>>From: Werner Dittmann <We...@t-online.de>
>>>>>To: yves.hauser@freesurf.ch
>>>>>CC: wss4j-dev@ws.apache.org
>>>>>Subject: Re: interop with sun jwsdp-1.6
>>>>>
><SNIP> --------------------- <SNAP>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
AW: Re: AW: Re: AW: Re: interop with sun jwsdp-1.6
Posted by yv...@freesurf.ch.
yes, that's it! i didn't consider this property of the c14n algorithm. without
the newlines pointed out below, the verification is successful. thanks werner.
gruss, yves
>-- Originalnachricht --
>Date: Thu, 15 Sep 2005 11:15:20 +0200
>From: Werner Dittmann <We...@t-online.de>
>To: yves.hauser@freesurf.ch
>CC: wss4j-dev@ws.apache.org
>Subject: Re: AW: Re: AW: Re: interop with sun jwsdp-1.6
>
>
>Yves,
>
>until now we had no problems with c14n implementation. AFAIK we also
>had some interop test with JWSDP last year - pls have look at the wikki.
>
>On the other hand: there are of course newline characters, e.g. just
>behind, as a string this would contain "...</wsu:Created>\n". These
>newlines also appear in the Body and they count for the Signature. C14n
>does _not_ remove these newlines or other significant whitespace. This
>is a common misunderstanding that c14n does this.
>
>Regards,
>Werner
>
>yves.hauser@freesurf.ch wrote:
>> hi werner,
>> i don't think that the problem is due to 'pretty printing'. the timestamp
>> tag for example:
>>
>> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> wsu:Id="XWSSGID-1126712330472-1335315878">
>> <wsu:Created>2005-09-14T15:38:50Z</wsu:Created>
>> <wsu:Expires>2005-09-14T15:43:50Z</wsu:Expires>
>> </wsu:Timestamp>
>>
>> there are no newlines, tabs or blanks in the attribute values or in the
>data.
>> moreover, signature verification is successful doing it with jwsdp.
>> perhaps it's a problem with the canonicalization method implementation?
>>
>> gruss, yves
>>
>>
>>>-- Originalnachricht --
>>>Date: Thu, 15 Sep 2005 10:24:39 +0200
>>>From: Werner Dittmann <We...@t-online.de>
>>>To: yves.hauser@freesurf.ch
>>>CC: wss4j-dev@ws.apache.org
>>>Subject: Re: AW: Re: interop with sun jwsdp-1.6
>>>
>>>
>>>Yves,
>>>
>>>according to the trace and the SOAP request all looks ok. But somehow
>>>the Body was modified after the Signature was added. This very often
>>>is due to "pretty printing" the XML SOAP request after it got signed.
>>>"Prettey Printing": adding some newline and/or blanks/tabs to make
>>>the XML data mor readable. Do you know if that happens somehow on
>>>the JWSDP side?
>>>
>>>Regards,
>>>Werner
>>>
>>>
>>>yves.hauser@freesurf.ch wrote:
>>>
>>>>hi werner,
>>>>sorry, the log and the soap message in my previous mail did not correspond.
>>>>here is the correct log:
>>>>
>>>>- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
>>>>- enter processSecurityHeader()
>>>>- Processing WS-Security header for '' actor.
>>>>- Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>>>>- Found signature element
>>>>- Verify XML Signature
>>>>- setElement("ds:Signature", "null")
>>>>- setElement("ds:SignedInfo", "null")
>>>>- setElement("ds:SignatureMethod", "null")
>>>>- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>>>
>>>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>>
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>>>- Created SignatureDSA using SHA1withRSA
>>>>- setElement("ds:KeyInfo", "null")
>>>>- Token reference uri: #XWSSGID-1126712329621513364021
>>>>- verify 2 References
>>>>- I am not requested to follow nested Manifests
>>>>- setElement("ds:Reference", "null")
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>>- I was asked to create a ResourceResolver and got 1
>>>>- extra resolvers to my existing 4 system-wide resolvers
>>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>>- enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
>>>>- Tag: wsu:Timestamp, 'null'
>>>>- Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '
>>>>'
>>>>- Tag: wsu:Created, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '2005-09-14T15:38:50Z'
>>>>- Tag: #text, '
>>>>'
>>>>- Tag: wsu:Expires, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '2005-09-14T15:43:50Z'
>>>>- Tag: #text, '
>>>>'
>>>>- engineResolve= 24
>>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
>>>>- Verification failed for URI "#XWSSGID-1126712330472-1335315878"
>>>>- The Reference has Type
>>>>- setElement("ds:Reference", "null")
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>>- I was asked to create a ResourceResolver and got 1
>>>>- extra resolvers to my existing 4 system-wide resolvers
>>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>>- enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
>>>>- Tag: SOAP-ENV:Body, 'null'
>>>>- Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, '
>>>>'
>>>>- Tag: tru:StockSymbol, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Tag: #text, 'QQQ'
>>>>- Tag: #text, '
>>>>'
>>>>- engineResolve= 6
>>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
>>>>- Verification failed for URI "#XWSSGID-1126712330478-1126252258"
>>>>- The Reference has Type
>>>>org.apache.ws.security.WSSecurityException: The signature verification
>>>
>>>failed
>>>
>>>> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>>>>
>>>>thanks, yves
>>>>
>>>>
>>>>
>>>>>-- Originalnachricht --
>>>>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>>>>From: Werner Dittmann <We...@t-online.de>
>>>>>To: yves.hauser@freesurf.ch
>>>>>CC: wss4j-dev@ws.apache.org
>>>>>Subject: Re: interop with sun jwsdp-1.6
>>>>>
><SNIP> --------------------- <SNAP>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: AW: Re: AW: Re: interop with sun jwsdp-1.6
Posted by Werner Dittmann <We...@t-online.de>.
Yves,
until now we had no problems with c14n implementation. AFAIK we also
had some interop test with JWSDP last year - pls have look at the wikki.
On the other hand: there are of course newline characters, e.g. just
behind, as a string this would contain "...</wsu:Created>\n". These
newlines also appear in the Body and they count for the Signature. C14n
does _not_ remove these newlines or other significant whitespace. This
is a common misunderstanding that c14n does this.
Regards,
Werner
yves.hauser@freesurf.ch wrote:
> hi werner,
> i don't think that the problem is due to 'pretty printing'. the timestamp
> tag for example:
>
> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="XWSSGID-1126712330472-1335315878">
> <wsu:Created>2005-09-14T15:38:50Z</wsu:Created>
> <wsu:Expires>2005-09-14T15:43:50Z</wsu:Expires>
> </wsu:Timestamp>
>
> there are no newlines, tabs or blanks in the attribute values or in the data.
> moreover, signature verification is successful doing it with jwsdp.
> perhaps it's a problem with the canonicalization method implementation?
>
> gruss, yves
>
>
>>-- Originalnachricht --
>>Date: Thu, 15 Sep 2005 10:24:39 +0200
>>From: Werner Dittmann <We...@t-online.de>
>>To: yves.hauser@freesurf.ch
>>CC: wss4j-dev@ws.apache.org
>>Subject: Re: AW: Re: interop with sun jwsdp-1.6
>>
>>
>>Yves,
>>
>>according to the trace and the SOAP request all looks ok. But somehow
>>the Body was modified after the Signature was added. This very often
>>is due to "pretty printing" the XML SOAP request after it got signed.
>>"Prettey Printing": adding some newline and/or blanks/tabs to make
>>the XML data mor readable. Do you know if that happens somehow on
>>the JWSDP side?
>>
>>Regards,
>>Werner
>>
>>
>>yves.hauser@freesurf.ch wrote:
>>
>>>hi werner,
>>>sorry, the log and the soap message in my previous mail did not correspond.
>>>here is the correct log:
>>>
>>>- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
>>>- enter processSecurityHeader()
>>>- Processing WS-Security header for '' actor.
>>>- Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>>>- Found signature element
>>>- Verify XML Signature
>>>- setElement("ds:Signature", "null")
>>>- setElement("ds:SignedInfo", "null")
>>>- setElement("ds:SignatureMethod", "null")
>>>- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>>
>>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>>- Created SignatureDSA using SHA1withRSA
>>>- setElement("ds:KeyInfo", "null")
>>>- Token reference uri: #XWSSGID-1126712329621513364021
>>>- verify 2 References
>>>- I am not requested to follow nested Manifests
>>>- setElement("ds:Reference", "null")
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>- I was asked to create a ResourceResolver and got 1
>>>- extra resolvers to my existing 4 system-wide resolvers
>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>- enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
>>>- Tag: wsu:Timestamp, 'null'
>>>- Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '
>>>'
>>>- Tag: wsu:Created, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '2005-09-14T15:38:50Z'
>>>- Tag: #text, '
>>>'
>>>- Tag: wsu:Expires, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '2005-09-14T15:43:50Z'
>>>- Tag: #text, '
>>>'
>>>- engineResolve= 24
>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
>>>- Verification failed for URI "#XWSSGID-1126712330472-1335315878"
>>>- The Reference has Type
>>>- setElement("ds:Reference", "null")
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>- I was asked to create a ResourceResolver and got 1
>>>- extra resolvers to my existing 4 system-wide resolvers
>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>- enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
>>>- Tag: SOAP-ENV:Body, 'null'
>>>- Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '
>>>'
>>>- Tag: tru:StockSymbol, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, 'QQQ'
>>>- Tag: #text, '
>>>'
>>>- engineResolve= 6
>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
>>>- Verification failed for URI "#XWSSGID-1126712330478-1126252258"
>>>- The Reference has Type
>>>org.apache.ws.security.WSSecurityException: The signature verification
>>
>>failed
>>
>>> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>>>
>>>thanks, yves
>>>
>>>
>>>
>>>>-- Originalnachricht --
>>>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>>>From: Werner Dittmann <We...@t-online.de>
>>>>To: yves.hauser@freesurf.ch
>>>>CC: wss4j-dev@ws.apache.org
>>>>Subject: Re: interop with sun jwsdp-1.6
>>>>
<SNIP> --------------------- <SNAP>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: AW: Re: AW: Re: interop with sun jwsdp-1.6
Posted by Werner Dittmann <We...@t-online.de>.
Yves,
until now we had no problems with c14n implementation. AFAIK we also
had some interop test with JWSDP last year - pls have look at the wikki.
On the other hand: there are of course newline characters, e.g. just
behind, as a string this would contain "...</wsu:Created>\n". These
newlines also appear in the Body and they count for the Signature. C14n
does _not_ remove these newlines or other significant whitespace. This
is a common misunderstanding that c14n does this.
Regards,
Werner
yves.hauser@freesurf.ch wrote:
> hi werner,
> i don't think that the problem is due to 'pretty printing'. the timestamp
> tag for example:
>
> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="XWSSGID-1126712330472-1335315878">
> <wsu:Created>2005-09-14T15:38:50Z</wsu:Created>
> <wsu:Expires>2005-09-14T15:43:50Z</wsu:Expires>
> </wsu:Timestamp>
>
> there are no newlines, tabs or blanks in the attribute values or in the data.
> moreover, signature verification is successful doing it with jwsdp.
> perhaps it's a problem with the canonicalization method implementation?
>
> gruss, yves
>
>
>>-- Originalnachricht --
>>Date: Thu, 15 Sep 2005 10:24:39 +0200
>>From: Werner Dittmann <We...@t-online.de>
>>To: yves.hauser@freesurf.ch
>>CC: wss4j-dev@ws.apache.org
>>Subject: Re: AW: Re: interop with sun jwsdp-1.6
>>
>>
>>Yves,
>>
>>according to the trace and the SOAP request all looks ok. But somehow
>>the Body was modified after the Signature was added. This very often
>>is due to "pretty printing" the XML SOAP request after it got signed.
>>"Prettey Printing": adding some newline and/or blanks/tabs to make
>>the XML data mor readable. Do you know if that happens somehow on
>>the JWSDP side?
>>
>>Regards,
>>Werner
>>
>>
>>yves.hauser@freesurf.ch wrote:
>>
>>>hi werner,
>>>sorry, the log and the soap message in my previous mail did not correspond.
>>>here is the correct log:
>>>
>>>- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
>>>- enter processSecurityHeader()
>>>- Processing WS-Security header for '' actor.
>>>- Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>>>- Found signature element
>>>- Verify XML Signature
>>>- setElement("ds:Signature", "null")
>>>- setElement("ds:SignedInfo", "null")
>>>- setElement("ds:SignatureMethod", "null")
>>>- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>>
>>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>>
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>>>- Created SignatureDSA using SHA1withRSA
>>>- setElement("ds:KeyInfo", "null")
>>>- Token reference uri: #XWSSGID-1126712329621513364021
>>>- verify 2 References
>>>- I am not requested to follow nested Manifests
>>>- setElement("ds:Reference", "null")
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>- I was asked to create a ResourceResolver and got 1
>>>- extra resolvers to my existing 4 system-wide resolvers
>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>- enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
>>>- Tag: wsu:Timestamp, 'null'
>>>- Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '
>>>'
>>>- Tag: wsu:Created, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '2005-09-14T15:38:50Z'
>>>- Tag: #text, '
>>>'
>>>- Tag: wsu:Expires, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '2005-09-14T15:43:50Z'
>>>- Tag: #text, '
>>>'
>>>- engineResolve= 24
>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
>>>- Verification failed for URI "#XWSSGID-1126712330472-1335315878"
>>>- The Reference has Type
>>>- setElement("ds:Reference", "null")
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>- I was asked to create a ResourceResolver and got 1
>>>- extra resolvers to my existing 4 system-wide resolvers
>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>- enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
>>>- Tag: SOAP-ENV:Body, 'null'
>>>- Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, '
>>>'
>>>- Tag: tru:StockSymbol, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Tag: #text, 'QQQ'
>>>- Tag: #text, '
>>>'
>>>- engineResolve= 6
>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
>>>- Verification failed for URI "#XWSSGID-1126712330478-1126252258"
>>>- The Reference has Type
>>>org.apache.ws.security.WSSecurityException: The signature verification
>>
>>failed
>>
>>> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>>>
>>>thanks, yves
>>>
>>>
>>>
>>>>-- Originalnachricht --
>>>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>>>From: Werner Dittmann <We...@t-online.de>
>>>>To: yves.hauser@freesurf.ch
>>>>CC: wss4j-dev@ws.apache.org
>>>>Subject: Re: interop with sun jwsdp-1.6
>>>>
<SNIP> --------------------- <SNAP>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
AW: Re: AW: Re: interop with sun jwsdp-1.6
Posted by yv...@freesurf.ch.
hi werner,
i don't think that the problem is due to 'pretty printing'. the timestamp
tag for example:
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="XWSSGID-1126712330472-1335315878">
<wsu:Created>2005-09-14T15:38:50Z</wsu:Created>
<wsu:Expires>2005-09-14T15:43:50Z</wsu:Expires>
</wsu:Timestamp>
there are no newlines, tabs or blanks in the attribute values or in the data.
moreover, signature verification is successful doing it with jwsdp.
perhaps it's a problem with the canonicalization method implementation?
gruss, yves
>-- Originalnachricht --
>Date: Thu, 15 Sep 2005 10:24:39 +0200
>From: Werner Dittmann <We...@t-online.de>
>To: yves.hauser@freesurf.ch
>CC: wss4j-dev@ws.apache.org
>Subject: Re: AW: Re: interop with sun jwsdp-1.6
>
>
>Yves,
>
>according to the trace and the SOAP request all looks ok. But somehow
>the Body was modified after the Signature was added. This very often
>is due to "pretty printing" the XML SOAP request after it got signed.
>"Prettey Printing": adding some newline and/or blanks/tabs to make
>the XML data mor readable. Do you know if that happens somehow on
>the JWSDP side?
>
>Regards,
>Werner
>
>
>yves.hauser@freesurf.ch wrote:
>> hi werner,
>> sorry, the log and the soap message in my previous mail did not correspond.
>> here is the correct log:
>>
>> - Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
>> - enter processSecurityHeader()
>> - Processing WS-Security header for '' actor.
>> - Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> - Found signature element
>> - Verify XML Signature
>> - setElement("ds:Signature", "null")
>> - setElement("ds:SignedInfo", "null")
>> - setElement("ds:SignatureMethod", "null")
>> - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>> - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> - Created SignatureDSA using SHA1withRSA
>> - setElement("ds:KeyInfo", "null")
>> - Token reference uri: #XWSSGID-1126712329621513364021
>> - verify 2 References
>> - I am not requested to follow nested Manifests
>> - setElement("ds:Reference", "null")
>> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>> - I was asked to create a ResourceResolver and got 1
>> - extra resolvers to my existing 4 system-wide resolvers
>> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>> - enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
>> - Tag: wsu:Timestamp, 'null'
>> - Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Created, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '2005-09-14T15:38:50Z'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Expires, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '2005-09-14T15:43:50Z'
>> - Tag: #text, '
>> '
>> - engineResolve= 24
>> - exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
>> - Verification failed for URI "#XWSSGID-1126712330472-1335315878"
>> - The Reference has Type
>> - setElement("ds:Reference", "null")
>> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>> - I was asked to create a ResourceResolver and got 1
>> - extra resolvers to my existing 4 system-wide resolvers
>> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>> - enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
>> - Tag: SOAP-ENV:Body, 'null'
>> - Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '
>> '
>> - Tag: tru:StockSymbol, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, 'QQQ'
>> - Tag: #text, '
>> '
>> - engineResolve= 6
>> - exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
>> - Verification failed for URI "#XWSSGID-1126712330478-1126252258"
>> - The Reference has Type
>> org.apache.ws.security.WSSecurityException: The signature verification
>failed
>> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>>
>> thanks, yves
>>
>>
>>>-- Originalnachricht --
>>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>>From: Werner Dittmann <We...@t-online.de>
>>>To: yves.hauser@freesurf.ch
>>>CC: wss4j-dev@ws.apache.org
>>>Subject: Re: interop with sun jwsdp-1.6
>>>
>>>
>>>Yves,
>>>
>>>the attached SOAP request is not the same as that is shown below :-)
>>>(Timestamps differ)
>>>
>>>Looking at the debug output and the attached SOAP I can see a
>>>difference:
>>>the debug output shows an additonal #text after the timestamps,
>>>this additional text cannot be seen in the attached SOAP request.
>>>
>>>How did you get the SOAP request? Can you try to get it via tcpmon
>>>somehow so that we can see what goes over the wire? It looks like
>>>the good old "pretty printing" problem where the requests are
>>>modified after adding the Signature.
>>>
>>>Regards,
>>>Werner
>>>
>>>
>>>yves.hauser@freesurf.ch wrote:
>>>
>>>>hello,
>>>>has anybody tried interop with sun jwsdp-1.6?
>>>>i cannot use wss4j to verify a message signed with jwsdp...? is this
a
>>>
>>>known
>>>
>>>>issue?
>>>>
>>>>the problem is, that the digests when resolving the references are not
>>>
>>>equal:
>>>
>>>>- Token reference uri: #XWSSGID-1126515797640161369913
>>>>- verify 2 References
>>>>- I am not requested to follow nested Manifests
>>>>- setElement("ds:Reference", "null")
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>>- I was asked to create a ResourceResolver and got 1
>>>>- extra resolvers to my existing 4 system-wide resolvers
>>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>>- enter engineResolve, look for: #XWSSGID-11265158021251414682510
>>>>- Tag: wsu:Timestamp, 'null'
>>>>- Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>>- Tag: #text, '
>>>> '
>>>>- Tag: wsu:Created, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>>- Tag: #text, '2005-09-12T09:03:21Z'
>>>>- Tag: #text, '
>>>> '
>>>>- Tag: wsu:Expires, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>>- Tag: #text, '2005-09-12T09:08:21Z'
>>>>- Tag: #text, '
>>>> '
>>>>- engineResolve= 33
>>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
>>>>- Verification failed for URI "#XWSSGID-11265158021251414682510"
>>>>
>>>>any hints?
>>>>gruss, yves
>>>>
>>>>ps: attached is the soap message
>>>>
>>>>
>>>>sunrise ADSL: gratis und so sicher wie noch nie
>>>>http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>>
>>
>>
>>
>> sunrise ADSL: gratis und so sicher wie noch nie
>> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>
>>
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
AW: Re: AW: Re: interop with sun jwsdp-1.6
Posted by yv...@freesurf.ch.
hi werner,
i don't think that the problem is due to 'pretty printing'. the timestamp
tag for example:
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="XWSSGID-1126712330472-1335315878">
<wsu:Created>2005-09-14T15:38:50Z</wsu:Created>
<wsu:Expires>2005-09-14T15:43:50Z</wsu:Expires>
</wsu:Timestamp>
there are no newlines, tabs or blanks in the attribute values or in the data.
moreover, signature verification is successful doing it with jwsdp.
perhaps it's a problem with the canonicalization method implementation?
gruss, yves
>-- Originalnachricht --
>Date: Thu, 15 Sep 2005 10:24:39 +0200
>From: Werner Dittmann <We...@t-online.de>
>To: yves.hauser@freesurf.ch
>CC: wss4j-dev@ws.apache.org
>Subject: Re: AW: Re: interop with sun jwsdp-1.6
>
>
>Yves,
>
>according to the trace and the SOAP request all looks ok. But somehow
>the Body was modified after the Signature was added. This very often
>is due to "pretty printing" the XML SOAP request after it got signed.
>"Prettey Printing": adding some newline and/or blanks/tabs to make
>the XML data mor readable. Do you know if that happens somehow on
>the JWSDP side?
>
>Regards,
>Werner
>
>
>yves.hauser@freesurf.ch wrote:
>> hi werner,
>> sorry, the log and the soap message in my previous mail did not correspond.
>> here is the correct log:
>>
>> - Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
>> - enter processSecurityHeader()
>> - Processing WS-Security header for '' actor.
>> - Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> - Found signature element
>> - Verify XML Signature
>> - setElement("ds:Signature", "null")
>> - setElement("ds:SignedInfo", "null")
>> - setElement("ds:SignatureMethod", "null")
>> - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>> - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> - Created SignatureDSA using SHA1withRSA
>> - setElement("ds:KeyInfo", "null")
>> - Token reference uri: #XWSSGID-1126712329621513364021
>> - verify 2 References
>> - I am not requested to follow nested Manifests
>> - setElement("ds:Reference", "null")
>> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>> - I was asked to create a ResourceResolver and got 1
>> - extra resolvers to my existing 4 system-wide resolvers
>> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>> - enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
>> - Tag: wsu:Timestamp, 'null'
>> - Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Created, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '2005-09-14T15:38:50Z'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Expires, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '2005-09-14T15:43:50Z'
>> - Tag: #text, '
>> '
>> - engineResolve= 24
>> - exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
>> - Verification failed for URI "#XWSSGID-1126712330472-1335315878"
>> - The Reference has Type
>> - setElement("ds:Reference", "null")
>> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>> - I was asked to create a ResourceResolver and got 1
>> - extra resolvers to my existing 4 system-wide resolvers
>> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>> - enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
>> - Tag: SOAP-ENV:Body, 'null'
>> - Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, '
>> '
>> - Tag: tru:StockSymbol, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Tag: #text, 'QQQ'
>> - Tag: #text, '
>> '
>> - engineResolve= 6
>> - exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
>> - Verification failed for URI "#XWSSGID-1126712330478-1126252258"
>> - The Reference has Type
>> org.apache.ws.security.WSSecurityException: The signature verification
>failed
>> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>>
>> thanks, yves
>>
>>
>>>-- Originalnachricht --
>>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>>From: Werner Dittmann <We...@t-online.de>
>>>To: yves.hauser@freesurf.ch
>>>CC: wss4j-dev@ws.apache.org
>>>Subject: Re: interop with sun jwsdp-1.6
>>>
>>>
>>>Yves,
>>>
>>>the attached SOAP request is not the same as that is shown below :-)
>>>(Timestamps differ)
>>>
>>>Looking at the debug output and the attached SOAP I can see a
>>>difference:
>>>the debug output shows an additonal #text after the timestamps,
>>>this additional text cannot be seen in the attached SOAP request.
>>>
>>>How did you get the SOAP request? Can you try to get it via tcpmon
>>>somehow so that we can see what goes over the wire? It looks like
>>>the good old "pretty printing" problem where the requests are
>>>modified after adding the Signature.
>>>
>>>Regards,
>>>Werner
>>>
>>>
>>>yves.hauser@freesurf.ch wrote:
>>>
>>>>hello,
>>>>has anybody tried interop with sun jwsdp-1.6?
>>>>i cannot use wss4j to verify a message signed with jwsdp...? is this
a
>>>
>>>known
>>>
>>>>issue?
>>>>
>>>>the problem is, that the digests when resolving the references are not
>>>
>>>equal:
>>>
>>>>- Token reference uri: #XWSSGID-1126515797640161369913
>>>>- verify 2 References
>>>>- I am not requested to follow nested Manifests
>>>>- setElement("ds:Reference", "null")
>>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>>- I was asked to create a ResourceResolver and got 1
>>>>- extra resolvers to my existing 4 system-wide resolvers
>>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>>- enter engineResolve, look for: #XWSSGID-11265158021251414682510
>>>>- Tag: wsu:Timestamp, 'null'
>>>>- Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>>- Tag: #text, '
>>>> '
>>>>- Tag: wsu:Created, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>>- Tag: #text, '2005-09-12T09:03:21Z'
>>>>- Tag: #text, '
>>>> '
>>>>- Tag: wsu:Expires, 'null'
>>>>- Attr: xmlns, ''
>>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>>- Tag: #text, '2005-09-12T09:08:21Z'
>>>>- Tag: #text, '
>>>> '
>>>>- engineResolve= 33
>>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
>>>>- Verification failed for URI "#XWSSGID-11265158021251414682510"
>>>>
>>>>any hints?
>>>>gruss, yves
>>>>
>>>>ps: attached is the soap message
>>>>
>>>>
>>>>sunrise ADSL: gratis und so sicher wie noch nie
>>>>http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>---------------------------------------------------------------------
>>>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>>
>>
>>
>>
>> sunrise ADSL: gratis und so sicher wie noch nie
>> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>
>>
>>
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: AW: Re: interop with sun jwsdp-1.6
Posted by Werner Dittmann <We...@t-online.de>.
Yves,
according to the trace and the SOAP request all looks ok. But somehow
the Body was modified after the Signature was added. This very often
is due to "pretty printing" the XML SOAP request after it got signed.
"Prettey Printing": adding some newline and/or blanks/tabs to make
the XML data mor readable. Do you know if that happens somehow on
the JWSDP side?
Regards,
Werner
yves.hauser@freesurf.ch wrote:
> hi werner,
> sorry, the log and the soap message in my previous mail did not correspond.
> here is the correct log:
>
> - Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
> - enter processSecurityHeader()
> - Processing WS-Security header for '' actor.
> - Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> - Found signature element
> - Verify XML Signature
> - setElement("ds:Signature", "null")
> - setElement("ds:SignedInfo", "null")
> - setElement("ds:SignatureMethod", "null")
> - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
> - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
> - Created SignatureDSA using SHA1withRSA
> - setElement("ds:KeyInfo", "null")
> - Token reference uri: #XWSSGID-1126712329621513364021
> - verify 2 References
> - I am not requested to follow nested Manifests
> - setElement("ds:Reference", "null")
> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
> - I was asked to create a ResourceResolver and got 1
> - extra resolvers to my existing 4 system-wide resolvers
> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
> - enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
> - Tag: wsu:Timestamp, 'null'
> - Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '
> '
> - Tag: wsu:Created, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '2005-09-14T15:38:50Z'
> - Tag: #text, '
> '
> - Tag: wsu:Expires, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '2005-09-14T15:43:50Z'
> - Tag: #text, '
> '
> - engineResolve= 24
> - exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
> - Verification failed for URI "#XWSSGID-1126712330472-1335315878"
> - The Reference has Type
> - setElement("ds:Reference", "null")
> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
> - I was asked to create a ResourceResolver and got 1
> - extra resolvers to my existing 4 system-wide resolvers
> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
> - enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
> - Tag: SOAP-ENV:Body, 'null'
> - Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '
> '
> - Tag: tru:StockSymbol, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, 'QQQ'
> - Tag: #text, '
> '
> - engineResolve= 6
> - exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
> - Verification failed for URI "#XWSSGID-1126712330478-1126252258"
> - The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification failed
> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>
> thanks, yves
>
>
>>-- Originalnachricht --
>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>From: Werner Dittmann <We...@t-online.de>
>>To: yves.hauser@freesurf.ch
>>CC: wss4j-dev@ws.apache.org
>>Subject: Re: interop with sun jwsdp-1.6
>>
>>
>>Yves,
>>
>>the attached SOAP request is not the same as that is shown below :-)
>>(Timestamps differ)
>>
>>Looking at the debug output and the attached SOAP I can see a
>>difference:
>>the debug output shows an additonal #text after the timestamps,
>>this additional text cannot be seen in the attached SOAP request.
>>
>>How did you get the SOAP request? Can you try to get it via tcpmon
>>somehow so that we can see what goes over the wire? It looks like
>>the good old "pretty printing" problem where the requests are
>>modified after adding the Signature.
>>
>>Regards,
>>Werner
>>
>>
>>yves.hauser@freesurf.ch wrote:
>>
>>>hello,
>>>has anybody tried interop with sun jwsdp-1.6?
>>>i cannot use wss4j to verify a message signed with jwsdp...? is this a
>>
>>known
>>
>>>issue?
>>>
>>>the problem is, that the digests when resolving the references are not
>>
>>equal:
>>
>>>- Token reference uri: #XWSSGID-1126515797640161369913
>>>- verify 2 References
>>>- I am not requested to follow nested Manifests
>>>- setElement("ds:Reference", "null")
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>- I was asked to create a ResourceResolver and got 1
>>>- extra resolvers to my existing 4 system-wide resolvers
>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>- enter engineResolve, look for: #XWSSGID-11265158021251414682510
>>>- Tag: wsu:Timestamp, 'null'
>>>- Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>- Tag: #text, '
>>> '
>>>- Tag: wsu:Created, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>- Tag: #text, '2005-09-12T09:03:21Z'
>>>- Tag: #text, '
>>> '
>>>- Tag: wsu:Expires, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>- Tag: #text, '2005-09-12T09:08:21Z'
>>>- Tag: #text, '
>>> '
>>>- engineResolve= 33
>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
>>>- Verification failed for URI "#XWSSGID-11265158021251414682510"
>>>
>>>any hints?
>>>gruss, yves
>>>
>>>ps: attached is the soap message
>>>
>>>
>>>sunrise ADSL: gratis und so sicher wie noch nie
>>>http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>>
>>>
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>
>
>
> sunrise ADSL: gratis und so sicher wie noch nie
> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: AW: Re: interop with sun jwsdp-1.6
Posted by Werner Dittmann <We...@t-online.de>.
Yves,
according to the trace and the SOAP request all looks ok. But somehow
the Body was modified after the Signature was added. This very often
is due to "pretty printing" the XML SOAP request after it got signed.
"Prettey Printing": adding some newline and/or blanks/tabs to make
the XML data mor readable. Do you know if that happens somehow on
the JWSDP side?
Regards,
Werner
yves.hauser@freesurf.ch wrote:
> hi werner,
> sorry, the log and the soap message in my previous mail did not correspond.
> here is the correct log:
>
> - Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
> - enter processSecurityHeader()
> - Processing WS-Security header for '' actor.
> - Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> - Found signature element
> - Verify XML Signature
> - setElement("ds:Signature", "null")
> - setElement("ds:SignedInfo", "null")
> - setElement("ds:SignatureMethod", "null")
> - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
> - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
> - Created SignatureDSA using SHA1withRSA
> - setElement("ds:KeyInfo", "null")
> - Token reference uri: #XWSSGID-1126712329621513364021
> - verify 2 References
> - I am not requested to follow nested Manifests
> - setElement("ds:Reference", "null")
> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
> - I was asked to create a ResourceResolver and got 1
> - extra resolvers to my existing 4 system-wide resolvers
> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
> - enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
> - Tag: wsu:Timestamp, 'null'
> - Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '
> '
> - Tag: wsu:Created, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '2005-09-14T15:38:50Z'
> - Tag: #text, '
> '
> - Tag: wsu:Expires, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '2005-09-14T15:43:50Z'
> - Tag: #text, '
> '
> - engineResolve= 24
> - exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
> - Verification failed for URI "#XWSSGID-1126712330472-1335315878"
> - The Reference has Type
> - setElement("ds:Reference", "null")
> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
> - I was asked to create a ResourceResolver and got 1
> - extra resolvers to my existing 4 system-wide resolvers
> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
> - enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
> - Tag: SOAP-ENV:Body, 'null'
> - Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, '
> '
> - Tag: tru:StockSymbol, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Tag: #text, 'QQQ'
> - Tag: #text, '
> '
> - engineResolve= 6
> - exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
> - Verification failed for URI "#XWSSGID-1126712330478-1126252258"
> - The Reference has Type
> org.apache.ws.security.WSSecurityException: The signature verification failed
> at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>
> thanks, yves
>
>
>>-- Originalnachricht --
>>Date: Thu, 15 Sep 2005 08:42:26 +0200
>>From: Werner Dittmann <We...@t-online.de>
>>To: yves.hauser@freesurf.ch
>>CC: wss4j-dev@ws.apache.org
>>Subject: Re: interop with sun jwsdp-1.6
>>
>>
>>Yves,
>>
>>the attached SOAP request is not the same as that is shown below :-)
>>(Timestamps differ)
>>
>>Looking at the debug output and the attached SOAP I can see a
>>difference:
>>the debug output shows an additonal #text after the timestamps,
>>this additional text cannot be seen in the attached SOAP request.
>>
>>How did you get the SOAP request? Can you try to get it via tcpmon
>>somehow so that we can see what goes over the wire? It looks like
>>the good old "pretty printing" problem where the requests are
>>modified after adding the Signature.
>>
>>Regards,
>>Werner
>>
>>
>>yves.hauser@freesurf.ch wrote:
>>
>>>hello,
>>>has anybody tried interop with sun jwsdp-1.6?
>>>i cannot use wss4j to verify a message signed with jwsdp...? is this a
>>
>>known
>>
>>>issue?
>>>
>>>the problem is, that the digests when resolving the references are not
>>
>>equal:
>>
>>>- Token reference uri: #XWSSGID-1126515797640161369913
>>>- verify 2 References
>>>- I am not requested to follow nested Manifests
>>>- setElement("ds:Reference", "null")
>>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>>>- I was asked to create a ResourceResolver and got 1
>>>- extra resolvers to my existing 4 system-wide resolvers
>>>- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>>>- enter engineResolve, look for: #XWSSGID-11265158021251414682510
>>>- Tag: wsu:Timestamp, 'null'
>>>- Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>- Tag: #text, '
>>> '
>>>- Tag: wsu:Created, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>- Tag: #text, '2005-09-12T09:03:21Z'
>>>- Tag: #text, '
>>> '
>>>- Tag: wsu:Expires, 'null'
>>>- Attr: xmlns, ''
>>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>>>- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>>>- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>>>- Tag: #text, '2005-09-12T09:08:21Z'
>>>- Tag: #text, '
>>> '
>>>- engineResolve= 33
>>>- exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
>>>- Verification failed for URI "#XWSSGID-11265158021251414682510"
>>>
>>>any hints?
>>>gruss, yves
>>>
>>>ps: attached is the soap message
>>>
>>>
>>>sunrise ADSL: gratis und so sicher wie noch nie
>>>http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>>
>>>
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>
>
>
> sunrise ADSL: gratis und so sicher wie noch nie
> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
AW: Re: interop with sun jwsdp-1.6
Posted by yv...@freesurf.ch.
hi werner,
sorry, the log and the soap message in my previous mail did not correspond.
here is the correct log:
- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
- enter processSecurityHeader()
- Processing WS-Security header for '' actor.
- Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
- Found signature element
- Verify XML Signature
- setElement("ds:Signature", "null")
- setElement("ds:SignedInfo", "null")
- setElement("ds:SignatureMethod", "null")
- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
- Created SignatureDSA using SHA1withRSA
- setElement("ds:KeyInfo", "null")
- Token reference uri: #XWSSGID-1126712329621513364021
- verify 2 References
- I am not requested to follow nested Manifests
- setElement("ds:Reference", "null")
- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
- I was asked to create a ResourceResolver and got 1
- extra resolvers to my existing 4 system-wide resolvers
- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
- enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
- Tag: wsu:Timestamp, 'null'
- Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '
'
- Tag: wsu:Created, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '2005-09-14T15:38:50Z'
- Tag: #text, '
'
- Tag: wsu:Expires, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '2005-09-14T15:43:50Z'
- Tag: #text, '
'
- engineResolve= 24
- exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
- Verification failed for URI "#XWSSGID-1126712330472-1335315878"
- The Reference has Type
- setElement("ds:Reference", "null")
- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
- I was asked to create a ResourceResolver and got 1
- extra resolvers to my existing 4 system-wide resolvers
- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
- enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
- Tag: SOAP-ENV:Body, 'null'
- Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '
'
- Tag: tru:StockSymbol, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, 'QQQ'
- Tag: #text, '
'
- engineResolve= 6
- exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
- Verification failed for URI "#XWSSGID-1126712330478-1126252258"
- The Reference has Type
org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
thanks, yves
>-- Originalnachricht --
>Date: Thu, 15 Sep 2005 08:42:26 +0200
>From: Werner Dittmann <We...@t-online.de>
>To: yves.hauser@freesurf.ch
>CC: wss4j-dev@ws.apache.org
>Subject: Re: interop with sun jwsdp-1.6
>
>
>Yves,
>
>the attached SOAP request is not the same as that is shown below :-)
>(Timestamps differ)
>
>Looking at the debug output and the attached SOAP I can see a
>difference:
>the debug output shows an additonal #text after the timestamps,
>this additional text cannot be seen in the attached SOAP request.
>
>How did you get the SOAP request? Can you try to get it via tcpmon
>somehow so that we can see what goes over the wire? It looks like
>the good old "pretty printing" problem where the requests are
>modified after adding the Signature.
>
>Regards,
>Werner
>
>
>yves.hauser@freesurf.ch wrote:
>> hello,
>> has anybody tried interop with sun jwsdp-1.6?
>> i cannot use wss4j to verify a message signed with jwsdp...? is this a
>known
>> issue?
>>
>> the problem is, that the digests when resolving the references are not
>equal:
>>
>> - Token reference uri: #XWSSGID-1126515797640161369913
>> - verify 2 References
>> - I am not requested to follow nested Manifests
>> - setElement("ds:Reference", "null")
>> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>> - I was asked to create a ResourceResolver and got 1
>> - extra resolvers to my existing 4 system-wide resolvers
>> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>> - enter engineResolve, look for: #XWSSGID-11265158021251414682510
>> - Tag: wsu:Timestamp, 'null'
>> - Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
>> - Attr: xmlns, ''
>> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Created, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>> - Tag: #text, '2005-09-12T09:03:21Z'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Expires, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>> - Tag: #text, '2005-09-12T09:08:21Z'
>> - Tag: #text, '
>> '
>> - engineResolve= 33
>> - exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
>> - Verification failed for URI "#XWSSGID-11265158021251414682510"
>>
>> any hints?
>> gruss, yves
>>
>> ps: attached is the soap message
>>
>>
>> sunrise ADSL: gratis und so sicher wie noch nie
>> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
AW: Re: interop with sun jwsdp-1.6
Posted by yv...@freesurf.ch.
hi werner,
sorry, the log and the soap message in my previous mail did not correspond.
here is the correct log:
- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin]
- enter processSecurityHeader()
- Processing WS-Security header for '' actor.
- Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
- Found signature element
- Verify XML Signature
- setElement("ds:Signature", "null")
- setElement("ds:SignedInfo", "null")
- setElement("ds:SignatureMethod", "null")
- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
- Created SignatureDSA using SHA1withRSA
- setElement("ds:KeyInfo", "null")
- Token reference uri: #XWSSGID-1126712329621513364021
- verify 2 References
- I am not requested to follow nested Manifests
- setElement("ds:Reference", "null")
- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
- I was asked to create a ResourceResolver and got 1
- extra resolvers to my existing 4 system-wide resolvers
- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
- enter engineResolve, look for: #XWSSGID-1126712330472-1335315878
- Tag: wsu:Timestamp, 'null'
- Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '
'
- Tag: wsu:Created, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '2005-09-14T15:38:50Z'
- Tag: #text, '
'
- Tag: wsu:Expires, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '2005-09-14T15:43:50Z'
- Tag: #text, '
'
- engineResolve= 24
- exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null
- Verification failed for URI "#XWSSGID-1126712330472-1335315878"
- The Reference has Type
- setElement("ds:Reference", "null")
- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
- I was asked to create a ResourceResolver and got 1
- extra resolvers to my existing 4 system-wide resolvers
- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
- enter engineResolve, look for: #XWSSGID-1126712330478-1126252258
- Tag: SOAP-ENV:Body, 'null'
- Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '
'
- Tag: tru:StockSymbol, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
- Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, 'QQQ'
- Tag: #text, '
'
- engineResolve= 6
- exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null
- Verification failed for URI "#XWSSGID-1126712330478-1126252258"
- The Reference has Type
org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
thanks, yves
>-- Originalnachricht --
>Date: Thu, 15 Sep 2005 08:42:26 +0200
>From: Werner Dittmann <We...@t-online.de>
>To: yves.hauser@freesurf.ch
>CC: wss4j-dev@ws.apache.org
>Subject: Re: interop with sun jwsdp-1.6
>
>
>Yves,
>
>the attached SOAP request is not the same as that is shown below :-)
>(Timestamps differ)
>
>Looking at the debug output and the attached SOAP I can see a
>difference:
>the debug output shows an additonal #text after the timestamps,
>this additional text cannot be seen in the attached SOAP request.
>
>How did you get the SOAP request? Can you try to get it via tcpmon
>somehow so that we can see what goes over the wire? It looks like
>the good old "pretty printing" problem where the requests are
>modified after adding the Signature.
>
>Regards,
>Werner
>
>
>yves.hauser@freesurf.ch wrote:
>> hello,
>> has anybody tried interop with sun jwsdp-1.6?
>> i cannot use wss4j to verify a message signed with jwsdp...? is this a
>known
>> issue?
>>
>> the problem is, that the digests when resolving the references are not
>equal:
>>
>> - Token reference uri: #XWSSGID-1126515797640161369913
>> - verify 2 References
>> - I am not requested to follow nested Manifests
>> - setElement("ds:Reference", "null")
>> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>> - I was asked to create a ResourceResolver and got 1
>> - extra resolvers to my existing 4 system-wide resolvers
>> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>> - enter engineResolve, look for: #XWSSGID-11265158021251414682510
>> - Tag: wsu:Timestamp, 'null'
>> - Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
>> - Attr: xmlns, ''
>> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Created, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>> - Tag: #text, '2005-09-12T09:03:21Z'
>> - Tag: #text, '
>> '
>> - Tag: wsu:Expires, 'null'
>> - Attr: xmlns, ''
>> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
>> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
>> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
>> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
>> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
>> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
>> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
>> - Tag: #text, '2005-09-12T09:08:21Z'
>> - Tag: #text, '
>> '
>> - engineResolve= 33
>> - exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
>> - Verification failed for URI "#XWSSGID-11265158021251414682510"
>>
>> any hints?
>> gruss, yves
>>
>> ps: attached is the soap message
>>
>>
>> sunrise ADSL: gratis und so sicher wie noch nie
>> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: interop with sun jwsdp-1.6
Posted by Werner Dittmann <We...@t-online.de>.
Yves,
the attached SOAP request is not the same as that is shown below :-)
(Timestamps differ)
Looking at the debug output and the attached SOAP I can see a
difference:
the debug output shows an additonal #text after the timestamps,
this additional text cannot be seen in the attached SOAP request.
How did you get the SOAP request? Can you try to get it via tcpmon
somehow so that we can see what goes over the wire? It looks like
the good old "pretty printing" problem where the requests are
modified after adding the Signature.
Regards,
Werner
yves.hauser@freesurf.ch wrote:
> hello,
> has anybody tried interop with sun jwsdp-1.6?
> i cannot use wss4j to verify a message signed with jwsdp...? is this a known
> issue?
>
> the problem is, that the digests when resolving the references are not equal:
>
> - Token reference uri: #XWSSGID-1126515797640161369913
> - verify 2 References
> - I am not requested to follow nested Manifests
> - setElement("ds:Reference", "null")
> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
> - I was asked to create a ResourceResolver and got 1
> - extra resolvers to my existing 4 system-wide resolvers
> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
> - enter engineResolve, look for: #XWSSGID-11265158021251414682510
> - Tag: wsu:Timestamp, 'null'
> - Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
> - Attr: xmlns, ''
> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
> - Tag: #text, '
> '
> - Tag: wsu:Created, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
> - Tag: #text, '2005-09-12T09:03:21Z'
> - Tag: #text, '
> '
> - Tag: wsu:Expires, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
> - Tag: #text, '2005-09-12T09:08:21Z'
> - Tag: #text, '
> '
> - engineResolve= 33
> - exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
> - Verification failed for URI "#XWSSGID-11265158021251414682510"
>
> any hints?
> gruss, yves
>
> ps: attached is the soap message
>
>
> sunrise ADSL: gratis und so sicher wie noch nie
> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>
>
>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: interop with sun jwsdp-1.6
Posted by Werner Dittmann <We...@t-online.de>.
Yves,
the attached SOAP request is not the same as that is shown below :-)
(Timestamps differ)
Looking at the debug output and the attached SOAP I can see a
difference:
the debug output shows an additonal #text after the timestamps,
this additional text cannot be seen in the attached SOAP request.
How did you get the SOAP request? Can you try to get it via tcpmon
somehow so that we can see what goes over the wire? It looks like
the good old "pretty printing" problem where the requests are
modified after adding the Signature.
Regards,
Werner
yves.hauser@freesurf.ch wrote:
> hello,
> has anybody tried interop with sun jwsdp-1.6?
> i cannot use wss4j to verify a message signed with jwsdp...? is this a known
> issue?
>
> the problem is, that the digests when resolving the references are not equal:
>
> - Token reference uri: #XWSSGID-1126515797640161369913
> - verify 2 References
> - I am not requested to follow nested Manifests
> - setElement("ds:Reference", "null")
> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
> - I was asked to create a ResourceResolver and got 1
> - extra resolvers to my existing 4 system-wide resolvers
> - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
> - enter engineResolve, look for: #XWSSGID-11265158021251414682510
> - Tag: wsu:Timestamp, 'null'
> - Attr: wsu:Id, 'XWSSGID-11265158021251414682510'
> - Attr: xmlns, ''
> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
> - Tag: #text, '
> '
> - Tag: wsu:Created, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
> - Tag: #text, '2005-09-12T09:03:21Z'
> - Tag: #text, '
> '
> - Tag: wsu:Expires, 'null'
> - Attr: xmlns, ''
> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/'
> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/'
> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types'
> - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
> - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema'
> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance'
> - Tag: #text, '2005-09-12T09:08:21Z'
> - Tag: #text, '
> '
> - engineResolve= 33
> - exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null
> - Verification failed for URI "#XWSSGID-11265158021251414682510"
>
> any hints?
> gruss, yves
>
> ps: attached is the soap message
>
>
> sunrise ADSL: gratis und so sicher wie noch nie
> http://www.sunrise.ch/home/proint/proint_ads-2.htm
>
>
>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org