You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Colm O hEigeartaigh <co...@progress.com> on 2009/06/02 12:24:49 UTC

RE: Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a http://www.w3.org/2000/09/xmldsig#:SignatureMethod element

Hi Mihir,

I just saw your mail recently when going through the archives. I had a
look at this issue. The problem is with the Axis1 SAAJ implementation,
not with XML-Security or WSS4J. Some test-code that shows the problem:

org.apache.xml.security.Init.init();
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage soapMessage = factory.createMessage();
Document doc = soapMessage.getSOAPPart();
Element sigElem = 
    XMLUtils.createElementInSignatureSpace(
        doc, Constants._TAG_SIGNATUREMETHOD);
System.out.println(sigElem.getLocalName());
System.out.println(sigElem.getPrefix());

The output *should* be:

SignatureMethod
ds

However, with Axis1 SAAJ the output is:

ds:SignatureMethod
null

This is a bug in the Axis1 SAAJ implementation. It's been fixed in the
Axis2 SAAJ implementation, so you might have better luck trying this. I
don't know if the Axis1 code is being maintained, you might want to file
a bug on the axis-user list if it's a blocker.

Colm.


-----Original Message-----
From: Mihir Mathuria [mailto:mmathuria@epoll.com] 
Sent: 19 March 2009 19:16
To: security-dev@xml.apache.org
Subject: Cannot create a
http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a
http://www.w3.org/2000/09/xmldsig#:SignatureMethod element


Hello,

I am trying to use Apache XML Security through Spring web services  
1.5.6 (WSS4JInterceptor) to digitally sign messages.

At runtime I get the following exception:

ERROR o.a.w.s.message.WSSecSignature -
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create  
a http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a
http://www.w3.org/2000/09/xmldsig# 
:SignatureMethod element
         at org.apache.xml.security.utils.ElementCheckerImpl 
$InternedNsChecker.guaranteeThatElementInCorrectSpace(Unknown Source)
         at  
org 
.apache 
.xml 
.security 
.utils.ElementProxy.guaranteeThatElementInCorrectSpace(Unknown Source)
         at org.apache.xml.security.utils.ElementProxy.<init>(Unknown  
Source)
         at  
org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown  
Source)
         at  
org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source)
         at  
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown  
Source)
         at  
org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
         at  
org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
         at  
org 
.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java: 
366)
         at  
org 
.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java: 
746)
         at  
org 
.apache 
.ws.security.action.SignatureAction.execute(SignatureAction.java:54)
         at  
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java: 
201)
         at  
org 
.springframework 
.ws.soap.security.wss4j.Wss4jHandler.doSenderAction(Wss4jHandler.java: 
162)
         at  
org 
.springframework 
.ws 
.soap 
.security 
.wss4j 
.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java: 
457)


I downloaded wssj-1.5.5 and xmlsec-1.4.2 source code to understand  
what's going on. Trying to construct XMLSignature in  
WSSecSignature.java throws the exception:

                 SignatureAlgorithm signatureAlgorithm = new  
SignatureAlgorithm(doc, sigAlgo);
                 sig = new XMLSignature(doc, null,  
signatureAlgorithm.getElement(), canonElem);

_constructionElement of signatureAlgorithm instance looks something  
like: <ds:SignatureMethod...../>. I am assuming, while creating  
instance of XMLSignature the guaranteeThatElementInCorrectSpace()  
method tries to compare <SignatureMethod.../> with  
<ds:SignatureMethod../> and hence the exception. For some reason the  
"ds" prefix does not get set in the call to XMLSignature's constructor.

Not sure if this is due to Wss4JInterceptor configuration, or  
conflicting jars or plain bug in wss4j-1.5.5 or xmlsec-1.4.2.

Could some one please guide.

Thanks,
-- 
Mihir Mathuria

Re: Cannot create a http://www.w3.org/2000/09/xmldsig#:ds:SignatureMethod from a http://www.w3.org/2000/09/xmldsig#:SignatureMethod element

Posted by Mihir Mathuria <mm...@epoll.com>.

Hi Colm,

Thanks for the response. Your explanation makes sense. Will inform the  
axis' moderators.

Thanks.