You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by "Gene B. (JIRA)" <ji...@apache.org> on 2014/08/21 19:31:12 UTC

[jira] [Issue Comment Deleted] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be validated

     [ https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gene B. updated WSS-508:
------------------------

    Comment: was deleted

(was: Thanks for the comment, Andreas. I do not think this issue you're describing is what's affecting us. The IBM issue talks about prefix names should appear the same as required by the C14N. I think they are confusing prefix names with whitespaces - those are required to be preserved for signature to validate. Prefix names should not matter. In my case - the whitespaces are in fact preserved, and the digest checksums are validated Ok. It's something to do with the Inclusive namespaces list - hopefully Colm could shed some light on it.)

> When using "add inclusive prefixes" and EXC C14N - signature cannot be validated
> --------------------------------------------------------------------------------
>
>                 Key: WSS-508
>                 URL: https://issues.apache.org/jira/browse/WSS-508
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.0.0, 2.0.1
>         Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
>            Reporter: Gene B.
>            Assignee: Colm O hEigeartaigh
>         Attachments: log 01 - signature verification failed with InclusiveNamespaces PrefixList.txt, log 02 - signature verification ok - signed by SOAP UI.txt, request1-printedby-provider-signedby-soapui.xml, request1-printedby-provider-signedby-wss4j.xml
>
>
> Security implemented using WSS4J securement/validation action approach. We are trying to sign the body.
> The provider is a JAX-WS service running on WebSphere JAX-WS stack. Custom handler uses WSS4j to validate security. 
> The consumer is a WebSphere JAX-WS dispatch client – also attaching custom security handler.
> Signature can be validated on the provider side when EXC C14N canonicalization is specified with BST compliance flag relaxed. That is because when we chose to add “InclusiveNamespaces” “PrefixList” on the consumer side, verification fails. When the same test is done with the SOAP UI – signature verifies Ok – so I am blaming the consumer – the signing process - not verification process.
> I am attaching a log file which shows verification failure when the InclusiveNamespaces option is used. If not for this option – this verification would’ve been a success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org