You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/11/11 18:35:14 UTC
[jira] Resolved: (WSS-181) Signature verification should not fail
due to default namespaces added after singing when using exclusive
canonicalization
[ https://issues.apache.org/jira/browse/WSS-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-181.
-------------------------------------
Resolution: Won't Fix
I'm marking this issue as won't-fix, as it's not a WSS4J problem.
Possibly setting the Axis configuration "enableNamespacePrefixOptimization" to false might solve it.
See this thread for more details on a similar problem:
http://www.mail-archive.com/wss4j-dev@ws.apache.org/msg01909.html
Colm.
> Signature verification should not fail due to default namespaces added after singing when using exclusive canonicalization
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-181
> URL: https://issues.apache.org/jira/browse/WSS-181
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: tomcat + axis 1.4 + wss4j 1.5.7
> Reporter: Nitin Handa
> Assignee: Ruchith Udayanga Fernando
> Priority: Blocker
> Attachments: wss4j.log
>
>
> Signature verification failing but it should not when using exclusive canonicalization.
> Below timestamp element was signed by owsm:-
> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-iZia05BtcBfzdM8WfpM1fA22">
> <wsu:Created ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-20T17:09:24Z</wsu:Created>
> <wsu:Expires ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-20T17:14:24Z</wsu:Expires></wsu:Timestamp>
> while below timestamp element was received by wss4j:-
> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" *xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" *wsu:Id="Timestamp-iZia05BtcBfzdM8WfpM1fA22">
> <wsu:Created ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-20T17:09:24Z</wsu:Created>
> <wsu:Expires ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-20T17:14:24Z</wsu:Expires></wsu:Timestamp>
> note that default namespace is also there so wss4j verification failed while it should be ignored as this default namespace is unused.
> This same case is with STR and BST too..
> Canonicalized STR & BST at wss4j end used default namespace which canonicalization
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org