You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "rudolf schamberger (JIRA)" <ax...@ws.apache.org> on 2005/04/29 14:57:25 UTC
[jira] Commented: (AXIS-1968) CLONE -Problem with namespace handling in Axis 1.2 : break XML Signature
[ http://issues.apache.org/jira/browse/AXIS-1968?page=comments#action_64056 ]
rudolf schamberger commented on AXIS-1968:
------------------------------------------
I am also facing problems with the AXIS XML namespace handling which breakes the XML signature.
I got the expected result when I worked with a SOAP client using the old axis1.1 version (result: see attached file SignatureResponse_axis1.1.xml). After switching to a newer version Axis1.2rc3 or even newer versions (e.g. tested with an own src build at 21th of april 05 (AXIS-1889 already fixed)) I found a problem with multiple declared XML namespaces.
In the attached response (file: SignatureResponse_axis1.2rc3_nightly_build.xml) the xmlns:dsig NS which is defined 2nd time in the element md:Mandate is removed. This behavior is problematic when working with XML signatures.
> CLONE -Problem with namespace handling in Axis 1.2 : break XML Signature
> ------------------------------------------------------------------------
>
> Key: AXIS-1968
> URL: http://issues.apache.org/jira/browse/AXIS-1968
> Project: Axis
> Type: Bug
> Environment: Windows 2000, Tomcat 5.0
> Reporter: rudolf schamberger
> Assignee: Davanum Srinivas
> Attachments: MOASSRequest.xml, SignatureResponse_axis1.1.xml, SignatureResponse_axis1.2rc3_21apr05_build.xml, axis.jar
>
> I have a web service (Message style) working with Axis 1.1
> When upgrading to Axis 1.2, it doesn't work anymore because of a namespace management that changes in Axis 1.2.
> Details of the problem :
> The web service is of type :
> public Document execute(Document body)
> it returns a signed document
> The client have to verify the signature of the response.
> At the end of this mail, you can see the message sent by the server and the message received by the client
> You can see that the message has been changed during transfer : all
> namespace definitions have moved to the root element.
> The document is still syntactically correct, but the signature is broken...
> It's a serious problem if Axis 1.2 is no more compatible with xml
> signature.
> Message sent by the server :
> <name1:roottag xmlns:name1="http://name1.com">
> <name2:child1 xmlns:name2="http://name2.com">
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
> qjVJp7Iic3opzb8VQKpLvle1ZME=
> </ds:SignatureValue>
> </ds:Signature></name1:roottag>
> Message received by the client :
> <name1:roottag xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:name1="http://name1.com" xmlns:name2="http://name2.com">
> <name2:child1>
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
> qjVJp7Iic3opzb8VQKpLvle1ZME=
> </ds:SignatureValue>
> </ds:Signature></name1:roottag>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira