You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Werner Dittmann (JIRA)" <ji...@apache.org> on 2006/02/16 13:48:02 UTC

[jira] Closed: (WSS-19) c14n algorithm doesn't support default namespaces

     [ http://issues.apache.org/jira/browse/WSS-19?page=all ]
     
Werner Dittmann closed WSS-19:
------------------------------

    Resolution: Won't Fix

IMHO this behaviour is due to some Axis1 settings that try to optimize namespace usage.
WSS4J can't do anything about this.

> c14n algorithm doesn't support default namespaces
> -------------------------------------------------
>
>          Key: WSS-19
>          URL: http://issues.apache.org/jira/browse/WSS-19
>      Project: WSS4J
>         Type: Bug
>  Environment: WSS4J 1.1.0, Axis 1.2.1, Sun JDK 1.5.0-03, Xerces 2.6.2 (as part of JBoss 4.0.2)
>     Reporter: Chris Nappin
>     Assignee: Davanum Srinivas

>
> There appears to be a fault with the c14n algorithm in wss4j, in that it doesn't handle default namespaces correctly, and valid documents fail verification.
> When signing and sending the following SOAP body with WSS4J:
> <Nominal xmlns="http://www.test.com/Test">
>     <name>Bert</name>
>     <number>1234</number>
> </Nominal>
> The c14n algorithm changes it to:
> <ns1:Nominal xmlns="http://www.test.com/Test" xmlns:ns1="http://www.test.com/Test">
>     <ns1:name>Bert</ns1:name>
>     <ns1:number>1234</ns1:number>
> </ns1:Nominal>
> Note it hasn't understood the default namespace, but has left it on.
> On the server side, this document always fails to validate and WSS4J throws a security exception, for example:
> Verification failed for URI "#id-20214052"
> org.apache.ws.security.WSSecurityException: The signature verification failed at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:644)
> ..etc..
> If the client and server code and configuration is left identical, but the document changed to use explicit namespaces as follows:
> <myns:Nominal xmlns:myns="http://www.test.com/Test">
>     <myns:name>Bert</myns:name>
>     <myns:number>1234</myns:number>
> </myns:Nominal>
> This is then unaltered by the wss4j on the wire, and the server verifies the signature as valid.
> If you require any any further details (e.g. the full client code, property files etc), please email me.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org