You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "valerie.bauche" <va...@bull.net> on 2005/03/16 11:31:41 UTC
Problem with namespace handling in Axis 1.2 : break XML Signature
I have a web service (Message style) working with Axis 1.1
When upgrading to Axis 1.2, it doesn't work anymore because of a
namespace management that changes in Axis 1.2.
Details of the problem :
The web service is of type :
public Document execute(Document body)
it returns a signed document
The client have to verify the signature of the response.
At the end of this mail, you can see the message sent by the server and
the message received by the client
You can see that the message has been changed during transfer : all
namespace definitions have moved to the root element.
The document is still syntactically correct, but the signature is broken...
It's a serious problem if Axis 1.2 is no more compatible with xml
signature. Is there a way to solve this problem ? Is it a bug ?
Message sent by the server :
<name1:roottag xmlns:name1="http://name1.com">
<name2:child1 xmlns:name2="http://name2.com">
<name2:child2>text</name2:child2>
</name2:child1>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
qjVJp7Iic3opzb8VQKpLvle1ZME=
</ds:SignatureValue>
</ds:Signature></name1:roottag>
Message received by the client :
<name1:roottag xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:name1="http://name1.com" xmlns:name2="http://name2.com">
<name2:child1>
<name2:child2>text</name2:child2>
</name2:child1>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
qjVJp7Iic3opzb8VQKpLvle1ZME=
</ds:SignatureValue>
</ds:Signature></name1:roottag>
Re: Problem with namespace handling in Axis 1.2 : break XML Signature
Posted by Anne Thomas Manes <at...@gmail.com>.
Yes, this is a bug. Axis should not modify the contents of the message
during message-style processing. Please file a bug report.
Anne
On Wed, 16 Mar 2005 11:31:41 +0100, valerie.bauche
<va...@bull.net> wrote:
> I have a web service (Message style) working with Axis 1.1
> When upgrading to Axis 1.2, it doesn't work anymore because of a
> namespace management that changes in Axis 1.2.
>
> Details of the problem :
> The web service is of type :
> public Document execute(Document body)
> it returns a signed document
> The client have to verify the signature of the response.
>
> At the end of this mail, you can see the message sent by the server and
> the message received by the client
>
> You can see that the message has been changed during transfer : all
> namespace definitions have moved to the root element.
> The document is still syntactically correct, but the signature is broken...
>
> It's a serious problem if Axis 1.2 is no more compatible with xml
> signature. Is there a way to solve this problem ? Is it a bug ?
>
> Message sent by the server :
>
> <name1:roottag xmlns:name1="http://name1.com">
> <name2:child1 xmlns:name2="http://name2.com">
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
>
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
> qjVJp7Iic3opzb8VQKpLvle1ZME=
> </ds:SignatureValue>
> </ds:Signature></name1:roottag>
>
> Message received by the client :
> <name1:roottag xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:name1="http://name1.com" xmlns:name2="http://name2.com">
> <name2:child1>
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
>
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
> qjVJp7Iic3opzb8VQKpLvle1ZME=
> </ds:SignatureValue>
> </ds:Signature></name1:roottag>
>
>