You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by od...@accenture.com on 2005/12/01 15:03:55 UTC

WSS4J Namespace Problems when signing

Dear Developers,

 

Sorry for pasting on the developer list, but could not find another forum and have a suspicion that this might be a bug.

 

I am trying to do a simple XML-signature, but it seems like the library adds a number of additional namespace tags and the signature is not verified when received by a commercial XML gateway with the following message "The XPath expression has selected no nodes, make sure the namespace and prefix match the required namespace http://www.w3.org/2000/09/xmldsig#".

 

The code I am using is cut'n'paste from the examples on the website, with some alterations (mustunderstand=false and selection of alias for the keystore) and is included below.

 

Also included are the SOAP-envelope used as input (through a simple parser) and the resulting output. My main concern is the creation of empty xmlns-tags, i.e. xmlns="".

 

Appreciate your time and help,

 

Best regards,

 

Oddbjorn Heimdal

 

---

 

import javax.xml.parsers.DocumentBuilder;

import javax.xml.parsers.DocumentBuilderFactory;

import javax.xml.parsers.ParserConfigurationException;

import javax.xml.transform.Source;

import javax.xml.transform.Transformer;

import javax.xml.transform.TransformerConfigurationException;

import javax.xml.transform.TransformerFactory;

import javax.xml.transform.dom.DOMSource;

import javax.xml.transform.stream.StreamResult;

import org.apache.ws.security.WSEncryptionPart;

import org.apache.ws.security.WSConstants;

import org.apache.ws.security.WSSecurityException;

import org.apache.ws.security.components.crypto.Crypto;

import org.apache.ws.security.components.crypto.CryptoFactory;

import org.apache.ws.security.message.WSSignEnvelope;

import org.w3c.dom.Document;

import org.apache.ws.security.components.crypto.Merlin;

import java.io.*;

 

/**

 *

 * @author Administrator

 */

public class Main {

 

    /** Creates a new instance of Main */

    public Main() {

    }

    

    /**

     * @param args the command line arguments

     */

    public static void main(String[] args) {

        

        try{

            

            String message = getSOAPEnvelope("quack quack");

        

            Document envelope = parse(message);        

            WSSignEnvelope signer = new WSSignEnvelope();

            signer.setMustUnderstand(false);

            signer.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);

            signer.setUserInfo("user", "accenture");

 

            Crypto crypto = CryptoFactory.getInstance("crypto.properties");

            

            envelope = signer.build(envelope, crypto);

        

            String output = serialise(envelope);

            

            System.out.println(output);

        

        }catch(WSSecurityException e){

            System.out.println(e.getMessage());

        }        

    }

 

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Body>

    <Echo xmlns="http://tempuri.org/">

      <input>quack quack</input>

    </Echo>  

  </soap:Body>

</soap:Envelope>

 

<?xml version="1.0" encoding="UTF-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns="">

<soap:Header xmlns="" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns="" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<ds:SignedInfo xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

<ds:Reference URI="#id-1729135" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<ds:Transforms xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>

<ds:DigestValue xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ZueXliVOFkvykLuyDP/EiCrjk18=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">GxULeCftQNQe9Zj7RDPVPVGlEQQGSZQYBHd7uZ6b1C8Ozwd3SBqSZA==</ds:SignatureValue>

<ds:KeyInfo Id="KeyId-14651377" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-6308367" xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:X509IssuerSerial xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<ds:X509IssuerName xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">CN=Accenture Web Service Security Demo Authority,DC=wsdemo,DC=accenture,DC=loc</ds:X509IssuerName>

 

<ds:X509SerialNumber xmlns="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">82116573519794241798160</ds:X509SerialNumber>

</ds:X509IssuerSerial></wsse:SecurityTokenReference>

</ds:KeyInfo>

</ds:Signature></wsse:Security></soap:Header>

  <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1729135" xmlns="" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

    <Echo xmlns="http://tempuri.org/" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">      <input xmlns="http://tempuri.org/" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">quack quack</input>

    </Echo>  </soap:Body></soap:Envelope>

 

___________________________________________________________________

Oddbjorn Heimdal

Accenture Global Technology Consulting - Security Techologies 

449, route des CrĂȘtes, BP99, 06902 Sophia Antipolis (France)

Direct : +33 4 92.94.88.11 - Fax : +33 4 92.94.67.99 - Octel : 29/48811

oddbjorn.heimdal@accenture.com

 



This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information.  If you have received it in error, please notify the sender immediately and delete the original.  Any other use of the email by you is prohibited.