You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Christof Soehngen <Ch...@SYRACOM.DE> on 2004/03/30 11:42:51 UTC

WSS4j: Signing elements with empty namespace not possible

Hello list,
 
at the moment, it seems not to be possible to include elements that have an empty namespace (xmlns="" or no namespace and no default namespace from ancestors) into an own signaturePart when signing parts of the message.
 
There are two possibilities for using the parameter:
 
<parameter name="signatureParts" value="elementWithNoNS" />
or
<parameter name="signatureParts" value="{}{}elementWithNoNS" />
 
Both of them get the soapConstants.getEnvelopeURI() set as nmSpace.
 
I suggest adding another possibilty, maybe
<parameter name="signatureParts" value="{}elementWithNoNS" />
to indicate an empty namespace (String nmSpace = "")?
 
Btw., does XMLSignatureVerification check the hash of the real transferred element that was signed or only the DigestValue given in the transferred message (I never understood why DigestValue is there in the first place, there is no security if it is used instead of calculating the hash of the real transferred element)?
 
Regards,
Christof
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.F-Secure.com/