'[jira] [Issue Comment Deleted] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signatur'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    [jira] [Issue Comment Deleted] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signatur
From:       "Gene B. (JIRA)" <jira () apache ! org>
Date:       2014-08-21 17:31:12
Message-ID: JIRA.12735516.1408563444021.3068.1408642272488 () arcas
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Gene B. updated WSS-508:
------------------------

    Comment: was deleted

(was: Thanks for the comment, Andreas. I do not think this issue you're describing is \
what's affecting us. The IBM issue talks about prefix names should appear the same as \
required by the C14N. I think they are confusing prefix names with whitespaces - \
those are required to be preserved for signature to validate. Prefix names should not \
matter. In my case - the whitespaces are in fact preserved, and the digest checksums \
are validated Ok. It's something to do with the Inclusive namespaces list - hopefully \
Colm could shed some light on it.)

> When using "add inclusive prefixes" and EXC C14N - signature cannot be validated
> --------------------------------------------------------------------------------
> 
> Key: WSS-508
> URL: https://issues.apache.org/jira/browse/WSS-508
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.0, 2.0.1
> Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
> Reporter: Gene B.
> Assignee: Colm O hEigeartaigh
> Attachments: log 01 - signature verification failed with InclusiveNamespaces \
> PrefixList.txt, log 02 - signature verification ok - signed by SOAP UI.txt, \
> request1-printedby-provider-signedby-soapui.xml, \
> request1-printedby-provider-signedby-wss4j.xml 
> 
> Security implemented using WSS4J securement/validation action approach. We are \
> trying to sign the body. The provider is a JAX-WS service running on WebSphere \
> JAX-WS stack. Custom handler uses WSS4j to validate security.  The consumer is a \
> WebSphere JAX-WS dispatch client – also attaching custom security handler. \
> Signature can be validated on the provider side when EXC C14N canonicalization is \
> specified with BST compliance flag relaxed. That is because when we chose to add \
> "InclusiveNamespaces" "PrefixList" on the consumer side, verification fails. When \
> the same test is done with the SOAP UI – signature verifies Ok – so I am \
> blaming the consumer – the signing process - not verification process. I am \
> attaching a log file which shows verification failure when the InclusiveNamespaces \
> option is used. If not for this option – this verification would've been a \
> success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic