'[jira] [Updated] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be va'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    [jira] [Updated] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be va
From:       "Gene B. (JIRA)" <jira () apache ! org>
Date:       2014-08-25 15:09:58
Message-ID: JIRA.12735516.1408563444021.3915.1408979398522 () arcas
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Gene B. updated WSS-508:
------------------------

    Attachment: log_03b - provider - signature verification failed.txt
                log_03a - consumer - sign message use InclusiveNamespaces prefix \
list.txt

Marc, I am attaching both consumer and producer files at debug level per your \
request. The thing that caught my attention is the digest value of the only signed \
part (body) checks out Ok. Something else fails, and it happens when the inclusive \
namespaces prefix list is added (at the default setting).

> When using "add inclusive prefixes" and EXC C14N - signature cannot be validated
> --------------------------------------------------------------------------------
> 
> Key: WSS-508
> URL: https://issues.apache.org/jira/browse/WSS-508
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.0, 2.0.1
> Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
> Reporter: Gene B.
> Assignee: Colm O hEigeartaigh
> Attachments: log 01 - signature verification failed with InclusiveNamespaces \
> PrefixList.txt, log 02 - signature verification ok - signed by SOAP UI.txt, log_03a \
> - consumer - sign message use InclusiveNamespaces prefix list.txt, log_03b - \
> provider - signature verification failed.txt, \
> request1-printedby-provider-signedby-soapui.xml, \
> request1-printedby-provider-signedby-wss4j.xml 
> 
> Security implemented using WSS4J securement/validation action approach. We are \
> trying to sign the body. The provider is a JAX-WS service running on WebSphere \
> JAX-WS stack. Custom handler uses WSS4j to validate security.  The consumer is a \
> WebSphere JAX-WS dispatch client – also attaching custom security handler. \
> Signature can be validated on the provider side when EXC C14N canonicalization is \
> specified with BST compliance flag relaxed. That is because when we chose to add \
> "InclusiveNamespaces" "PrefixList" on the consumer side, verification fails. When \
> the same test is done with the SOAP UI – signature verifies Ok – so I am \
> blaming the consumer – the signing process - not verification process. I am \
> attaching a log file which shows verification failure when the InclusiveNamespaces \
> option is used. If not for this option – this verification would've been a \
> success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic