'[jira] [Commented] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be '

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    [jira] [Commented] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be 
From:       "Gene B. (JIRA)" <jira () apache ! org>
Date:       2014-08-27 21:06:58
Message-ID: JIRA.12735516.1408563444021.26851.1409173618641 () arcas
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14112845#comment-14112845 \
] 

Gene B. commented on WSS-508:
-----------------------------

Marc, that last change you checked in actually did the trick - the issue does not \
appear anymore; and I can visually confirm that the namespaces are correctly added to \
the canonocalized SignedInfo on the consumer side. 

Thank you for looking into this even though it appeared as though the problem was \
with the DOM provider at some point. I'll do a few more tests tomorrow, and I will \
close this issue after everything checks out Ok.

> When using "add inclusive prefixes" and EXC C14N - signature cannot be validated
> --------------------------------------------------------------------------------
> 
> Key: WSS-508
> URL: https://issues.apache.org/jira/browse/WSS-508
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.0, 2.0.1
> Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
> Reporter: Gene B.
> Assignee: Colm O hEigeartaigh
> Attachments: log 01 - signature verification failed with InclusiveNamespaces \
> PrefixList.txt, log 02 - signature verification ok - signed by SOAP UI.txt, log_03a \
> - consumer - sign message use InclusiveNamespaces prefix list.txt, log_03b - \
> provider - signature verification failed.txt, \
> request1-printedby-provider-signedby-soapui.xml, \
> request1-printedby-provider-signedby-wss4j.xml 
> 
> Security implemented using WSS4J securement/validation action approach. We are \
> trying to sign the body. The provider is a JAX-WS service running on WebSphere \
> JAX-WS stack. Custom handler uses WSS4j to validate security.  The consumer is a \
> WebSphere JAX-WS dispatch client – also attaching custom security handler. \
> Signature can be validated on the provider side when EXC C14N canonicalization is \
> specified with BST compliance flag relaxed. That is because when we chose to add \
> "InclusiveNamespaces" "PrefixList" on the consumer side, verification fails. When \
> the same test is done with the SOAP UI – signature verifies Ok – so I am \
> blaming the consumer – the signing process - not verification process. I am \
> attaching a log file which shows verification failure when the InclusiveNamespaces \
> option is used. If not for this option – this verification would've been a \
> success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic