'[jira] [Closed] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be val'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    [jira] [Closed] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be val
From:       "Gene B. (JIRA)" <jira () apache ! org>
Date:       2014-08-28 21:15:10
Message-ID: JIRA.12735516.1408563444021.3688.1409260510413 () arcas
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Gene B. closed WSS-508.
-----------------------

       Resolution: Fixed
    Fix Version/s: 2.0.2

The fix is verified on WebSphere AS 7.0.1 and IBM JDK 1.6.x; JAX-WS client can now \
correctly generate canonicalized SignedInfo and this signature can be validated by \
the producer running on the same Web service / application server stack.

> When using "add inclusive prefixes" and EXC C14N - signature cannot be validated
> --------------------------------------------------------------------------------
> 
> Key: WSS-508
> URL: https://issues.apache.org/jira/browse/WSS-508
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.0, 2.0.1
> Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
> Reporter: Gene B.
> Assignee: Colm O hEigeartaigh
> Fix For: 2.0.2
> 
> Attachments: log 01 - signature verification failed with InclusiveNamespaces \
> PrefixList.txt, log 02 - signature verification ok - signed by SOAP UI.txt, log_03a \
> - consumer - sign message use InclusiveNamespaces prefix list.txt, log_03b - \
> provider - signature verification failed.txt, \
> request1-printedby-provider-signedby-soapui.xml, \
> request1-printedby-provider-signedby-wss4j.xml 
> 
> Security implemented using WSS4J securement/validation action approach. We are \
> trying to sign the body. The provider is a JAX-WS service running on WebSphere \
> JAX-WS stack. Custom handler uses WSS4j to validate security.  The consumer is a \
> WebSphere JAX-WS dispatch client – also attaching custom security handler. \
> Signature can be validated on the provider side when EXC C14N canonicalization is \
> specified with BST compliance flag relaxed. That is because when we chose to add \
> "InclusiveNamespaces" "PrefixList" on the consumer side, verification fails. When \
> the same test is done with the SOAP UI – signature verifies Ok – so I am \
> blaming the consumer – the signing process - not verification process. I am \
> attaching a log file which shows verification failure when the InclusiveNamespaces \
> option is used. If not for this option – this verification would've been a \
> success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic