[prev in list] [next in list] [prev in thread] [next in thread]
List: xmlrpc-user
Subject: Re: inclusive namespace question
From: Colm O hEigeartaigh <coheigea () apache ! org>
Date: 2018-07-04 8:01:09
Message-ID: CAB8XdGCqk+Z_49PjvN8ieSwtQwF5xhTh3tNsAB4XPUaCCr1eyQ () mail ! gmail ! com
[Download RAW message or body]
Well the PrefixList in SOAP-UI is actually empty - so there should be no
need to generate it. WSS4J doesn't add the InclusiveNamespaces structure if
the PrefixList is empty.
Colm.
On Tue, Jul 3, 2018 at 6:46 PM, Jason Hall <jason.hall@mchsi.com> wrote:
> Trying to figure out "InclusiveNamespaces" difference in SOAPUI and WSS4J
> implementation.
>
> In the following code snippet:
> Document doc = toSOAPPart(requestSoapString);
> //SOAPConstants soapConstants = WSSecurityUtil.
> getSOAPConstants(doc.getDocumentElement());
> WSSecHeader secHeader = new WSSecHeader(doc);
> secHeader.insertSecurityHeader();
> secHeader.setMustUnderstand(true);
>
> WSSecTimestamp timestamp = new WSSecTimestamp();
> timestamp.setTimeToLive(300);
> timestamp.build(doc, secHeader);
>
> //Prepare for signature
> WSSecSignature builder = new WSSecSignature();
> builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
> builder.setSignatureAlgorithm(WSConstants.RSA_SHA1);
> builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_
> COMMENTS);
> builder.setDigestAlgo(WSConstants.SHA1);
> builder.setAddInclusivePrefixes(true);
> builder.setUserInfo(keyAlias, keyPass);
> builder.setUseSingleCertificate(true);
>
> WSEncryptionPart encP = new WSEncryptionPart(WSConstants.ELEM_BODY,
> WSConstants.URI_SOAP11_ENV, "Content");
> builder.getParts().add(encP);
> Document signedDoc = builder.build(doc, passwordCrypto, secHeader);
> String outputString
> = XMLUtils.PrettyDocumentToString(signedDoc);
>
> The above produces the following snippet:
>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#">
> <ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:CanonicalizationMethod>
> <ds:SignatureMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="#Id-206467045">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <dsigestMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#sha1"/>
> <dsigestValue>PEvtq8JdLh8GBzKs0Dow+DWES+k=</
> dsigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
>
> In SOAPUI, I have chosen the same (or what I think is the same) parameters
> in the signature screen options
> . It produces the following snippet:
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#">
> <ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:CanonicalizationMethod>
> <ds:SignatureMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="#Id-206467045">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#">
> <ec:InclusiveNamespaces PrefixList="" xmlns:ec="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transform>
> </ds:Transforms>
> <dsigestMethod Algorithm="http://www.w3.org/
> 2000/09/xmldsig#sha1"/>
> <dsigestValue>lQsfZK8weX2vRvHYDZTl9ECLzWQ=</
> dsigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
>
> My question is: in WSS4J - what is needed to produce the
> ec:<ec:InclusiveNamespaces .... in the <ds:Transform Algorithm=.... as
> SOAPUI does in the snippet of:
>
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/
> 2001/10/xml-exc-c14n#">
> <ec:InclusiveNamespaces PrefixList="" xmlns:ec="
> http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transform>
> </ds:Transforms> ?
>
> I am sure this is something easy that I am missing ?
>
> thanks,
> Jason
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: dev-help@ws.apache.org
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[Attachment #3 (text/html)]
<div dir="ltr"><div><br></div><div>Well the PrefixList in SOAP-UI is actually empty - \
so there should be no need to generate it. WSS4J doesn't add the \
InclusiveNamespaces structure if the PrefixList is \
empty.<br></div><div><br></div><div>Colm.<br></div></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 3, 2018 at 6:46 PM, \
Jason Hall <span dir="ltr"><<a href="mailto:jason.hall@mchsi.com" \
target="_blank">jason.hall@mchsi.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Trying to figure out "InclusiveNamespaces" \
difference in SOAPUI and WSS4J implementation.<br> <br>
In the following code snippet:<br>
Document doc = toSOAPPart(requestSoapString);<br>
//SOAPConstants soapConstants = \
WSSecurityUtil.<wbr>getSOAPConstants(doc.<wbr>getDocumentElement()); <br> \
WSSecHeader secHeader = new WSSecHeader(doc);<br> \
secHeader.<wbr>insertSecurityHeader();<br> \
secHeader.setMustUnderstand(<wbr>true);<br> <br>
WSSecTimestamp timestamp = new WSSecTimestamp();<br>
timestamp.setTimeToLive(300);<br>
timestamp.build(doc, secHeader);<br>
<br>
//Prepare for signature<br>
WSSecSignature builder = new WSSecSignature();<br>
builder.setKeyIdentifierType(<wbr>WSConstants.BST_DIRECT_<wbr>REFERENCE);<br>
builder.setSignatureAlgorithm(<wbr>WSConstants.RSA_SHA1);<br>
builder.<wbr>setSigCanonicalization(<wbr>WSConstants.C14N_EXCL_OMIT_<wbr>COMMENTS);<br>
builder.setDigestAlgo(<wbr>WSConstants.SHA1);<br>
builder.<wbr>setAddInclusivePrefixes(true);<br>
builder.setUserInfo(keyAlias, keyPass);<br>
builder.<wbr>setUseSingleCertificate(true);<br>
<br>
WSEncryptionPart encP = new WSEncryptionPart(WSConstants.<wbr>ELEM_BODY, \
WSConstants.URI_SOAP11_ENV, "Content");<br> \
builder.getParts().add(encP);<br>
Document signedDoc = builder.build(doc, passwordCrypto, secHeader);<br>
String outputString<br>
= XMLUtils.<wbr>PrettyDocumentToString(<wbr>signedDoc);<br>
<br>
The above produces the following snippet:<br>
<br>
<ds:SignedInfo><br>
<ds:CanonicalizationMethod Algorithm="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"><br> \
<ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"/><br> \
</ds:CanonicalizationMethod><br> <ds:SignatureMethod Algorithm="<a \
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2000/09/xmldsig#rsa-sha1</a>"/><br>
<ds:Reference URI="#Id-206467045"><br>
<ds:Transforms><br>
<ds:Transform Algorithm="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"/><br> \
</ds:Transforms><br> <dsigestMethod Algorithm="<a \
href="http://www.w3.org/2000/09/xmldsig#sha1" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2000/09/xmldsig#sha1</a>"/><br>
\
<dsigestValue><wbr>PEvtq8JdLh8GBzKs0Dow+DWES+k=</<wbr>dsigestValue><br> \
</ds:Reference><br> </ds:SignedInfo><br>
<br>
<br>
In SOAPUI, I have chosen the same (or what I think is the same) parameters in the \
signature screen options<br>
. It produces the following snippet:<br>
<ds:SignedInfo><br>
<ds:CanonicalizationMethod Algorithm="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"><br> \
<ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"/><br> \
</ds:CanonicalizationMethod><br> <ds:SignatureMethod Algorithm="<a \
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2000/09/xmldsig#rsa-sha1</a>"/><br>
<ds:Reference URI="#Id-206467045"><br>
<ds:Transforms><br>
<ds:Transform Algorithm="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"><br> \
<ec:InclusiveNamespaces PrefixList="" xmlns:ec="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"/><br> \
</ds:Transform><br> </ds:Transforms><br>
<dsigestMethod Algorithm="<a \
href="http://www.w3.org/2000/09/xmldsig#sha1" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2000/09/xmldsig#sha1</a>"/><br>
\
<dsigestValue><wbr>lQsfZK8weX2vRvHYDZTl9ECLzWQ=</<wbr>dsigestValue><br> \
</ds:Reference><br> </ds:SignedInfo><br>
<br>
<br>
My question is: in WSS4J - what is needed to produce the \
ec:<ec:InclusiveNamespaces .... in the <ds:Transform Algorithm=.... as SOAPUI \
does in the snippet of:<br> <br>
<ds:Transforms><br>
<ds:Transform Algorithm="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"><br> \
<ec:InclusiveNamespaces PrefixList="" xmlns:ec="<a \
href="http://www.w3.org/2001/10/xml-exc-c14n#" rel="noreferrer" \
target="_blank">http://www.w3.org/<wbr>2001/10/xml-exc-c14n#</a>"/><br> \
</ds:Transform><br> </ds:Transforms> ?<br>
<br>
I am sure this is something easy that I am missing ?<br>
<br>
thanks,<br>
Jason<br>
<br>
------------------------------<wbr>------------------------------<wbr>---------<br>
To unsubscribe, e-mail: <a \
href="mailto:dev-unsubscribe@ws.apache.org">dev-unsubscribe@ws.apache.org</a><br> For \
additional commands, e-mail: <a \
href="mailto:dev-help@ws.apache.org">dev-help@ws.apache.org</a><br> <br>
</blockquote></div><br></div><br clear="all"><br>-- <br><div class="gmail_signature" \
data-smartmail="gmail_signature">Colm O hEigeartaigh<br><br>Talend Community \
Coder<br><a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><br></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic