Hi Jamie,
It appears to me that the tcp log and the server log don't tally.
The tcp-log shows attribute in Timestamp as u:Id whilst the server-log
shows wsu:Id.
May be the server expects attribute to be with wsu: prefix.
Could you please try this...
1. Open RAMPART/src/util/rampart_signature.c
2. Change line(273) to
oxs_axiom_add_attribute(env, node_to_sign, RAMPART_WSU,
RAMPART_WSU_XMLNS,OXS_ATTR_ID, id);
See that I've changed prefix, from "u:" to "wsu:"
Let me know if this works with Axis1. If not we might have to dig
further into the problem :).
Cheers,
Kaushalye
Jamie Lyon wrote:
Replies inline:
I've successfully got Rampart/C set up, and have the client signing
messages, however the digests are failing to verify for all items
apart from the Body.
You mean the digest of the body is verified but not for other parts?
It appears to be that way, yes. At least, the Axis1/Java isn't throwing
any verification failed errors for the Body.
It might also be of interest that even with just <sp:Body/> in the
SignedParts, the timestamp is still signed, so I can't test to see
if
the message is accepted when only the Body is signed (is there a way
to turn this off?). There is also the message "No Signed parts
specified. Using the body." when only the body is specified.
The behavior is, if a Timestamp is present Rampart/C signs it as per
the
WS-Security Policy Specification(Section 7.2).
So if signing is enabled, and there is a Timestamp, Rampart/C signs
it.
Okay, this is fine, I would want to sign it eventually anyway, I was
just curious as to whether there was a way to disable it for testing
purposes.
An error that might be significant is: "OXS ERROR [x509.c:385 in
openssl_x509_get_subject_key_identifier] oxs defualt error , The
extenension index of NID_subject_key_identifier is not valid"
(spelling mistakes in original error message).
Did you get this error in the client side? (Since you are using
Rampart/C client against WSS4J )
Yes, that's from the client with Axis2/C|Rampart/C, it can be seen in
the debug.log I included with the last message, just above the first
c14n debug output, but it's also printed to the screen when running.
The reference belongs to the Timestamp element, in which the digest
verification fails. But the problem is how the Body signature was
verified? (please confirm this).
Have you tried to use Rampart/C for the verification of a message
signed
by WSS4J?
BTW, Rampart/C interop with Rampart/Java, which uses WSS4J. :)
I've attached the Axis logs for messages with and without a timestamp.
It appears to me as though the one without the timestamp is being
verified correctly, although it then of course returns to me a
'timestamp missing' error.
Could the problem be that the c14n transforms are not working correctly?
I'm currently trying to get axis/java to output the xml that it is
producing a digest on, to make sure that they match.
Thanks,
Jamie
------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
http://kaushalye.blogspot.com/
http://wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
