[jira] [Commented] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be validated

Mon, 25 Aug 2014 14:47:28 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14109795#comment-14109795
 ] 

Gene B. commented on WSS-508:
-----------------------------

Let me clarify my previous comment: I am only signing the "body" part, not the 
whole document. Why do I care that Signed Info did not have all NS-s listed 
under the Signed Info on the consumer?

> When using "add inclusive prefixes" and EXC C14N - signature cannot be 
> validated
> --------------------------------------------------------------------------------
>
>                 Key: WSS-508
>                 URL: https://issues.apache.org/jira/browse/WSS-508
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.0.0, 2.0.1
>         Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
>            Reporter: Gene B.
>            Assignee: Colm O hEigeartaigh
>         Attachments: log 01 - signature verification failed with 
> InclusiveNamespaces PrefixList.txt, log 02 - signature verification ok - 
> signed by SOAP UI.txt, log_03a - consumer - sign message use 
> InclusiveNamespaces prefix list.txt, log_03b - provider - signature 
> verification failed.txt, request1-printedby-provider-signedby-soapui.xml, 
> request1-printedby-provider-signedby-wss4j.xml
>
>
> Security implemented using WSS4J securement/validation action approach. We 
> are trying to sign the body.
> The provider is a JAX-WS service running on WebSphere JAX-WS stack. Custom 
> handler uses WSS4j to validate security. 
> The consumer is a WebSphere JAX-WS dispatch client – also attaching custom 
> security handler.
> Signature can be validated on the provider side when EXC C14N 
> canonicalization is specified with BST compliance flag relaxed. That is 
> because when we chose to add “InclusiveNamespaces” “PrefixList” on the 
> consumer side, verification fails. When the same test is done with the SOAP 
> UI – signature verifies Ok – so I am blaming the consumer – the signing 
> process - not verification process.
> I am attaching a log file which shows verification failure when the 
> InclusiveNamespaces option is used. If not for this option – this 
> verification would’ve been a success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to