[jira] [Closed] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be validated

Thu, 28 Aug 2014 14:16:07 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gene B. closed WSS-508.
-----------------------

       Resolution: Fixed
    Fix Version/s: 2.0.2

The fix is verified on WebSphere AS 7.0.1 and IBM JDK 1.6.x; JAX-WS client can 
now correctly generate canonicalized SignedInfo and this signature can be 
validated by the producer running on the same Web service / application server 
stack.

> When using "add inclusive prefixes" and EXC C14N - signature cannot be 
> validated
> --------------------------------------------------------------------------------
>
>                 Key: WSS-508
>                 URL: https://issues.apache.org/jira/browse/WSS-508
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.0.0, 2.0.1
>         Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
>            Reporter: Gene B.
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.0.2
>
>         Attachments: log 01 - signature verification failed with 
> InclusiveNamespaces PrefixList.txt, log 02 - signature verification ok - 
> signed by SOAP UI.txt, log_03a - consumer - sign message use 
> InclusiveNamespaces prefix list.txt, log_03b - provider - signature 
> verification failed.txt, request1-printedby-provider-signedby-soapui.xml, 
> request1-printedby-provider-signedby-wss4j.xml
>
>
> Security implemented using WSS4J securement/validation action approach. We 
> are trying to sign the body.
> The provider is a JAX-WS service running on WebSphere JAX-WS stack. Custom 
> handler uses WSS4j to validate security. 
> The consumer is a WebSphere JAX-WS dispatch client – also attaching custom 
> security handler.
> Signature can be validated on the provider side when EXC C14N 
> canonicalization is specified with BST compliance flag relaxed. That is 
> because when we chose to add “InclusiveNamespaces” “PrefixList” on the 
> consumer side, verification fails. When the same test is done with the SOAP 
> UI – signature verifies Ok – so I am blaming the consumer – the signing 
> process - not verification process.
> I am attaching a log file which shows verification failure when the 
> InclusiveNamespaces option is used. If not for this option – this 
> verification would’ve been a success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to