Filippo,
well, now I'm pretty sure that the signature verification fails because the SOAP request,
in particular the XML elements between the "SignedInfo" tags of the request, were
modified _after_ the Signature was computed and inserted. Modifying a document,
in this case the "SignedInfo" part of the request, _after_ signing results in a failure
of the Signature verification.
As written in my previous mail it seems to me that the kSoap stack does some sort of "pretty printing" of the SOAP request after your programm did the Signature.
Can you give me some more information about how you generated the Signature? How you hand over the signed request to kSoap or how you integrated WSS4J with kSoap? This info may lead to a bettr understanding of the problem and can aid us in solving it. Maybe you can give us some code snippets to see whats happening?
Regards, Werner
filippo schrieb:
I not sure that the vm (like jdk 1.1) for devices, PDA, smart phone support axis client, thus make soap with ksoap api.
The stack “soap request” sent in the previous email is procured from sniffer before the web server axis receive it.
I don’t know because signature verification failed, i checked too the hexadecimal value digest and signature in both cases, the request are the same.
Thanks
Ing. Filippo Aiello
---------------------------------------------
E-Guide S.R.L.
Via Pietro Bucci, Capannone C
Arcavacata di Rende (Cs)
Tel.: 0984/493180
Mob: +39.348.5240323
Fax: 0984/493057
E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
---------------------------
------------------------------------------------------------------------
*Da:* Dittmann Werner [mailto:[EMAIL PROTECTED] *Inviato:* giovedì 24 marzo 2005 16.24 *A:* 'filippo'; [email protected] *Cc:* Gianluigi Brasili; Arnaldo Campanella; Adriana Pietramala *Oggetto:* AW: Signature verification failed con client Ksoap
Filippo,
that's very hard to answer.
First of all, who produced the signature of the kSoap request?
Looking at the requests I can see that the digest values of the
Reference is the same in both cases. Also the Signature value
is the same in both cases.
This is a good sign...however, after the signature was produced ..
did some module modify the SOAP request, in particular between
the SignedInfo tags? With modifcation I also mean every type of
"pretty-printing" the XML after signing but before it was put on the wire.
When I look at the requests they have a different "layout", indents,
and so on. I once had a similar problem.
When computing the Signature value the xmlsec library takes
information that is between the SignedInfo tags, hashes and signs it.
Thus, if data is changed afterwards the signature check fails.
Be aware the blanks, newlines, tabs, that are inserted after
signing create additional XML DOM nodes during parsing
at the server side. These new nodes that hold the additional blanks,
newlines etc. now also go into the computation of hash values.
Thus - the receiver computes a hash that is not the same
that was computed by the sender.
Regards,
Werner
-----Ursprüngliche Nachricht----- *Von:* filippo [mailto:[EMAIL PROTECTED] *Gesendet:* Donnerstag, 24. März 2005 11:07 *An:* [email protected] *Cc:* Gianluigi Brasili; Arnaldo Campanella; Adriana Pietramala *Betreff:* Signature verification failed con client Ksoap *Wichtigkeit:* Hoch
....
<some content removed/>
....
Ing. Filippo Aiello
---------------------------------------------
E-Guide S.R.L.
Via Pietro Bucci, Capannone C
Arcavacata di Rende (Cs)
Tel.: 0984/493180
Mob: +39.348.5240323
Fax: 0984/493057
E-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
---------------------------
