RE: AW: setting the canonicalization algorithm using axis deploym ent script????

[Granqvist, Hans]

Title: Message

Also: Make sure that there is concordance on the use of inclusive-namespaces in the exc-c14n. This seems to break a lot of interop attempts -----Original Message----- From: Dittmann Werner [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 05, 2005 11:12 PM To: 'Hassan Faouaz'; fx-dev@ws.apache.org Subject: AW: AW: setting the canonicalization algorithm using axis deploym ent script???? Hassan,   as for interop tests I would agree to go this route (and if, as a side effect, we get a more flexible and configurable WSS4J - that's even better :-)   ).   What makes me wonder is that there are such problems with WAS because we had successful interop tests with WSS4J and other OASIS WSS implementations (pls refer to the WSS4J wiki).   May be we can help you if you can give use some more info about the generated requests? Can you trace the requests and just send it as attachment or so?   Regards, Werner -----Urspr�ngliche Nachricht----- Von: Hassan Faouaz [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. April 2005 17:55 An: Dittmann Werner; fx-dev@ws.apache.org Betreff: RE: *** Spam *** AW: setting the canonicalization algorithm using axis deployment script???? Werner,   I agree with you with respect of interoperability.  The reason why I am venturing this route, is because I am trying to get WSS4J exchange successfully a secured soap message with IBM WAS 6.0.  I was able to verify a signature from a return message from WAS 6.0, but I am not able to get WAS 6.0 to verify a signature coming from WSS4J.   I went the route of using WSDP 1.5 from SUN, and I was able to  exchange secure messages by changing the canonicalization algorithm  on webSphere.  So I thought to try to change the canonicalization algorithm on WSS4J to see if that makes a difference.   Anyway, I will keep the resort of changing wss4j code as my last resort, as much as I hate to maintain different set of code.   Thanks   Hassan Faouaz       -----Original Message----- From: Dittmann Werner [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 05, 2005 9:28 AM To: 'Hassan Faouaz'; fx-dev@ws.apache.org Subject: *** Spam *** AW: setting the canonicalization algorithm using axis deployment script????   Hassan,   some of the parameters used by WSS4J are hardcoded (usually as String in WSHandlerConstants). Most, if not all, of these "hardcoded" parameters are required to have a specific value to ensure interoperability. For example c14n:  AFAIK, it is required to be C14nExclusive, other values would not work for interoperability (probably there is also a technical reason to have C14nExclusive - need to look at the specs).   Also the specific transformation algo (described in the OASIS WSS specifications) is mandatory.   Thus, if you change c14n or transformation parameters you may do so by modifying the code as you proposed. For the standard and interoperable use of WSS4J I wouldn't recommend it.   Regards, Werner -----Urspr�ngliche Nachricht----- Von: Hassan Faouaz [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. April 2005 16:20 An: fx-dev@ws.apache.org Betreff: setting the canonicalization algorithm using axis deployment script???? I have realized that if you use AXIS deploy script, the canonicalization algorthim is hardcoded. There is no way to change it, after looking at the code.  I had to change the WSSignEnvelope class to look at the options in the deploy script. Is this implemented somewhere, that I am not aware of?   Code changes I made to allow setting canonicalization algorithm in WSDoAllSender.java, WSHandlerConstants.java.     <snip> reqData.canonicalizationAlgo = (String) getOption(WSHandlerConstants.CONANICALIZATION_ALGO);   if (reqData.canonicalizationAlgo != null){            wsSign.setSigCanonicalization(reqData.canonicalizationAlgo);         }   </snip>   is that true for transform algorithm as well???   Thanks in advance..   Hassan