Thanks for the code, Jaime. I think that I have identified the root cause of the issue: https://issues.apache.org/jira/browse/AXIOM-408
Andreas On Fri, Jan 6, 2012 at 00:43, Jaime Hablutzel Egoavil <[email protected]> wrote: > OK, the client code that generates two different signatures but transports > the equivalent thing over the network is: > > DOOM enabled > > public class BinaryClient { > > public static void main(String[] args) throws Exception { > > ConfigurationContext ctx = > ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository", > "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml"); > RPCServiceClient client = new RPCServiceClient(ctx, null); > Options opts = new Options(); > opts.setAction("ns:echo"); > EndpointReference to = new EndpointReference(); > to.setAddress("http://localhost:8080/anywhere";); > opts.setTo(to); > > opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM, > org.apache.axis2.Constants.VALUE_TRUE); > //Set the rampart parameters > opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, > getOutflowConfiguration()); > opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY, > getInflowConfiguration()); > opts.setProperty(WSSHandlerConstants.USE_DOOM, > org.apache.axis2.Constants.VALUE_TRUE); > client.setOptions(opts); > > //Engage rampart > client.engageModule("rampart"); > > DataHandler dh = new DataHandler(new > FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml")); > > client.invokeRobust(new QName("http://client.mtom.sample";, "echo"), > new Object[]{dh}); > } > > public static Parameter getOutflowConfiguration() { > OutflowConfiguration ofc = new OutflowConfiguration(); > ofc.setActionItems("Signature"); > ofc.setUser("client"); > ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler"); > ofc.setSignaturePropFile("client.properties"); > > ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE); > ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL); > ofc.setEncryptionUser("service"); > return ofc.getProperty(); > } > > public static Parameter getInflowConfiguration() { > InflowConfiguration ifc = new InflowConfiguration(); > ifc.setActionItems("Signature"); > ifc.setSignaturePropFile("client.properties"); > return ifc.getProperty(); > } > > } > > > > Without DOOM > > public class BinaryClient { > > public static void main(String[] args) throws Exception { > > ConfigurationContext ctx = > ConfigurationContextFactory.createConfigurationContextFromFileSystem("D:\\software\\axis2-1.6.1\\repository", > "D:\\software\\axis2-1.6.1\\samples\\mtom\\src\\client.axis2-2.xml"); > RPCServiceClient client = new RPCServiceClient(ctx, null); > Options opts = new Options(); > opts.setAction("ns:echo"); > EndpointReference to = new EndpointReference(); > to.setAddress("http://localhost:8080/anywhere";); > opts.setTo(to); > > opts.setProperty(org.apache.axis2.Constants.Configuration.ENABLE_MTOM, > org.apache.axis2.Constants.VALUE_TRUE); > //Set the rampart parameters > opts.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, > getOutflowConfiguration()); > opts.setProperty(WSSHandlerConstants.INFLOW_SECURITY, > getInflowConfiguration()); > // opts.setProperty(WSSHandlerConstants.USE_DOOM, > org.apache.axis2.Constants.VALUE_TRUE); > client.setOptions(opts); > > //Engage rampart > client.engageModule("rampart"); > > DataHandler dh = new DataHandler(new > FileDataSource("D:\\software\\axis2-1.6.1\\samples\\mtom\\build.xml")); > > client.invokeRobust(new QName("http://client.mtom.sample";, "echo"), > new Object[]{dh}); > } > > public static Parameter getOutflowConfiguration() { > OutflowConfiguration ofc = new OutflowConfiguration(); > ofc.setActionItems("Signature"); > ofc.setUser("client"); > ofc.setPasswordCallbackClass("sample.mtom.client.PWCBHandler"); > ofc.setSignaturePropFile("client.properties"); > > ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE); > ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL); > ofc.setEncryptionUser("service"); > return ofc.getProperty(); > } > > public static Parameter getInflowConfiguration() { > InflowConfiguration ifc = new InflowConfiguration(); > ifc.setActionItems("Signature"); > ifc.setSignaturePropFile("client.properties"); > return ifc.getProperty(); > } > > } > > > And given that the server after canonicalization will only expect one type > of signature it fails. > > > > > On Thu, Dec 29, 2011 at 1:26 PM, Andreas Veithen <[email protected]> > wrote: >> >> Can you sent use the code that produces the message causing the >> problems, including everything you do to configure Rampart? That >> should allow us to reproduce the problem. >> >> Andreas >> >> On Thu, Dec 29, 2011 at 17:16, Jaime Hablutzel Egoavil >> <[email protected]> wrote: >> > Axis 1.6.1, rampart 1.6.1, axiom 1.2.12 >> > By the way I discovered that this problem only arises when using >> > >> > client.invokeRobust(new QName("http://client.mtom.sample";, "echo"), new >> > Object[]{dh}); >> > >> > And not with >> > >> > client.sendReceive(elem) >> > >> > And I'm looking that the first one creates >> > >> > <soapenv:Body >> > >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample";><arg0 >> > xmlns=""><xop:Include xmlns:xop="http://www.w3.org/2004/08/xop/include"; >> > href="cid:[email protected]" >> > /></arg0></echo></soapenv:Body> >> > >> > And the second one: >> > >> > <soapenv:Body >> > >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> > wsu:Id="id-2"><ns1:echo >> > xmlns:ns1="http://client.mtom.sample";><arg0><xop:Include >> > xmlns:xop="http://www.w3.org/2004/08/xop/include"; >> > href="cid:[email protected]" >> > /></arg0></ns1:echo></soapenv:Body> >> > >> > >> > Anyway using the second it is working but with the first the stripped >> > xmlns="" makes the signature value different so the server after >> > canonicalization produces a different value and validation fails >> > >> > On Thu, Dec 29, 2011 at 4:31 AM, Andreas Veithen >> > <[email protected]> >> > wrote: >> >> >> >> What are the Axis2, Rampart and Axiom versions that you are using? >> >> >> >> Andreas >> >> >> >> On Tue, Dec 27, 2011 at 23:18, Jaime Hablutzel Egoavil >> >> <[email protected]> wrote: >> >> > Hi I want to post an apparent bug when DOOM option is activated in >> >> > the >> >> > client, so the SOAP message include xop:Include even when using >> >> > WS-Signature >> >> > and doesn't send the message in base64, this way getting advantage of >> >> > MTOM. >> >> > >> >> > When using DOOM the canonicalized data to create the digest is: >> >> > >> >> > <soapenv:Body >> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >> >> > >> >> > >> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >> > wsu:Id="id-2"><echo >> >> > >> >> > >> >> > xmlns="http://client.mtom.sample";><arg0>b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body> >> >> > >> >> > But when DOOM is disabled the data is: >> >> > >> >> > <soapenv:Body >> >> > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; >> >> > >> >> > >> >> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >> > wsu:Id="id-2"><echo xmlns="http://client.mtom.sample";><arg0 >> >> > >> >> > >> >> > xmlns="">b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ucHJvdmlkZXI9b3JnLmFwYWNoZS53cy5zZWN1cml0eS5jb21wb25lbnRzLmNyeXB0by5NZXJsaW4Kb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmtleXN0b3JlLnR5cGU9amtzCm9yZy5hcGFjaGUud3Muc2VjdXJpdHkuY3J5cHRvLm1lcmxpbi5rZXlzdG9yZS5wYXNzd29yZD1hcGFjaGUKb3JnLmFwYWNoZS53cy5zZWN1cml0eS5jcnlwdG8ubWVybGluLmZpbGU9Y2xpZW50Lmprcw==</arg0></echo></soapenv:Body> >> >> > >> >> > Look at the difference in red color. This causes the digest value to >> >> > be >> >> > different so the server gets confused and is unable to validate the >> >> > signature when using DOOM in the client. A workaround seems to be to >> >> > use >> >> > only namespaced elements so the xmlns="" doesn't get generated never. >> >> > >> >> > I would like to know if someone has reached this problem when using >> >> > MTOM >> >> > + >> >> > WS-Signature in axis 2. >> >> > >> >> > Other thing, DOOM option is not really well documented anywhere in >> >> > axis2 >> >> > website and I just found that it was available to make real MTOM with >> >> > WS-Signature debugging the source code for three days u.u. >> >> > >> >> > Good bye >> >> > >> >> > >> >> > >> >> > -- >> >> > Jaime Hablutzel - 9-9956-3299 >> >> > >> >> > (tildes omitidas intencionalmente) >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [email protected] >> >> For additional commands, e-mail: [email protected] >> >> >> > >> > >> > >> > -- >> > Jaime Hablutzel - 9-9956-3299 >> > >> > (tildes omitidas intencionalmente) >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > > > -- > Jaime Hablutzel - 9-9956-3299 > > (tildes omitidas intencionalmente) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
