AW: Importing Signature element - namespace problems

Thu, 25 Mar 2004 23:51:49 -0800 

Stephen,

two answers here: 

1st: pls have a look at the Apache WSS4J
project (subproject of ws-fx). Here we implemented
Web Service Security (SOAP with XMLSig and XMLEncrypt).

2nd: before you send the signed request you may feed it
to a canonicalization function (c14n function) that removes
the redundant namespaces. Pls have a look at XMLUtil.outputDOM()
mehtod (part of xmlsec) that takes a DOM tree as input and
write the serialized data in a bytearray output stream. In
addition this method also calls a c14n functions to "clean up"
the XML data. An example is in WSDoAllSender of WSS4J.

Regards,
Werner


> -----Ursprüngliche Nachricht-----
> Von: Stephen Chell (DSL AK) [mailto:[EMAIL PROTECTED] 
> Gesendet: Freitag, 26. März 2004 05:32
> An: '[EMAIL PROTECTED]'
> Betreff: Importing Signature element - namespace problems
> 
> 
> Hi all,
> 
> I'm having problems importing an XML Signature element into a 
> SOAP envelope.
> I can create the signature without problem, but when I import 
> the signature
> element into the SOAP header, all of the elements in the entire SOAP
> envelope have a default namespace declaration of xmlns="" 
> added to them.
> Also, all sub-elements of the <ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> element have 
> the following
> redundant namespace declaration added to them:
> 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> 
> Any idea how to prevent these changes from happening?   
> (Note: the problem
> also happens if I attempt to create the signature directly in the soap
> header.)
> 
> Here are some code fragments I'm using to generate the 
> signature and import
> it into the soap header:
> 
> 
>     DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
>     DocumentBuilder docBuilder = dbf.newDocumentBuilder();
>     Document doc = docBuilder.newDocument();
> 
>     
> org.apache.xml.security.utils.Constants.setSignatureSpecNSpref
> ix("ds");
> 
>     String baseURI = null;
>     XMLSignature signature = new XMLSignature(doc, baseURI, 
>         XMLSignature.ALGO_ID_SIGNATURE_DSA);
>             
>     signature.addResourceResolver(
>         new 
> InputStreamReferenceResolver(getInputStream(),getContentType())
>         );
>             
>     doc.appendChild(signature.getElement());
> 
>     signature.addDocument(null, null, 
>         org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1);
> 
>     signature.sign(privateKey);
> 
>     // Now import the signature into the SOAP header
>     SOAPMessage message = ...   
>     SOAPPart soapPart = message.getSOAPPart();
>     SOAPHeader soapHeader = message.getSOAPHeader();
> 
>     org.w3c.dom.Node signatureNode = 
>         soapPart.importNode(signature.getElement(),true);
>      soapHeader.appendChild(signatureNode);
>       
>       
> The resulting SOAP Envelope looks like this:
> 
> 
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns="">
>     <SOAP-ENV:Header xmlns="">
>         <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
> xmlns="">
>             <ds:SignedInfo xmlns=""
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>                 <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315   
> " xmlns=""
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>                 <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns=""
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>                 <ds:Reference xmlns=""
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>                     <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns=""
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>                     <ds:DigestValue xmlns=""
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>                         Vf8a/Rvic27UJqOhMqyIHYimSLw=
>                     </ds:DigestValue>
>                 </ds:Reference>
>             </ds:SignedInfo>
>             <ds:SignatureValue xmlns=""
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>                 
> bMabvDDzk0g2KmP3Yb+ybaL+GwBN4sDFT+yuUuapWoZfILgNkxh90g==
>             </ds:SignatureValue>
>         </ds:Signature>
>     </SOAP-ENV:Header>
>     <SOAP-ENV:Body xmlns="">
>     ...
>     </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
> 
> When what I really want is this:
> 
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
>     <SOAP-ENV:Header>
>         <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>             <ds:SignedInfo>
>                 <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315   "/>
>                 <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
>                 <ds:Reference>
>                     <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                     <ds:DigestValue>
>                         Vf8a/Rvic27UJqOhMqyIHYimSLw=
>                     </ds:DigestValue>
>                 </ds:Reference>
>             </ds:SignedInfo>
>             <ds:SignatureValue>
>                 
> bMabvDDzk0g2KmP3Yb+ybaL+GwBN4sDFT+yuUuapWoZfILgNkxh90g==
>             </ds:SignatureValue>
>         </ds:Signature>
>     </SOAP-ENV:Header>
>     <SOAP-ENV:Body>
>     ...
>     </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
> 
> Thanks in advance ...
> 
> Steve
>

Reply via email to