SignedInfo's verify method

Mon, 14 Dec 2009 10:26:57 -0800 

Hi, 

I am using SignedInfo to calculate verify the digest information present in
my security header. 

I am testing my webservice from two different libraries, axis1 and axis2. 
When I make my call using Axis1, the digest is matched, but from Axis2 the
digest does not match

Axis1 call: 

<soapenv:Envelope ...>
<SOAP-ENV:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="body">
      <ns3:GetAccountsRequest
xmlns:ns3="http://fps.amazonaws.com/internal/doc/2007-01-08/";
xmlns:ns4="http://fps.amazonaws.com/private/doc/2007-01-08/";
xmlns:ns5="http://fps.amazonaws.com/doc/2007-01-08/"; xmlns="">
         <AccountOwnerId>A1XU0EHU5JSBD7</AccountOwnerId>
         <AccountType>NonBasicInternal</AccountType>
         <AccountState>NotClosed</AccountState>
      </ns3:GetAccountsRequest>
   </SOAP-ENV:Body>
</soapenv:Envelope>

Axis2 call: 

<soapenv:Envelope ...>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="body">
         <ns3:GetAccountsRequest
xmlns:ns3="http://fps.amazonaws.com/internal/doc/2007-01-08/";
xmlns:ns4="http://fps.amazonaws.com/private/doc/2007-01-08/";
xmlns:ns5="http://fps.amazonaws.com/doc/2007-01-08/";>
            <AccountOwnerId>A1XU0EHU5JSBD7</AccountOwnerId>
            <AccountType>NonBasicInternal</AccountType>
            <AccountState>NotClosed</AccountState>
         </ns3:GetAccountsRequest>
      </soapenv:Body>
</soapenv:Envelope>

The difference btw these two SOAP Body for which a digest is calculates is
only soaenv and SOAP-ENV.. 

1. Does it make difference to SignedInfo's verify API:
(http://santuario.apache.org/Java/api/org/apache/xml/security/signature/SignedInfo.html#verify())
that the xml contains soapenv or SOAP-ENV. I think that this method figures
out the namespace and uncanonicalize the stuff by appending the actual URL
of the namespace  rather than the short form (SOAP-ENV or soapenv, it can be
anything I presume)

2. If the namespace value (like soapenv or SOAP-ENV) does play a role in the
verify API, can I make Axis2 to use SOAP-ENV rather than to use SOAPENV?

Thanks
mustvicky
-- 
View this message in context: 
http://old.nabble.com/SignedInfo%27s-verify-method-tp26779945p26779945.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.

Reply via email to