It is happening because wss4j is adding namespaces to circumvent Xalan's bug #2650. Here is the workaround. As part of serializing the signed doc, Call XMLUtils.outputDOM(signedDoc, os, true). The signed doc is subjected to normal canonicalization and gets you the original doc with signature in byteArrayOutputStream.
All this should be implicitly done as part of canonicalization in xmlsec library. I am not sure why it is not done. Some one needs to look into this. Rgds, P. -----Original Message----- From: Jos Dirksen [mailto:[EMAIL PROTECTED] Sent: Monday, August 29, 2005 6:33 AM To: [email protected] Subject: Excessive useof namespaces We're currently looking into using WSS4J to sign the messages sent between several of our systems. Using the examples and tests all went surprisingly well, and the actual process of sighing and validating the messages works OK. We use WSS4J without axis, and just use the API directly. When looking at the output of the signing step I noticed a lot of namespaces that weren't really necessarily. For example from the test cases provided with WSS4J: Input message: <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <SOAP-ENV:Body> <add xmlns="http://ws.apache.org/counter/counter_port_type";> <value xmlns=""> 15 </value> </add> </SOAP-ENV:Body> This results in the message shown next. What can be seen here is that the namespace declarations are repeated on each and every element. Although there is technically nothing wrong with this, it seems a bit excessive. Is there a way to tune / alter this? Or am I just missing something in the configuration? <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <SOAP-ENV:Header xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:Signature xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:SignedInfo xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> <ds:Reference URI="#id-15142448" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:Transforms xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> <ds:DigestValue xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> OdONdZz0THG5WAVoj+JKT7Dm2mE= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog== </ds:SignatureValue> <ds:KeyInfo Id="KeyId-7461949" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <wsse:SecurityTokenReference wsu:Id="STRId-1321194" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:X509IssuerSerial xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:X509IssuerName xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> CN=key1 </ds:X509IssuerName> <ds:X509SerialNumber xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse curity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> 1124976807 </ds:X509SerialNumber> </ds:X509IssuerSerial> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="id-15142448" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <add xmlns="http://ws.apache.org/counter/counter_port_type"; xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <value xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> 15 </value> </add> </SOAP-ENV:Body> </SOAP-ENV:Envelope> With kind regards, Jos Dirksen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
