hi werner, sorry, the log and the soap message in my previous mail did not correspond. here is the correct log:
- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin] - enter processSecurityHeader() - Processing WS-Security header for '' actor. - Unknown Element: BinarySecurityToken http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd - Found signature element - Verify XML Signature - setElement("ds:Signature", "null") - setElement("ds:SignedInfo", "null") - setElement("ds:SignatureMethod", "null") - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 - Created SignatureDSA using SHA1withRSA - setElement("ds:KeyInfo", "null") - Token reference uri: #XWSSGID-1126712329621513364021 - verify 2 References - I am not requested to follow nested Manifests - setElement("ds:Reference", "null") - Request for URI http://www.w3.org/2000/09/xmldsig#sha1 - I was asked to create a ResourceResolver and got 1 - extra resolvers to my existing 4 system-wide resolvers - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver - enter engineResolve, look for: #XWSSGID-1126712330472-1335315878 - Tag: wsu:Timestamp, 'null' - Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878' - Attr: xmlns, '' - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' - Tag: #text, ' ' - Tag: wsu:Created, 'null' - Attr: xmlns, '' - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' - Tag: #text, '2005-09-14T15:38:50Z' - Tag: #text, ' ' - Tag: wsu:Expires, 'null' - Attr: xmlns, '' - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' - Attr: xmlns:wsse, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' - Tag: #text, '2005-09-14T15:43:50Z' - Tag: #text, ' ' - engineResolve= 24 - exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null - Verification failed for URI "#XWSSGID-1126712330472-1335315878" - The Reference has Type - setElement("ds:Reference", "null") - Request for URI http://www.w3.org/2000/09/xmldsig#sha1 - I was asked to create a ResourceResolver and got 1 - extra resolvers to my existing 4 system-wide resolvers - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver - enter engineResolve, look for: #XWSSGID-1126712330478-1126252258 - Tag: SOAP-ENV:Body, 'null' - Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258' - Attr: xmlns, '' - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' - Tag: #text, ' ' - Tag: tru:StockSymbol, 'null' - Attr: xmlns, '' - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' - Attr: xmlns:tru, 'http://fabrikam123.com/payloads' - Attr: xmlns:wsu, 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' - Tag: #text, 'QQQ' - Tag: #text, ' ' - engineResolve= 6 - exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null - Verification failed for URI "#XWSSGID-1126712330478-1126252258" - The Reference has Type org.apache.ws.security.WSSecurityException: The signature verification failed at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198) thanks, yves >-- Originalnachricht -- >Date: Thu, 15 Sep 2005 08:42:26 +0200 >From: Werner Dittmann <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >CC: [email protected] >Subject: Re: interop with sun jwsdp-1.6 > > >Yves, > >the attached SOAP request is not the same as that is shown below :-) >(Timestamps differ) > >Looking at the debug output and the attached SOAP I can see a >difference: >the debug output shows an additonal #text after the timestamps, >this additional text cannot be seen in the attached SOAP request. > >How did you get the SOAP request? Can you try to get it via tcpmon >somehow so that we can see what goes over the wire? It looks like >the good old "pretty printing" problem where the requests are >modified after adding the Signature. > >Regards, >Werner > > >[EMAIL PROTECTED] wrote: >> hello, >> has anybody tried interop with sun jwsdp-1.6? >> i cannot use wss4j to verify a message signed with jwsdp...? is this a >known >> issue? >> >> the problem is, that the digests when resolving the references are not >equal: >> >> - Token reference uri: #XWSSGID-1126515797640161369913 >> - verify 2 References >> - I am not requested to follow nested Manifests >> - setElement("ds:Reference", "null") >> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1 >> - I was asked to create a ResourceResolver and got 1 >> - extra resolvers to my existing 4 system-wide resolvers >> - check resolvability by class >> org.apache.ws.security.message.EnvelopeIdResolver >> - enter engineResolve, look for: #XWSSGID-11265158021251414682510 >> - Tag: wsu:Timestamp, 'null' >> - Attr: wsu:Id, 'XWSSGID-11265158021251414682510' >> - Attr: xmlns, '' >> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/' >> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/' >> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types' >> - Attr: xmlns:wsse, >> 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >> - Attr: xmlns:wsu, >> 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema' >> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance' >> - Tag: #text, ' >> ' >> - Tag: wsu:Created, 'null' >> - Attr: xmlns, '' >> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/' >> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/' >> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types' >> - Attr: xmlns:wsse, >> 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >> - Attr: xmlns:wsu, >> 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema' >> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance' >> - Tag: #text, '2005-09-12T09:03:21Z' >> - Tag: #text, ' >> ' >> - Tag: wsu:Expires, 'null' >> - Attr: xmlns, '' >> - Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/' >> - Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/' >> - Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types' >> - Attr: xmlns:wsse, >> 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >> - Attr: xmlns:wsu, >> 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >> - Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema' >> - Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance' >> - Tag: #text, '2005-09-12T09:08:21Z' >> - Tag: #text, ' >> ' >> - engineResolve= 33 >> - exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null >> - Verification failed for URI "#XWSSGID-11265158021251414682510" >> >> any hints? >> gruss, yves >> >> ps: attached is the soap message >> >> >> sunrise ADSL: gratis und so sicher wie noch nie >> http://www.sunrise.ch/home/proint/proint_ads-2.htm >> >> >> >> >> >> ------------------------------------------------------------------------ >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > sunrise ADSL: gratis und so sicher wie noch nie http://www.sunrise.ch/home/proint/proint_ads-2.htm --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
