Yves, according to the trace and the SOAP request all looks ok. But somehow the Body was modified after the Signature was added. This very often is due to "pretty printing" the XML SOAP request after it got signed. "Prettey Printing": adding some newline and/or blanks/tabs to make the XML data mor readable. Do you know if that happens somehow on the JWSDP side?
Regards, Werner [EMAIL PROTECTED] wrote: > hi werner, > sorry, the log and the soap message in my previous mail did not correspond. > here is the correct log: > > - Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin] > - enter processSecurityHeader() > - Processing WS-Security header for '' actor. > - Unknown Element: BinarySecurityToken > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > - Found signature element > - Verify XML Signature > - setElement("ds:Signature", "null") > - setElement("ds:SignedInfo", "null") > - setElement("ds:SignatureMethod", "null") > - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class > org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" > - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 > - Created SignatureDSA using SHA1withRSA > - setElement("ds:KeyInfo", "null") > - Token reference uri: #XWSSGID-1126712329621513364021 > - verify 2 References > - I am not requested to follow nested Manifests > - setElement("ds:Reference", "null") > - Request for URI http://www.w3.org/2000/09/xmldsig#sha1 > - I was asked to create a ResourceResolver and got 1 > - extra resolvers to my existing 4 system-wide resolvers > - check resolvability by class > org.apache.ws.security.message.EnvelopeIdResolver > - enter engineResolve, look for: #XWSSGID-1126712330472-1335315878 > - Tag: wsu:Timestamp, 'null' > - Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878' > - Attr: xmlns, '' > - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' > - Attr: xmlns:wsse, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > - Attr: xmlns:wsu, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' > - Tag: #text, ' > ' > - Tag: wsu:Created, 'null' > - Attr: xmlns, '' > - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' > - Attr: xmlns:wsse, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > - Attr: xmlns:wsu, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' > - Tag: #text, '2005-09-14T15:38:50Z' > - Tag: #text, ' > ' > - Tag: wsu:Expires, 'null' > - Attr: xmlns, '' > - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' > - Attr: xmlns:wsse, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' > - Attr: xmlns:wsu, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' > - Tag: #text, '2005-09-14T15:43:50Z' > - Tag: #text, ' > ' > - engineResolve= 24 > - exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null > - Verification failed for URI "#XWSSGID-1126712330472-1335315878" > - The Reference has Type > - setElement("ds:Reference", "null") > - Request for URI http://www.w3.org/2000/09/xmldsig#sha1 > - I was asked to create a ResourceResolver and got 1 > - extra resolvers to my existing 4 system-wide resolvers > - check resolvability by class > org.apache.ws.security.message.EnvelopeIdResolver > - enter engineResolve, look for: #XWSSGID-1126712330478-1126252258 > - Tag: SOAP-ENV:Body, 'null' > - Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258' > - Attr: xmlns, '' > - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' > - Attr: xmlns:wsu, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' > - Tag: #text, ' > ' > - Tag: tru:StockSymbol, 'null' > - Attr: xmlns, '' > - Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' > - Attr: xmlns:tru, 'http://fabrikam123.com/payloads' > - Attr: xmlns:wsu, > 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' > - Tag: #text, 'QQQ' > - Tag: #text, ' > ' > - engineResolve= 6 > - exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null > - Verification failed for URI "#XWSSGID-1126712330478-1126252258" > - The Reference has Type > org.apache.ws.security.WSSecurityException: The signature verification failed > at > org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198) > > thanks, yves > > >>-- Originalnachricht -- >>Date: Thu, 15 Sep 2005 08:42:26 +0200 >>From: Werner Dittmann <[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED] >>CC: [email protected] >>Subject: Re: interop with sun jwsdp-1.6 >> >> >>Yves, >> >>the attached SOAP request is not the same as that is shown below :-) >>(Timestamps differ) >> >>Looking at the debug output and the attached SOAP I can see a >>difference: >>the debug output shows an additonal #text after the timestamps, >>this additional text cannot be seen in the attached SOAP request. >> >>How did you get the SOAP request? Can you try to get it via tcpmon >>somehow so that we can see what goes over the wire? It looks like >>the good old "pretty printing" problem where the requests are >>modified after adding the Signature. >> >>Regards, >>Werner >> >> >>[EMAIL PROTECTED] wrote: >> >>>hello, >>>has anybody tried interop with sun jwsdp-1.6? >>>i cannot use wss4j to verify a message signed with jwsdp...? is this a >> >>known >> >>>issue? >>> >>>the problem is, that the digests when resolving the references are not >> >>equal: >> >>>- Token reference uri: #XWSSGID-1126515797640161369913 >>>- verify 2 References >>>- I am not requested to follow nested Manifests >>>- setElement("ds:Reference", "null") >>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1 >>>- I was asked to create a ResourceResolver and got 1 >>>- extra resolvers to my existing 4 system-wide resolvers >>>- check resolvability by class >>>org.apache.ws.security.message.EnvelopeIdResolver >>>- enter engineResolve, look for: #XWSSGID-11265158021251414682510 >>>- Tag: wsu:Timestamp, 'null' >>>- Attr: wsu:Id, 'XWSSGID-11265158021251414682510' >>>- Attr: xmlns, '' >>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/' >>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types' >>>- Attr: xmlns:wsse, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema' >>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance' >>>- Tag: #text, ' >>> ' >>>- Tag: wsu:Created, 'null' >>>- Attr: xmlns, '' >>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/' >>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types' >>>- Attr: xmlns:wsse, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema' >>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance' >>>- Tag: #text, '2005-09-12T09:03:21Z' >>>- Tag: #text, ' >>> ' >>>- Tag: wsu:Expires, 'null' >>>- Attr: xmlns, '' >>>- Attr: xmlns:enc, 'http://schemas.xmlsoap.org/soap/encoding/' >>>- Attr: xmlns:env, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:ns0, 'http://ztable.ejpd.ch/types' >>>- Attr: xmlns:wsse, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Attr: xmlns:xsd, 'http://www.w3.org/2001/XMLSchema' >>>- Attr: xmlns:xsi, 'http://www.w3.org/2001/XMLSchema-instance' >>>- Tag: #text, '2005-09-12T09:08:21Z' >>>- Tag: #text, ' >>> ' >>>- engineResolve= 33 >>>- exit engineResolve, result: XMLSignatureInput/NodeSet/33 nodes/null >>>- Verification failed for URI "#XWSSGID-11265158021251414682510" >>> >>>any hints? >>>gruss, yves >>> >>>ps: attached is the soap message >>> >>> >>>sunrise ADSL: gratis und so sicher wie noch nie >>>http://www.sunrise.ch/home/proint/proint_ads-2.htm >>> >>> >>> >>> >>> >>>------------------------------------------------------------------------ >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> > > > > sunrise ADSL: gratis und so sicher wie noch nie > http://www.sunrise.ch/home/proint/proint_ads-2.htm > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
