Yves, until now we had no problems with c14n implementation. AFAIK we also had some interop test with JWSDP last year - pls have look at the wikki.
On the other hand: there are of course newline characters, e.g. just behind, as a string this would contain "...</wsu:Created>\n". These newlines also appear in the Body and they count for the Signature. C14n does _not_ remove these newlines or other significant whitespace. This is a common misunderstanding that c14n does this. Regards, Werner [EMAIL PROTECTED] wrote: > hi werner, > i don't think that the problem is due to 'pretty printing'. the timestamp > tag for example: > > <wsu:Timestamp > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="XWSSGID-1126712330472-1335315878"> > <wsu:Created>2005-09-14T15:38:50Z</wsu:Created> > <wsu:Expires>2005-09-14T15:43:50Z</wsu:Expires> > </wsu:Timestamp> > > there are no newlines, tabs or blanks in the attribute values or in the data. > moreover, signature verification is successful doing it with jwsdp. > perhaps it's a problem with the canonicalization method implementation? > > gruss, yves > > >>-- Originalnachricht -- >>Date: Thu, 15 Sep 2005 10:24:39 +0200 >>From: Werner Dittmann <[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED] >>CC: [email protected] >>Subject: Re: AW: Re: interop with sun jwsdp-1.6 >> >> >>Yves, >> >>according to the trace and the SOAP request all looks ok. But somehow >>the Body was modified after the Signature was added. This very often >>is due to "pretty printing" the XML SOAP request after it got signed. >>"Prettey Printing": adding some newline and/or blanks/tabs to make >>the XML data mor readable. Do you know if that happens somehow on >>the JWSDP side? >> >>Regards, >>Werner >> >> >>[EMAIL PROTECTED] wrote: >> >>>hi werner, >>>sorry, the log and the soap message in my previous mail did not correspond. >>>here is the correct log: >>> >>>- Using Crypto Engine [org.apache.ws.security.components.crypto.Merlin] >>>- enter processSecurityHeader() >>>- Processing WS-Security header for '' actor. >>>- Unknown Element: BinarySecurityToken >>>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >>>- Found signature element >>>- Verify XML Signature >>>- setElement("ds:Signature", "null") >>>- setElement("ds:SignedInfo", "null") >>>- setElement("ds:SignatureMethod", "null") >>>- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class "class >> >>org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1" >> >>>- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1 >>>- Created SignatureDSA using SHA1withRSA >>>- setElement("ds:KeyInfo", "null") >>>- Token reference uri: #XWSSGID-1126712329621513364021 >>>- verify 2 References >>>- I am not requested to follow nested Manifests >>>- setElement("ds:Reference", "null") >>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1 >>>- I was asked to create a ResourceResolver and got 1 >>>- extra resolvers to my existing 4 system-wide resolvers >>>- check resolvability by class >>>org.apache.ws.security.message.EnvelopeIdResolver >>>- enter engineResolve, look for: #XWSSGID-1126712330472-1335315878 >>>- Tag: wsu:Timestamp, 'null' >>>- Attr: wsu:Id, 'XWSSGID-1126712330472-1335315878' >>>- Attr: xmlns, '' >>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:wsse, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Tag: #text, ' >>>' >>>- Tag: wsu:Created, 'null' >>>- Attr: xmlns, '' >>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:wsse, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Tag: #text, '2005-09-14T15:38:50Z' >>>- Tag: #text, ' >>>' >>>- Tag: wsu:Expires, 'null' >>>- Attr: xmlns, '' >>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:wsse, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Tag: #text, '2005-09-14T15:43:50Z' >>>- Tag: #text, ' >>>' >>>- engineResolve= 24 >>>- exit engineResolve, result: XMLSignatureInput/NodeSet/21 nodes/null >>>- Verification failed for URI "#XWSSGID-1126712330472-1335315878" >>>- The Reference has Type >>>- setElement("ds:Reference", "null") >>>- Request for URI http://www.w3.org/2000/09/xmldsig#sha1 >>>- I was asked to create a ResourceResolver and got 1 >>>- extra resolvers to my existing 4 system-wide resolvers >>>- check resolvability by class >>>org.apache.ws.security.message.EnvelopeIdResolver >>>- enter engineResolve, look for: #XWSSGID-1126712330478-1126252258 >>>- Tag: SOAP-ENV:Body, 'null' >>>- Attr: wsu:Id, 'XWSSGID-1126712330478-1126252258' >>>- Attr: xmlns, '' >>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Tag: #text, ' >>>' >>>- Tag: tru:StockSymbol, 'null' >>>- Attr: xmlns, '' >>>- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/' >>>- Attr: xmlns:tru, 'http://fabrikam123.com/payloads' >>>- Attr: xmlns:wsu, >>>'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd' >>>- Tag: #text, 'QQQ' >>>- Tag: #text, ' >>>' >>>- engineResolve= 6 >>>- exit engineResolve, result: XMLSignatureInput/NodeSet/13 nodes/null >>>- Verification failed for URI "#XWSSGID-1126712330478-1126252258" >>>- The Reference has Type >>>org.apache.ws.security.WSSecurityException: The signature verification >> >>failed >> >>> at >>> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627) >>> at >>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320) >>> at >>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245) >>> at >>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198) >>> >>>thanks, yves >>> >>> >>> >>>>-- Originalnachricht -- >>>>Date: Thu, 15 Sep 2005 08:42:26 +0200 >>>>From: Werner Dittmann <[EMAIL PROTECTED]> >>>>To: [EMAIL PROTECTED] >>>>CC: [email protected] >>>>Subject: Re: interop with sun jwsdp-1.6 >>>> <SNIP> --------------------- <SNAP> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
