I am currently performing interop testing against WSS4J with our own
WS-Security implementation. I have come up against a couple of issues
(with the configuration for axis - something for another email) but now
have scenarios 1-6 working fine. Scenario 7 uses the STR-Transform. I
cannot get this to work and have traced the WSS4J STRTransform class to
work out why.
The algorithm described in section 8.3 of the WS-Security specification
for STR-Transform is a little unclear about how the C14N algorithm is to
be applied. It implies that it possibly should be applied to the input
node *before* the rest of the algorithm is applied. WSS4J appears to use
this interpretation. The STRTransform class first runs the input through
the Canonicalizer and then follows the STRTransform processing rules
which end with the result again being run through the Canonicalizer.
However, I do not believe that was the intention of the algorithm. It
should only Canonicalize the output node.
There is an errata for this very issue which clarifies this point. It
states that
------
Lines 1034-1036 of WSS 1.0 state:
"The transform takes a single mandatory parameter, a
<ds:CanonicalizationMethod> element, which is used to serialize the input
node set."
should be
"The transform takes a single mandatory parameter, a
<ds:CanonicalizationMethod> element, which is used to serialize the output
node set."
Line 1056 of WSS 1.0 states:
"process the dereferenced node set Ri' instead."
should be
"process the dereferenced node set Di' instead."
-------
I believe the WSS4J STRTransform is incorrectly C14Ning the input node
when it should only C14N the output node. This is causing my interop
test to fail.
Pete
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
