Digital signature of SOAP bodies fails when using Axis 1.3
----------------------------------------------------------
Key: WSS-39
URL: http://issues.apache.org/jira/browse/WSS-39
Project: WSS4J
Type: Bug
Environment: WSS4J 1.0.0, Axis 1.3, Sun JDK1.4.2
Reporter: Guy Rixon
Assigned to: Davanum Srinivas
Priority: Critical
Digital signature of SOAP bodies fails when using Axis 1.3 but works when using
Axis 1.2.1: the message is signed without reported errors but the signature
verification fails.
Inspection of the logs from the various libraries, notably XMLSec, shows that
the digest of the reference to the SOAP body is verified but the actual
signature on the SignedInfo fails verification.
Experiments with the client-side code show that the envelope, in the form of an
org.w3c.dom.Document, has a correct, verifiable signature on return from
WSSignEnvelope.build, but an incorrect signature after it has been serialized
into the MessageContext and recovered as a Document within the same Handler.
I.e., this problem is not due to the client's pivot handler or to handlers in
the service.
The bytes of the signature encoded in the message seem not to be changed
between successful and unsucecssful verifications. Therefore, presumably,
something in Axis is disturbing the XML in the SignedInfo such that the
canonicalization fails. In my test code and handler I set the properties
enableNamespacePrefixOptimization to false and disablePrettyXML to true, but it
makes no difference.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
