This works, sure. There is some discussion at xml-sec if the decision to declare some specific elements as "Signature" internal. I'll file a JIRA to xml-sec against the modification may cause failures on other xml-sec elements also not only for KeyInfo.
But as a security mesure we should use this patch for WSS4J. Regards, Werner Colm O hEigeartaigh (JIRA) schrieb:
[ https://issues.apache.org/jira/browse/WSS-145?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated WSS-145: ------------------------------------ Attachment: wss4j_wss145.patchWerner, please have a look at the attached patch for this issue and let me know if this is acceptable to you.I followed the discussion on security-dev on this issue...it seemed to me that there wasn't a consensus on whether the bug was in WSS4J or xml-sec. In any case, a simple fix in WSS4J solves the problem, which essentially amounts to doing this whenever a KeyInfo object is created: Element keyInfoElement = keyInfo.getElement(); keyInfoElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS); This way, the "ds" namespace gets set properly on the DOM element. There are no backwards compatibility issues, as I've tested the changes with both xmlsec 1.4.0 and 1.4.2, and the tests all pass.Problem in upgrading to xml-sec 1.4.2 ------------------------------------- Key: WSS-145 URL: https://issues.apache.org/jira/browse/WSS-145 Project: WSS4J Issue Type: Improvement Components: WSS4J Core Affects Versions: 1.5.4 Reporter: Colm O hEigeartaigh Assignee: Werner Dittmann Fix For: 1.5.5 Attachments: wss4j_wss145.patch WSS4J 1.5.4 has a dependency on xml-sec 1.4.0. xml-sec 1.4.1 has a major c14n fix, but we ran into a critical problem with encryption, see: http://issues.apache.org/jira/browse/WSS-128 Ideally we'd like to release WSS4J 1.5.5 with xml-sec 1.4.2. However, there's a problem with namespace prefixes when signing a request: http://www.nabble.com/Undeclared-namespace-prefix-"ds"-error-tt19668706.html#a19668706 It's still not clear at this stage whether it's a problem in WSS4J or xml-sec, or why this problem doesn't appear when xml-sec 1.4.0 or 1.4.1 is used.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
