axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "valerie bauche (JIRA)" <axis-...@ws.apache.org>
Subject [jira] Updated: (AXIS-1889) Problem with namespace handling in Axis 1.2 : break XML Signature
Date Wed, 30 Mar 2005 08:28:17 GMT
     [ http://issues.apache.org/jira/browse/AXIS-1889?page=history ]

valerie bauche updated AXIS-1889:
---------------------------------

    Attachment: test.zip

I added an attachment containing a test case to reproduce the error.
It includes :
a web service with its wsdd
a client
a keystore
some jar files for signature

To make it works just modify the keystore path in the client and in the ws and possibly the
ws url in the client.

The client send a request 
the ws create and sign its response
the client verify the signature of the response

Client and ws print resquest and response on the out stream

I noticed that the use of Axis 1.2 on the client side only is not a problem, the bug appear
only when we use Axis 1.2 on the server side.

> Problem with namespace handling in Axis 1.2 : break XML Signature
> -----------------------------------------------------------------
>
>          Key: AXIS-1889
>          URL: http://issues.apache.org/jira/browse/AXIS-1889
>      Project: Axis
>         Type: Bug
>  Environment: Windows 2000, Tomcat 5.0
>     Reporter: valerie bauche
>     Assignee: Davanum Srinivas
>  Attachments: test.zip
>
> I have a web service (Message style) working with Axis 1.1
> When upgrading to Axis 1.2, it doesn't work anymore because of a namespace management
that changes in Axis 1.2.
> Details of the problem :
> The web service is of type :
>    public Document execute(Document body)
> it returns a signed document
> The client have to verify the signature of the response.
> At the end of this mail, you can see the message sent by the server and the message received
by the client
> You can see that the message has been changed during transfer : all
> namespace definitions have moved to the root element.
> The document is still syntactically correct, but the signature is broken...
> It's a serious problem if Axis 1.2 is no more compatible with xml
> signature.
> Message sent by the server :
> <name1:roottag xmlns:name1="http://name1.com">
> <name2:child1 xmlns:name2="http://name2.com">
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>   <ds:SignedInfo>
>     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>     <ds:Reference URI="">
>       <ds:Transforms>
>         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>       </ds:Transforms>
>       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>       <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
>     </ds:Reference>
>   </ds:SignedInfo>
>   <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
>     qjVJp7Iic3opzb8VQKpLvle1ZME=
>   </ds:SignatureValue>
> </ds:Signature></name1:roottag>
> Message received by the client :
> <name1:roottag xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:name1="http://name1.com"
xmlns:name2="http://name2.com">
> <name2:child1>
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature>
>   <ds:SignedInfo>
>     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>     <ds:Reference URI="">
>       <ds:Transforms>
>         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>       </ds:Transforms>
>       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>       <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
>     </ds:Reference>
>   </ds:SignedInfo>
>   <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
>     qjVJp7Iic3opzb8VQKpLvle1ZME=
>   </ds:SignatureValue>
> </ds:Signature></name1:roottag>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


Mime
View raw message