Return-Path: Delivered-To: apmail-ws-axis-user-archive@www.apache.org Received: (qmail 93253 invoked from network); 13 Aug 2006 04:50:34 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 13 Aug 2006 04:50:34 -0000 Received: (qmail 43736 invoked by uid 500); 13 Aug 2006 04:50:25 -0000 Delivered-To: apmail-ws-axis-user-archive@ws.apache.org Received: (qmail 43718 invoked by uid 500); 13 Aug 2006 04:50:25 -0000 Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-user@ws.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-user@ws.apache.org Received: (qmail 43707 invoked by uid 99); 13 Aug 2006 04:50:25 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Aug 2006 21:50:25 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of akkachotu@gmail.com designates 66.249.92.171 as permitted sender) Received: from [66.249.92.171] (HELO ug-out-1314.google.com) (66.249.92.171) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Aug 2006 21:50:14 -0700 Received: by ug-out-1314.google.com with SMTP id q2so1127112uge for ; Sat, 12 Aug 2006 21:49:47 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UnKS0Y3fElW3ajSvyrJ4Tou4tyCQz2YYFZAXRq8N3VPb+a0cfCVaTzmWX3gROM2L1JqUk/62VdfEjALLmEhDYzBPyIZh+WhlSkCnj6a0Mz6D7IjsuhZHmiZfnuXOyzaDAZdJ79Na33oa6K9vZOSqv0MOFAFd+U4xj4HcwOUXQOw= Received: by 10.66.216.6 with SMTP id o6mr6227882ugg; Sat, 12 Aug 2006 21:49:47 -0700 (PDT) Received: by 10.66.232.17 with HTTP; Sat, 12 Aug 2006 21:49:47 -0700 (PDT) Message-ID: <74cc89dc0608122149h7f812b47udb30f1eef150105@mail.gmail.com> Date: Sat, 12 Aug 2006 21:49:47 -0700 From: akkachotu To: axis-user@ws.apache.org Subject: intermediary adding soap header element breaking signature verification MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Here is the soap message after it is signed using AXIS 1.4, WSS4J 1.5: 123MIIB5jCCAU8CBEQyyzkwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEFN EwE9/d/aFPCf7CpqoKdbHSrhNN0= lCIbgyn1nzA/7Y2tAVQ+WuVTX/WoOKE0Xv1dOTDBJ+BIY1w6ulg17apQ2taLmfDHGEFtLOCO TKdvhev5CMNCvmsbZQVv5Mli+ttFSpumNf8yOkf0BwDCcSyTVbuiotJJXOFVGRTXB5oxIv8q UqY5QO3lZkO790OmUyBlpgWaWAE= 4444 Say if I use AXIS + WSS4J on bother sender side and receiver side and say if an intermediary adds an element 0d88d3e0-0e2c-489d-a682-da14b8fec3d7 to the soap header and after adding this element the complete soap message looks like below: 0d88d3e0-0e2c-489d-a682-da14b8fec3d7 123MIIB5jCCAU8CBEQyyzkwDQYJKoZIhvcNAQEFBQAwOjELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEFN EwE9/d/aFPCf7CpqoKdbHSrhNN0= lCIbgyn1nzA/7Y2tAVQ+WuVTX/WoOKE0Xv1dOTDBJ+BIY1w6ulg17apQ2taLmfDHGEFtLOCO TKdvhev5CMNCvmsbZQVv5Mli+ttFSpumNf8yOkf0BwDCcSyTVbuiotJJXOFVGRTXB5oxIv8q UqY5QO3lZkO790OmUyBlpgWaWAE= 4444 After the intermediary adds its element hopefully without altering the signature and when I try to validate the signature on the provider end I get signature verification failed. Now my question is, is it expected behaviour that adding elements to the header by intermediaries (ofcourse without modifying the signature) will break the signature verification. Does canonicalization here will fail ? If I dont have this intermediary then signature verification is successfull. please suggest how to get around this problem. Thanks in advance for your time and reply. --------------------------------------------------------------------- To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org For additional commands, e-mail: axis-user-help@ws.apache.org