santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43685] Problem verifying signatures generated by BEA Aqualogic
Date Thu, 22 May 2008 13:42:03 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=43685





--- Comment #13 from René Nielsen <rene@hjortskov.dk>  2008-05-22 06:42:02 PST ---
Enabling isWsiBSPCompliant the element 
"
<exc14n:InclusiveNamespaces
xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" /> 
"

gets inserted by WSS4J, however, enabling this feature makes it imposible to
include a reference to the BinarySecurityToken in order to get that signed too.
The BEA generated WSDL requires the BinarySecurityToken to be signed along with
timestamp and body. Furthermore, the SignatureValue on the BEA client cannot be
verified anymore as it could in isWsiBSPCompliant = false mode.

In order to add a reference for the BinarySecurityToken is must be present in
the security header, otherwise getPrefixList throws an NullPointerException,
but the conveniance method WSSecSignaure.build adds the references before
updating the security header leading to the NullPointerException.

Furthermore, the isWsiBSPCompliant=true mode forced the above
InclusiveNamespaces to both the SignedInfo canonilization method as well as to
the timestamp and body references. BEA only agrees with the two last ones.

So neither isWsiBSPCompliant mode disabled or enabled works together with a BEA
client. :(


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Mime
View raw message