santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 43685] Problem verifying signatures generated by BEA Aqualogic
Date Thu, 22 May 2008 13:42:03 GMT

--- Comment #13 from René Nielsen <>  2008-05-22 06:42:02 PST ---
Enabling isWsiBSPCompliant the element 
xmlns:exc14n="" PrefixList="" /> 

gets inserted by WSS4J, however, enabling this feature makes it imposible to
include a reference to the BinarySecurityToken in order to get that signed too.
The BEA generated WSDL requires the BinarySecurityToken to be signed along with
timestamp and body. Furthermore, the SignatureValue on the BEA client cannot be
verified anymore as it could in isWsiBSPCompliant = false mode.

In order to add a reference for the BinarySecurityToken is must be present in
the security header, otherwise getPrefixList throws an NullPointerException,
but the conveniance method adds the references before
updating the security header leading to the NullPointerException.

Furthermore, the isWsiBSPCompliant=true mode forced the above
InclusiveNamespaces to both the SignedInfo canonilization method as well as to
the timestamp and body references. BEA only agrees with the two last ones.

So neither isWsiBSPCompliant mode disabled or enabled works together with a BEA
client. :(

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.
View raw message