santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43685] Problem verifying signatures generated by BEA Aqualogic
Date Thu, 10 Jul 2008 14:44:18 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=43685


René Nielsen <rene@hjortskov.dk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |RESOLVED
         Resolution|                            |WORKSFORME




--- Comment #18 from René Nielsen <rene@hjortskov.dk>  2008-07-10 07:44:17 PST ---
I'm happy to tell you that I have found the solution.

I have been using javax.xml.transform objects to convert my signed Document in
order to forward the content onto my servlet OutputStream. Result was invalid
Timestamp and body references due to differences in the digests.

A few days ago I read http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ, which
suggested that some formatting/alteration of the signed document was happening.

Thus I felt compelled to try different ways of streaming the document to the
OutputStream.

// Usecase XMLSerializer 
      // Fixed Timestamp reference issue, however, body reference is invalid
      org.apache.xml.serialize.OutputFormat format = new
org.apache.xml.serialize.OutputFormat(signedDoc);
      org.apache.xml.serialize.XMLSerializer serializer = new
org.apache.xml.serialize.XMLSerializer(out, format);
      serializer.serialize(doc.getDocumentElement());

The output still looks logical fine, but some formatting problem still exists
for the body element. Since I was signing and then streamed onto the network
without any intermediary steps I started to think up more ways to perform the
streaming step.

// Usecase DOM2Writer
      // Yields IOException on the client side. The message is received and
logged, but fails  due to "Unterminated value" which triggers the handlerFault
with bea exception trace for Unterminated value
      org.apache.ws.security.util.DOM2Writer domout = new
org.apache.ws.security.util.DOM2Writer();
      domout.serializeAsXML(doc, (Writer)new OutputStreamWriter(out),false);

// Usecase DOM2Writer with windows linefeed
      // Yields IOException on the client side. 
// Due to Unterminated value on client side see, DOM2Writer usecase... send
line termination      
org.apache.ws.security.util.DOM2Writer domout = new
org.apache.ws.security.util.DOM2Writer();
      domout.serializeAsXML(doc, (Writer)new OutputStreamWriter(out),false);    
// Due to Unterminated value on client side see, DOM2Writer... send line
termination
      out.write("\n\r".getBytes());
// YES, this worked fine! 

// Usecase Canonicalizer ( Perserves signed content(Idempotent), but let me use
the writeTo )
Canonicalizer c14n =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); 
byte[] canonicalMessage = c14n.canonicalizeSubtree(signedDoc);
ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage); 
MessageFactory factory = MessageFactory.newInstance(); 
((SOAPMessage)factory.createMessage(null, in)).writeTo(out); 
// YES, this worked fine! 

I don't think this is a bug anymore.

Thanks, for your time.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Mime
View raw message