Return-Path: X-Original-To: apmail-santuario-dev-archive@www.apache.org Delivered-To: apmail-santuario-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 05C63D1FA for ; Thu, 18 Oct 2012 06:23:01 +0000 (UTC) Received: (qmail 49324 invoked by uid 500); 18 Oct 2012 06:23:00 -0000 Delivered-To: apmail-santuario-dev-archive@santuario.apache.org Received: (qmail 48832 invoked by uid 500); 18 Oct 2012 06:22:49 -0000 Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@santuario.apache.org Delivered-To: mailing list dev@santuario.apache.org Received: (qmail 48780 invoked by uid 99); 18 Oct 2012 06:22:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Oct 2012 06:22:46 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jesper.nygards@gmail.com designates 209.85.223.182 as permitted sender) Received: from [209.85.223.182] (HELO mail-ie0-f182.google.com) (209.85.223.182) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 18 Oct 2012 06:22:42 +0000 Received: by mail-ie0-f182.google.com with SMTP id k10so22253843iea.27 for ; Wed, 17 Oct 2012 23:22:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=yRiOHExnW7VgBn+OaPqcOVOymclkrJkglwx+u798ny8=; b=zxQOnrkDouHmA3CfKmuQLIPlyYSA2uVCN5b3LiIgfHNZ01NtMu5XIXczeL203YDX4z zICPhF0UQBQ0EtyUe3h6gDDkdpvDxMyq56gEAXrlJstO1+ZNhEVbx+dQ6FuHseNZto6K 4X+R4yDurk6odrwdTzrs/l4cZHrVFZiX3YjMTv+cWKGv94wp/Wm/6Njh2Nena+jR9Cbe P6TNZMnpyBf8EJ+3CLjjzN8t3XLf5BNURpQnvLspX/cb4DZPNpDb5CUb8voxpENDLYkP /asnnB/ziZpyL8mpNW3KjnlOPoH/g32SqDMvvjSwabSnLkjWrWMHYOCraEcPBkahmw4i MqWw== MIME-Version: 1.0 Received: by 10.50.187.134 with SMTP id fs6mr3783090igc.61.1350541342311; Wed, 17 Oct 2012 23:22:22 -0700 (PDT) Received: by 10.64.76.103 with HTTP; Wed, 17 Oct 2012 23:22:22 -0700 (PDT) Date: Thu, 18 Oct 2012 08:22:22 +0200 Message-ID: Subject: Problem with c14n From: =?ISO-8859-1?Q?Jesper_Nyg=E5rds?= To: dev@santuario.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org I am using CXF 1.6.3 and xmlsec 1.5.2. I posted the following question on the CXF user list and the answer indicated that this could have to do with Santuario. I am developing a web service client/server, using WS-Security and SSEK, which is a Swedish specification adding some security related information to the message. In our solution, three parts of our client request are supposed to be signed: the timestamp, our SSEK header, and the body. The organization we're communicating with was reporting that the digest of our SSEK header was not correct. This is what our request looked like (formatted for readability and somewhat edited): YgXlw+8H3q5O2dvinH7FSY= S+Xd8ANIW02EhOYJYWlKDrWQhgg= BvQw2HBJxbYLaaqI4NLQJxwQFJ8= Djj+z3X+hd3h5cZkePdkIZZg0Zs= Qp89XS2pWW8MGLv9w8ZXsXXGJAfkSd1J335qpnYOKdimwXv6dmFWm2UqukKfI/nff+JCuUPLHkraTXEhfNrDzjXoZ4YgOYF11zpsjIW3SLulQWjuzT4Z94FKsV7g6/L7V+K0JcqxU+NvQ9kJrQOG9W6SdlyPH4AIUaz484zifhk= 2012-10-16T13:15:32.916Z2012-10-16T16:15:32.916Z SENDERRECEIVER1 1 197011101234 After quite a few hours of debugging, I found out that after the requested Exclusive Canonicalization, CXF (and its underlying components) creates the following canonicalized SSEK header, that it then makes a digest of: SENDERRECEIVER1 Notice how the ns namespace declaration has been added (which is correct, since it is on the list of InclusiveNamespaces), as well as the soapenv namespace declaration (which is also correct, since an attribute uses it), but the ssek namespace declaration has disappeared. This was causing our problem with an incorrect digest, and I must say it does look incorrect to me. Surely the ssek namespace declaration should be included, as it is used in the element? Is this a known problem with the c14n code, or have I misunderstood something?