ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Hall <jason.h...@mchsi.com>
Subject inclusive namespace question
Date Tue, 03 Jul 2018 17:46:38 GMT
Trying to figure out "InclusiveNamespaces" difference in SOAPUI and WSS4J implementation.

In the following code snippet:
        Document doc = toSOAPPart(requestSoapString);
        //SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
       
        WSSecHeader secHeader = new WSSecHeader(doc);
        secHeader.insertSecurityHeader();
        secHeader.setMustUnderstand(true);

        WSSecTimestamp timestamp = new WSSecTimestamp();
        timestamp.setTimeToLive(300);
        timestamp.build(doc, secHeader);

        //Prepare for signature
        WSSecSignature builder = new WSSecSignature();
        builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
        builder.setSignatureAlgorithm(WSConstants.RSA_SHA1);
        builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
        builder.setDigestAlgo(WSConstants.SHA1);
        builder.setAddInclusivePrefixes(true);
        builder.setUserInfo(keyAlias, keyPass);
        builder.setUseSingleCertificate(true);

        WSEncryptionPart encP = new WSEncryptionPart(WSConstants.ELEM_BODY, WSConstants.URI_SOAP11_ENV,
"Content");
        builder.getParts().add(encP);
        Document signedDoc = builder.build(doc, passwordCrypto, secHeader);
        String outputString
                = XMLUtils.PrettyDocumentToString(signedDoc);

The above produces the following snippet:

        <ds:SignedInfo>
               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                  <ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               </ds:CanonicalizationMethod>
               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <ds:Reference URI="#Id-206467045">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </ds:Transforms>
                  <dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <dsigestValue>PEvtq8JdLh8GBzKs0Dow+DWES+k=</dsigestValue>
               </ds:Reference>
            </ds:SignedInfo>


In SOAPUI, I have chosen the same (or what I think is the same) parameters in the signature
screen options
.  It produces the following snippet:
        <ds:SignedInfo>
               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                  <ec:InclusiveNamespaces PrefixList="soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               </ds:CanonicalizationMethod>
               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <ds:Reference URI="#Id-206467045">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transform>
                  </ds:Transforms>
                  <dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <dsigestValue>lQsfZK8weX2vRvHYDZTl9ECLzWQ=</dsigestValue>
               </ds:Reference>
            </ds:SignedInfo>


My question is: in WSS4J - what is needed to produce the ec:<ec:InclusiveNamespaces ....
in the <ds:Transform Algorithm=.... as SOAPUI does in the snippet of:

                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transform>
                  </ds:Transforms> ?

I am sure this is something easy that I am missing ?

   thanks,
      Jason

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message