ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dittmann, Werner" <werner.dittm...@siemens.com>
Subject AW: RES: AW: AW: order of sign and encr in .NET
Date Tue, 12 Jul 2005 06:16:28 GMT
Steve, all,

about your first question: yes, that was the understanding
of a e-mail discussion we had some time ago: WSE does
not yet support WS-I (inclusivenamespace).

Your other question: yes, there is a subtle difference
between the working request you sent last Friday. The
difference is in the Timestamp. The format of the date/time
of the new request now includes the milliseconds. We added
the milliseconds due to some other interop problems and
because the XML Schema requires the milliseconds AFAIK.

But as usual you can switch off the milliseconds (in the
WSConfig file). Look for a boolean there.

Regards,
Werner


> -----Ursprüngliche Nachricht-----
> Von: Steve Behrendt [mailto:steve@weg.com.br] 
> Gesendet: Montag, 11. Juli 2005 14:58
> An: Werner Dittmann
> Cc: brian@sweetxml.org; Dittmann, Werner; Gürkan Vural; 
> Granqvist, Hans; fx-dev@ws.apache.org
> Betreff: RES: RES: AW: AW: order of sign and encr in .NET
> 
> 
> Werner,
> 
> Thanks. "InclusiveNamespace" is stuff of the WS-I, but WSE 
> doesn't support this stuff (inclusivenamespace), therefore 
> the WSE dosn't accept the signature. Have I understand it right?
> 
> I have tried it and found 2 problems. When I use the wss4j.jar file
> (the newest version) the "inclusivenamespace"-stuff is added, 
> but when 
> I use the "src" files of the project folder the 
> "inclusivenamepsace" isn't
> added - without any changes on the wssconfig.java file.
> 
> Now the java-client send a soap-message without the 
> "inclusivenamespace"=stuff,
> due to the WS-I, but the WSE still dowsn't accept the 
> signature. The exception is
> still the same:
> 
> AxisFault
>  faultCode: 
> {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec
> urity-secext-1.0.xsd}FailedCheck
>  faultSubcode: 
>  faultString: Microsoft.Web.Services2.Security.SecurityFault: 
> The signature or decryption was invalid
>    at 
> Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
>    at 
> Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMe
> ssage(SoapEnvelope envelope)
>    at 
> Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvel
> ope envelope)
>    at 
> Microsoft.Web.Services2.WebServicesExtension.BeforeDeserialize
> Server(SoapServerMessage message)
>  faultActor: http://localhost/WebServiceGMC/webservicegmc.asmx
> 
> The message is now:
> 
> <?xml version="1.0" encoding="UTF-8"?>
>    <soapenv:Envelope 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>       <soapenv:Header>
>          <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040
> 1-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
>             <wsse:UsernameToken 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameTokenId-5862378">
>                <wsse:Username>usuario3</wsse:Username>
>                <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> username-token-profile-1.0#PasswordText">senha3</wsse:Password>
>                <wsu:Created>2005-07-11T12:43:38.552Z</wsu:Created>
>                <wsse:Nonce>85DpuTBD4f14uJhdklt2hA==</wsse:Nonce>
>             </wsse:UsernameToken>
>             <ds:Signature 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                <ds:SignedInfo>
>                   <ds:CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Canon
> icalizationMethod>
>                   <ds:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:S
> ignatureMethod>
>                   <ds:Reference URI="#id-8706595">
>                      <ds:Transforms>
>                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                      
> <ds:DigestValue>6m7QGOVJoQGzFpxEIHqFISlwvOg=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#id-15606519">
>                      <ds:Transforms>
>                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                      
> <ds:DigestValue>OrbC+oWPDqjF8d22jSIM+Z7mUf0=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#id-3779465">
>                      <ds:Transforms>
>                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                      
> <ds:DigestValue>lr2fB700eMiCriQD7hrukW13eLk=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#id-2929821">
>                      <ds:Transforms>
>                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                      
> <ds:DigestValue>aX77bRqKYnP9W1LZnXYy42DNhDI=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#id-17160330">
>                      <ds:Transforms>
>                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                      
> <ds:DigestValue>hyPLuTIjh/hATPYWwwHxqiqU8ko=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#id-13328393">
>                      <ds:Transforms>
>                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                      
> <ds:DigestValue>FAiQvuh29IyJoZTvOZl7MbHwFgU=</ds:DigestValue>
>                   </ds:Reference>
>                   <ds:Reference URI="#id-927929">
>                      <ds:Transforms>
>                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
>                      </ds:Transforms>
>                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                      
> <ds:DigestValue>zI1HezB6OwqrvwlhMDbvpKX3Bag=</ds:DigestValue>
>                   </ds:Reference>
>                </ds:SignedInfo>
>                
> <ds:SignatureValue>TplVnW4j2/FeIgZVI2PRctbAgHc=</ds:SignatureValue>
>                <ds:KeyInfo Id="KeyId-2780950">
>                   <wsse:SecurityTokenReference 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-25197736">
>                      <wsse:Reference 
> URI="#usernameTokenId-5862378" 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-username-token-profile-1.0#UsernameToken"></wsse:Reference>
>                   </wsse:SecurityTokenReference>
>                </ds:KeyInfo>
>             </ds:Signature>
>             <wsu:Timestamp 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3779465">
>                <wsu:Created>2005-07-11T12:43:38.536Z</wsu:Created>
>                <wsu:Expires>2005-07-11T12:48:38.536Z</wsu:Expires>
>             </wsu:Timestamp>
>          </wsse:Security>
>          <wsa:MessageID 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2929821" 
> soapenv:mustUnderstand="0">uuid:672b03c0-f209-11d9-9218-cb301b
> 6f3efb</wsa:MessageID>
>          <wsa:To 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-927929" 
> soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC
> /webservicegmc.asmx</wsa:To>
>          <wsa:Action 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15606519" 
> soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webs
> ervicegmc.asmx?op=getClientes</wsa:Action>
>          <wsa:From 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-13328393" 
> soapenv:mustUnderstand="0">
>             
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/
> role/anonymous</wsa:Address>
>          </wsa:From>
>          <wsa:ReplyTo 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-17160330" 
> soapenv:mustUnderstand="0">
>             
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/
> role/anonymous</wsa:Address>
>          </wsa:ReplyTo>
>       </soapenv:Header>
>       <soapenv:Body 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-8706595">
>          <anunciar xmlns="http://weg.net/service">
>             <ns1:usuario 
> xmlns:ns1="http://weg.net/service/">usuario1</ns1:usuario>
>          </anunciar>
>       </soapenv:Body>
>    </soapenv:Envelope>
> 
> 
> 
> Any body see a difference between the working message sent by 
> the old wss4
> and this from the up-to-date wss4j?
> 
> STEVE
> 
> 
> 
> 
> 
> 
> 
> -----Mensagem original-----
> De: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> Enviada em: sábado, 9 de julho de 2005 04:19
> Para: Steve Behrendt
> Cc: brian@sweetxml.org; Dittmann, Werner; Gürkan Vural; 
> Granqvist, Hans;
> fx-dev@ws.apache.org
> Assunto: Re: RES: AW: AW: order of sign and encr in .NET
> 
> 
> Brian, Steve, all,
> 
> looking at it I see the difference. Soemtime ago one of the
> contributers implemented some additons to be WS-I compliant.
> This "InclusiveNamespace" stuff is due to this, and as it turned
> out WSE is not yet ready to handle this. Due to this there is
> a boolean in WSSConfig.java (wsiBSPCompliant). If this boolean
> is true WSS4J works in BS-I compliant mode, setting it to false
> WSS4J works as before.
> 
> Can you crosscheck and give it a try?
> 
> Thanks,
> Werner
> 
> Steve Behrendt schrieb:
> > Brian,
> > 
> > You are right. I have tested the attached wss4j.jar file 
> too and I had
> > success. My client now can produce a message that the .net 
> client understand.
> > The signature should be right, because the .NET WebService 
> now don't respond
> > with the Exception (Signature invalid).
> > 
> > I have build 2 Messsages, one with the new and one with the 
> "old" wss4j.jar
> > and attached.
> > 
> > The old one, which don't works:
> > 
> > <?xml version="1.0" encoding="UTF-8"?>
> >    <soapenv:Envelope 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >       <soapenv:Header>
> >          <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040
> 1-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
> >             <wsse:UsernameToken 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameTokenId-12455463">
> >                <wsse:Username>usuario3</wsse:Username>
> >                <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> username-token-profile-1.0#PasswordText">senha3</wsse:Password>
> >                <wsu:Created>2005-07-05T14:10:26Z</wsu:Created>
> >                <wsse:Nonce>yOBObBQ+sbevlt2XM0Xukg==</wsse:Nonce>
> >             </wsse:UsernameToken>
> >             <ds:Signature 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >                <ds:SignedInfo>
> >                   <ds:CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> >                      <ec:InclusiveNamespaces 
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
> PrefixList="soapenv wsa xsd xsi"></ec:InclusiveNamespaces>
> >                   </ds:CanonicalizationMethod>
> >                   <ds:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:S
> ignatureMethod>
> >                   <ds:Reference URI="#id-7866553">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> >                            <ec:InclusiveNamespaces 
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
> PrefixList="wsa xsd xsi"></ec:InclusiveNamespaces>
> >                         </ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>PmQSgFYbhiZciP5F6CRT5MZOPPk=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-3874052">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> >                            <ec:InclusiveNamespaces 
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
> PrefixList="soapenv wsa wsse xsd xsi"></ec:InclusiveNamespaces>
> >                         </ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>jcRns/iJ1hxPJZEqUt1DIG0iDdo=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-15606519">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> >                            <ec:InclusiveNamespaces 
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
> PrefixList="xsd xsi"></ec:InclusiveNamespaces>
> >                         </ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>TB1t5JzPv1WQ4uMX05qKqIl2s9o=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-3779465">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> >                            <ec:InclusiveNamespaces 
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
> PrefixList="xsd xsi"></ec:InclusiveNamespaces>
> >                         </ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>erDZuYXo9WJn29GSh6Kood6guzw=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-2929821">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> >                            <ec:InclusiveNamespaces 
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
> PrefixList="xsd xsi"></ec:InclusiveNamespaces>
> >                         </ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>QbIGZGq03FxN6tA2aE9d11/hvh0=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-17160330">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> >                            <ec:InclusiveNamespaces 
> xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" 
> PrefixList="xsd xsi"></ec:InclusiveNamespaces>
> >                         </ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>Y4vVT5KZ9FKbXLumKcaqvHaWhHM=</ds:DigestValue>
> >                   </ds:Reference>
> >                </ds:SignedInfo>
> >                
> <ds:SignatureValue>aLSM1mbqLMfNLKPVoi7dRqeVMT4=</ds:SignatureValue>
> >                <ds:KeyInfo Id="KeyId-26956311">
> >                   <wsse:SecurityTokenReference 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-9734221">
> >                      <wsse:Reference 
> URI="#usernameTokenId-12455463" 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-username-token-profile-1.0#UsernameToken"></wsse:Reference>
> >                   </wsse:SecurityTokenReference>
> >                </ds:KeyInfo>
> >             </ds:Signature>
> >             <wsu:Timestamp 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3874052">
> >                <wsu:Created>2005-07-05T14:10:26Z</wsu:Created>
> >                <wsu:Expires>2005-07-05T14:15:26Z</wsu:Expires>
> >             </wsu:Timestamp>
> >          </wsse:Security>
> >          <wsa:MessageID 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3779465" 
> soapenv:mustUnderstand="0">uuid:8912a6f0-ed5e-11d9-8c80-a1e409
> 7e4740</wsa:MessageID>
> >          <wsa:To 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-17160330" 
> soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC
> /webservicegmc.asmx</wsa:To>
> >          <wsa:Action 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15606519" 
> soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webs
> ervicegmc.asmx?op=getClientes</wsa:Action>
> >          <wsa:From 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2929821" 
> soapenv:mustUnderstand="0">
> >             
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/
> role/anonymous</wsa:Address>
> >          </wsa:From>
> >       </soapenv:Header>
> >       <soapenv:Body 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-7866553">
> >          <anunciar xmlns="http://weg.net/service">
> >             <ns1:usuario 
> xmlns:ns1="http://weg.net/service/">1234</ns1:usuario>
> >          </anunciar>
> >       </soapenv:Body>
> >    </soapenv:Envelope>
> > 
> > ------------------------------------------------------
> > 
> > and the new one working:
> > 
> > <?xml version="1.0" encoding="UTF-8"?>
> >    <soapenv:Envelope 
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" 
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >       <soapenv:Header>
> >          <wsse:Security 
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040
> 1-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
> >             <wsse:UsernameToken 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="usernameTokenId-32956236">
> >                <wsse:Username>usuario3</wsse:Username>
> >                <wsse:Password 
> Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
> username-token-profile-1.0#PasswordText">senha3</wsse:Password>
> >                <wsu:Created>2005-07-08T18:21:20Z</wsu:Created>
> >                <wsse:Nonce>RKPwh5ELWCBqUa0FhZtP9A==</wsse:Nonce>
> >             </wsse:UsernameToken>
> >             <ds:Signature 
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >                <ds:SignedInfo>
> >                   <ds:CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Canon
> icalizationMethod>
> >                   <ds:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:S
> ignatureMethod>
> >                   <ds:Reference URI="#id-9734221">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>FaQ7O3MS6a3e82I/jsfOhoDL+2M=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-867695">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>HinR+8MaMcU59CYiC25On0mv67U=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-20727434">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>YmbgnQ/0F+mxw9s3NrOibFvRj8w=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-3874052">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>iGemJhTiJd71u03JJWG22tLwfQ4=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-15606519">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>3m17MdDRPyAuUKi93W08Xdh2XQg=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-3779465">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>4Tb0yMaDPpAwiQXVpXdfJYWmvR0=</ds:DigestValue>
> >                   </ds:Reference>
> >                   <ds:Reference URI="#id-2929821">
> >                      <ds:Transforms>
> >                         <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> >                      </ds:Transforms>
> >                      <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> >                      
> <ds:DigestValue>t0XvlW4iqR3Qo2SirI+6sqkG4gk=</ds:DigestValue>
> >                   </ds:Reference>
> >                </ds:SignedInfo>
> >                
> <ds:SignatureValue>Q1NqxNLzcBL4wIjc6UToVyJ6+Kc=</ds:SignatureValue>
> >                <ds:KeyInfo Id="KeyId-19583390">
> >                   <wsse:SecurityTokenReference 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-2780950">
> >                      <wsse:Reference 
> URI="#usernameTokenId-32956236" 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-username-token-profile-1.0#UsernameToken"></wsse:Reference>
> >                   </wsse:SecurityTokenReference>
> >                </ds:KeyInfo>
> >             </ds:Signature>
> >             <wsu:Timestamp 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-20727434">
> >                <wsu:Created>2005-07-08T18:21:20Z</wsu:Created>
> >                <wsu:Expires>2005-07-08T18:26:20Z</wsu:Expires>
> >             </wsu:Timestamp>
> >          </wsse:Security>
> >          <wsa:MessageID 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3874052" 
> soapenv:mustUnderstand="0">uuid:14e28260-efdd-11d9-a841-a743b9
> d3b3f7</wsa:MessageID>
> >          <wsa:To 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2929821" 
> soapenv:mustUnderstand="0">http://localhost:8080/WebServiceGMC
> /webservicegmc.asmx</wsa:To>
> >          <wsa:Action 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-867695" 
> soapenv:mustUnderstand="0">http://localhost/WebServiceGMC/webs
> ervicegmc.asmx?op=getClientes</wsa:Action>
> >          <wsa:From 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3779465" 
> soapenv:mustUnderstand="0">
> >             
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/
> role/anonymous</wsa:Address>
> >          </wsa:From>
> >          <wsa:ReplyTo 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-15606519" 
> soapenv:mustUnderstand="0">
> >             
> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/
> role/anonymous</wsa:Address>
> >          </wsa:ReplyTo>
> >       </soapenv:Header>
> >       <soapenv:Body 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> -wss-wssecurity-utility-1.0.xsd" wsu:Id="id-9734221">
> >          <anunciar xmlns="http://weg.net/service">
> >             <ns1:usuario 
> xmlns:ns1="http://weg.net/service/">1234</ns1:usuario>
> >          </anunciar>
> >       </soapenv:Body>
> >    </soapenv:Envelope>
> > 
> > 
> --------------------------------------------------------------
> ---------
> > 
> > Now we have an example to work on it. I have already 
> compared each other.
> > The main difference I had found was the 
> "CanonicalizationMethod" - Tag and the 
> > "Transform" Tag of the "Transforms" tags.
> > Perhaps there are the problems?!?!?
> > 
> > Steve
> > 
> > 
> > -----Mensagem original-----
> > De: brian@sweetxml.org [mailto:brian@sweetxml.org]
> > Enviada em: sexta-feira, 8 de julho de 2005 07:59
> > Para: Dittmann, Werner; Steve Behrendt
> > Cc: Gürkan Vural; Granqvist, Hans; fx-dev@ws.apache.org
> > Assunto: Re: AW: AW: order of sign and encr in .NET
> > 
> > 
> > Werner, Gürkan and David,
> > 
> > Since Steve's post to the list concerning his problems 
> using wss4j with
> > UsernameToken Signature I've look at it again. My personal 
> conclusion is
> > that it once worked, but that in the meantime it's become 
> broken. At the
> > present time I can't say when exactly. I've tried various version of
> > wss4j, axis and bouncycastle and the only way I can get it 
> working is by
> > using an older version of wss4j that I build. I've attached 
> it, so you can
> > try it out and hopefully have a request come through.
> > 
> > Regards Brian
> > 
> > 
> > 
> > 
> > 
> > 
> >>Gürkan,
> >>
> >>is this a real log of the request? If I save the file and try
> >>to open it with an XML editor it fails because of non-well
> >>formed document. Looking at it with emacs I see some linebreaks
> >>at unusual points, e.g. in the middle of an element name.
> >>
> >>I'm not sure if this is due to e-mail transport or similar.
> >>But because you sent it as an attachement I would suspect that is
> >>not the case.
> >>
> >>Can you verify this?
> >>
> >>Regards,
> >>Werner
> >>
> >>
> >>>-----Ursprüngliche Nachricht-----
> >>>Von: Gürkan Vural [mailto:gurkan.vural@tcmb.gov.tr]
> >>>Gesendet: Freitag, 8. Juli 2005 11:06
> >>>An: Dittmann, Werner
> >>>Cc: Granqvist, Hans; fx-dev@ws.apache.org
> >>>Betreff: Re: AW: order of sign and encr in .NET
> >>>
> >>>
> >>>sorry wss4j can verify all elements but not final 
> signature value. it
> >>>processes all elements in the correct order.  I am trying to verify
> >>>username token signature with
> >>>http://www.w3.org/2000/09/xmldsig#hmac-sha1 algorithm. I can
> >>>verify what
> >>>i send to biztalk but not from biztalk. In the attachment 
> there is a
> >>>sample soap message. Can anyone try to verify this?
> >>>
> >>>--
> >>>gurkan
> >>>
> >>>Dittmann, Werner wrote:
> >>>
> >>>
> >>>>Gürkan,
> >>>>
> >>>>to me it seems a problem of BizTalk and/or the .Net WSE
> >>>>implementation. According to the OASIS WSS specification,
> >>>>chapter 5:
> >>>>
> >>>><quote>
> >>>>As elements are added to a <wsse:Security> header block,
> >>>>they SHOULD be prepended to the existing elements. As such,
> >>>>the <wsse:Security> header block represents the signing and
> >>>>encryption steps the message producer took to create the message.
> >>>>This prepending rule ensures that the receiving application can
> >>>>process sub-elements in the order they appear in the
> >>>><wsse:Security> header block, because there will be no forward
> >>>>dependency among the sub-elements. Note that this specification
> >>>>does not impose any specific order of processing the
> >>>>sub-elements. The receiving application can use whatever order
> >>>>is required.
> >>>></quote>
> >>>>
> >>>>This means, if the receiver sees an encryption sub-element
> >>>>before a Signature sub-element if processes encryption first.
> >>>>The ordering of elements is the _only_ information about the
> >>>>processing sequence. How could the receiver otherweise
> >>>>determine that it should first check Signature, then decrypt?
> >>>>
> >>>>Maybe you may crosscheck with the MS folks to clarfiy that?
> >>>>Are there known problems with BizTalk / .Net WSE? In general
> >>>>we tested interop with .Net WSE.
> >>>>
> >>>>Regards,
> >>>>Werner
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>>-----Ursprüngliche Nachricht-----
> >>>>>Von: Gürkan Vural [mailto:gurkan.vural@tcmb.gov.tr]
> >>>>>Gesendet: Freitag, 8. Juli 2005 07:59
> >>>>>An: Granqvist, Hans
> >>>>>Cc: fx-dev@ws.apache.org
> >>>>>Betreff: Re: order of sign and encr in .NET
> >>>>>
> >>>>>
> >>>>>Granqvist, Hans wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>>... biztalk outputs
> >>>>>>>DataReference above Signature element and this causes
> >>>>>>>decryption before signature and sign validation fails because
> >>>>>>>decryption changes the value of body element.
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>Is it you or biztalk that implies processing order from
> >>>>>>the element order?
> >>>>>>
> >>>>>>Hans
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>Whatever order I send data to Biztalk it processes correctly.
> >>>>>Because my
> >>>>>java client (wss4j) puts the headers of last operation above
> >>>>>the others.
> >>>>>However Biztalk always sends DataReference above Signature
> >>>
> >>>element and
> >>>
> >>>>>my java client (wss4j) first processes the encrypted body
> >>>
> >>>so signature
> >>>
> >>>>>validation fails.
> >>>>>
> >>>>>--
> >>>>>gurkan
> >>>>>
> >>>>>==========================================================-
> >>>>>Bu e-posta sadece yukarida isimleri belirtilen kisiler
> >>>>>arasinda özel haberlesme amacini tasimaktadir. Size
> >>>>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz
> >>>>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez
> >>>>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir
> >>>>>hukuksal sorumlulugu kabul etmez.
> >>>>>
> >>>>>This e-mail communication is intended for the private use of
> >>>>>the people named above. If you received this message in
> >>>>>error, please immediately notify the sender and delete it
> >>>>
> >>>>>from your system. The Central Bank of The Republic of Turkey
> >>>>
> >>>>>does not accept legal responsibility for the contents of
> >>>
> >>>this message.
> >>>
> >>>>>
> >>>>>
> >>>
> >>>
> >>>==========================================================-
> >>>Bu e-posta sadece yukarida isimleri belirtilen kisiler
> >>>arasinda özel haberlesme amacini tasimaktadir. Size
> >>>yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz
> >>>ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez
> >>>Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir
> >>>hukuksal sorumlulugu kabul etmez.
> >>>
> >>>This e-mail communication is intended for the private use of
> >>>the people named above. If you received this message in
> >>>error, please immediately notify the sender and delete it
> >>>from your system. The Central Bank of The Republic of Turkey
> >>>does not accept legal responsibility for the contents of 
> this message.
> >>>
> >>
> > 
> 
> 

Mime
View raw message