Return-Path: Delivered-To: apmail-ws-fx-dev-archive@www.apache.org Received: (qmail 33993 invoked from network); 8 Jul 2005 06:43:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 8 Jul 2005 06:43:10 -0000 Received: (qmail 17809 invoked by uid 500); 8 Jul 2005 06:43:07 -0000 Delivered-To: apmail-ws-fx-dev-archive@ws.apache.org Received: (qmail 17765 invoked by uid 500); 8 Jul 2005 06:43:07 -0000 Mailing-List: contact fx-dev-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list fx-dev@ws.apache.org Received: (qmail 17752 invoked by uid 99); 8 Jul 2005 06:43:07 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2005 23:43:07 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [194.138.37.39] (HELO lizzard.sbs.de) (194.138.37.39) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2005 23:43:05 -0700 Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by lizzard.sbs.de (8.12.6/8.12.6) with ESMTP id j686griv009666; Fri, 8 Jul 2005 08:42:53 +0200 Received: from fthw9xoa.ww002.siemens.net (fthw9xoa.ww002.siemens.net [157.163.133.201]) by mail2.sbs.de (8.12.6/8.12.6) with ESMTP id j686gqiu000265; Fri, 8 Jul 2005 08:42:52 +0200 Received: from MCHP7I5A.ww002.siemens.net ([139.25.131.136]) by fthw9xoa.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.0); Fri, 8 Jul 2005 08:42:52 +0200 x-mimeole: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: AW: order of sign and encr in .NET Date: Fri, 8 Jul 2005 08:42:51 +0200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: order of sign and encr in .NET Thread-Index: AcWDgjaOd8vLKKM7RKOQGYy1WTmHpwABKRrA From: "Dittmann, Werner" To: =?iso-8859-1?Q?G=FCrkan_Vural?= , "Granqvist, Hans" Cc: X-OriginalArrivalTime: 08 Jul 2005 06:42:52.0110 (UTC) FILETIME=[437EC6E0:01C58388] X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N G=FCrkan, to me it seems a problem of BizTalk and/or the .Net WSE implementation. According to the OASIS WSS specification, chapter 5: As elements are added to a header block,=20 they SHOULD be prepended to the existing elements. As such,=20 the header block represents the signing and encryption steps the message producer took to create the message.=20 This prepending rule ensures that the receiving application can=20 process sub-elements in the order they appear in the=20 header block, because there will be no forward=20 dependency among the sub-elements. Note that this specification=20 does not impose any specific order of processing the=20 sub-elements. The receiving application can use whatever order=20 is required. This means, if the receiver sees an encryption sub-element before a Signature sub-element if processes encryption first. The ordering of elements is the _only_ information about the processing sequence. How could the receiver otherweise=20 determine that it should first check Signature, then decrypt? Maybe you may crosscheck with the MS folks to clarfiy that? Are there known problems with BizTalk / .Net WSE? In general we tested interop with .Net WSE. Regards, Werner > -----Urspr=FCngliche Nachricht----- > Von: G=FCrkan Vural [mailto:gurkan.vural@tcmb.gov.tr]=20 > Gesendet: Freitag, 8. Juli 2005 07:59 > An: Granqvist, Hans > Cc: fx-dev@ws.apache.org > Betreff: Re: order of sign and encr in .NET >=20 >=20 > Granqvist, Hans wrote: >=20 > >>... biztalk outputs=20 > >>DataReference above Signature element and this causes=20 > >>decryption before signature and sign validation fails because=20 > >>decryption changes the value of body element. > >> =20 > >> > > > >Is it you or biztalk that implies processing order from > >the element order? > > > >Hans > > =20 > > > Whatever order I send data to Biztalk it processes correctly.=20 > Because my > java client (wss4j) puts the headers of last operation above=20 > the others. > However Biztalk always sends DataReference above Signature element and > my java client (wss4j) first processes the encrypted body so signature > validation fails. >=20 > -- > gurkan >=20 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D- > Bu e-posta sadece yukarida isimleri belirtilen kisiler=20 > arasinda =F6zel haberlesme amacini tasimaktadir. Size=20 > yanlislikla ulasmissa l=FCtfen g=F6nderen kisiyi bilgilendiriniz=20 > ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez=20 > Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir=20 > hukuksal sorumlulugu kabul etmez.=20 >=20 > This e-mail communication is intended for the private use of=20 > the people named above. If you received this message in=20 > error, please immediately notify the sender and delete it=20 > from your system. The Central Bank of The Republic of Turkey=20 > does not accept legal responsibility for the contents of this message. >=20