ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dittmann, Werner" <>
Subject AW: signature verification fail when modifying soap body by intermediate
Date Fri, 11 Nov 2005 07:22:32 GMT

that failure may have several reasons. Fist of all,
you are right that modifiying/addin an element that was
not part of the Signature should not cause the verification
to fail.

However, my assumption is that during the modification of the
body ny adding another element also the original element (A)
is modifiy somehow. To add the second element (B) someone
usually needs to parse the body, building a DOM tree, insert
the new element and serialize the DOM into a new body.

If during this parsing/inserting/serialization process the element
A is modifiyied in some way the verification fails. Modification
in this case mean e.g. adding a newline character, a blank, a tab
or something else. This very often occurs during the above mentioned
steps. After Singing an element this element _must not_ be modified
in the way described above. You may check the whole stuff if you
really look at the request using e.g. TCPMON before the request
enters procesing of company B and after processing.


> -----Urspr√ľngliche Nachricht-----
> Von: yinghui chen [] 
> Gesendet: Donnerstag, 10. November 2005 22:32
> An:
> Betreff: signature verification fail when modifying soap body 
> by intermediate 
> Dear All,
>   I am currently applying the wss4j for a small project. But 
> we are having a 
> problem of signature verification failure. Here is the description.
>   For example, company A construct a SOAP message, and sign 
> element A within 
> the SOAP body. And then company A send the SOAP to company B. 
> Company B 
> insert an element B into the SOAP body. The element B is a sibling of 
> element A. And then Company B forward the SOAP to Company C. 
> The Company C 
> verifies the signature, but it fails. I have tried the case 
> if Company B 
> does not insert element B, the signature verification is success.
>   The thing that I do not understand is that company A sign 
> only element A, 
> why insersion of element B break the signature.
>   I attached the source code together with the email.
> I am looking forward to your help,
> Yinghui
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message