ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "yinghui chen" <yinghu...@hotmail.com>
Subject RE: AW: signature verification fail when modifying soap body by intermediate
Date Fri, 11 Nov 2005 07:52:36 GMT
Hello, Werner,
  Many thanks for the response. You are right that constructing a new DOM 
tree might modify element in some way. But before signature verification, 
the XML should go through the canonicalization process, which should make 
sure any insignificant change, for example, line feed, extra blank space 
etc, should not effect the signature verification. So do you think it might 
be a kind of bug within canonicalization code?

Best Regards,
Yinghui


>From: "Dittmann, Werner" <werner.dittmann@siemens.com>
>To: "yinghui chen" <yinghui77@hotmail.com>, <wss4j-dev@ws.apache.org>
>Subject: AW: signature verification fail when modifying soap body by 
>intermediate Date: Fri, 11 Nov 2005 08:22:32 +0100
>
>Yinghui,
>
>that failure may have several reasons. Fist of all,
>you are right that modifiying/addin an element that was
>not part of the Signature should not cause the verification
>to fail.
>
>However, my assumption is that during the modification of the
>body ny adding another element also the original element (A)
>is modifiy somehow. To add the second element (B) someone
>usually needs to parse the body, building a DOM tree, insert
>the new element and serialize the DOM into a new body.
>
>If during this parsing/inserting/serialization process the element
>A is modifiyied in some way the verification fails. Modification
>in this case mean e.g. adding a newline character, a blank, a tab
>or something else. This very often occurs during the above mentioned
>steps. After Singing an element this element _must not_ be modified
>in the way described above. You may check the whole stuff if you
>really look at the request using e.g. TCPMON before the request
>enters procesing of company B and after processing.
>
>Regards,
>Werner
>
> > -----Ursprüngliche Nachricht-----
> > Von: yinghui chen [mailto:yinghui77@hotmail.com]
> > Gesendet: Donnerstag, 10. November 2005 22:32
> > An: wss4j-dev@ws.apache.org
> > Betreff: signature verification fail when modifying soap body
> > by intermediate
> >
> > Dear All,
> >   I am currently applying the wss4j for a small project. But
> > we are having a
> > problem of signature verification failure. Here is the description.
> >   For example, company A construct a SOAP message, and sign
> > element A within
> > the SOAP body. And then company A send the SOAP to company B.
> > Company B
> > insert an element B into the SOAP body. The element B is a sibling of
> > element A. And then Company B forward the SOAP to Company C.
> > The Company C
> > verifies the signature, but it fails. I have tried the case
> > if Company B
> > does not insert element B, the signature verification is success.
> >   The thing that I do not understand is that company A sign
> > only element A,
> > why insersion of element B break the signature.
> >   I attached the source code together with the email.
> >
> > I am looking forward to your help,
> > Yinghui
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message