Can you create a test-case for this issue?

Colm.

-----Original Message-----
From: Bauer Horscht [mailto:bauer.horscht@gmx....]
Sent: 02 September 2009 21:26
To: Colm O hEigeartaigh; wss4j-dev@ws.a...
Subject: Re: Canonicalization / C14N problem setting WSDoAllSender
properties programmatically

Hi Colm,

thanks for having a look into this!
Yes, the xml example is what gets sent across the wire!
However, I'm not even touching the SOAP document in my handler (which is

ahead of the WSDoAllSender in the client's handler chain).
I'm just setting the wss4j parameters dynamically (on the Axis
MessageContext mc):

entry ="alias"
action="Signature"

            mc.setProperty(WSHandlerConstants.SIG_PROP_FILE,
"my.properties");
            mc.setProperty(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
            mc.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
"myPasswordCallbackHandler");
            mc.setProperty(WSHandlerConstants.SIGNATURE_USER, entry);
            mc.setProperty(WSHandlerConstants.USER, entry);
            mc.setProperty(WSHandlerConstants.ACTION, action);


And this is the wsdd file, which does work well:

<?xml version="1.0" encoding="UTF-8"?>
<deployment name="test" xmlns="http://xml.apache.org/axis/wsdd/"
    xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
    xmlns:xsi="http://www.w3.org/2000/10/XMLSchema-instance">
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
  <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
    <parameter name="signatureUser" value="alias"/>
    <parameter name="user" value="alias"/>
    <parameter name="passwordCallbackClass"
value="myPasswordCallbackHandler"/>
    <parameter name="action" value="Signature"/>
    <parameter name="signaturePropFile" value="my.properties" />
    <parameter name="signatureKeyIdentifier" value="DirectReference" />
  </handler>
</requestFlow>
</globalConfiguration>
</deployment>

Bauer


Colm O hEigeartaigh schrieb:
> Hi Bauer,
>
> Yes, this is the right list for questions about wss4j.
>
> Are the XML blobs you posted what gets sent across the wire? Both
should
> be perfectly valid. You're correct in saying that the second one
> conforms to the c14n standard, but XML Security will just transform
the
> first example to the correct form when c14n'ing at the receiving end.
>
> It sounds like a problem with the Axis SAAJ implementation...it's
> extremely buggy. How are you constructing the DOM Document in your
> handler? Can you attach the code of your custom handler?
>
> Colm.
>
> -----Original Message-----
> From: Bauer Horscht [mailto:bauer.horscht@gmx....]
> Sent: 01 September 2009 17:17
> To: wss4j-dev@ws.a...
> Subject: Canonicalization / C14N problem setting WSDoAllSender
> properties programmatically
>
> Hi,
>
> I want to use the signature action of the WSDoAllSender handler for my

> WS client.
> This works fine, as long as I use a wsdd file and load it with
> FileProvider into the AxisClient.
>
> But I want it to work using a SimpleProvider with a custom handler set

> before WSDoAllSender.
> This custom handler prepares the MessageContext for the WSDoAllSender
> (such as mc.setProperty(WSHandlerConstants.SIGNATURE_USER, "Bob") and
> WSDoAllSender even finishes without an Exception
>
> However, now the server responds with a "The signature or decryption
was
>
> invalid... ".
>
> I believe, the reason has something to do with c14n, since the
messages
> differ by their empty-elements, as shown in these extracts of the
> crucial SignedInfo element:
>
> FileProvider:
> <ds:SignedInfo>
>          <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>          <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> .....
> </ds:SignedInfo>
>
> SimpleProvider:
> <ds:SignedInfo>
>          <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
>          </ds:CanonicalizationMethod>
>          <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">
>          </ds:SignatureMethod>
> .....
> </ds:SignedInfo>
>
> Any idea why this happens?
> I mean, isn't the second one the "correct one" in terms of complying
to
> the c14n standard?
> Anyway, only the first one works.
>
> Thanks
> Bauer Horscht
>
> PS: Is this the correct mail list? Didn't find a wss4j user list
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.a...
> For additional commands, e-mail: wss4j-dev-help@ws.a...
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.a...
> For additional commands, e-mail: wss4j-dev-help@ws.a...
>
>  

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.a...
For additional commands, e-mail: wss4j-dev-help@ws.a...