users@jax-rpc.java.net

doubt on XWS signature syntax

From: Alessio Cervellin <alessio.cervellin_at_sun-cs-italy.com>
Date: Tue, 5 Apr 2005 10:51:52 +0200 (CEST)

My endpoint, which has signature requirement, is receiving a signed soap message (probably from a .NET platform) which can't be validated.
By analizing it, I discovered this is due to the syntax of some security tags which are not being accepted from XWS.

First issue:
incoming message's BinarySecurityToken block looks like this:

<wsse:BinarySecurityToken xmlns:wsu="http://schemas.xmlsoap.org/ws/2003/06/utility" EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3" ...

XWS doesn't accept it, but if I change the wsu namespace declaration and the EncodingType/ValueType attributes to the following format it works fine:

<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ...

So:
- which wsu namespace declaration is valid according to the OASIS WSS specification? (I'd say the second one, so 1 point to XWS)
- Which EncodingType/ValueType declaration is valid? I've some doubt... shouldn't "wsse:X509v3" be equivalent to "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ? (since the wsse namespace is correctlty declared befoire in the wsse:Security tag)


Second issue:
incoming message's Signature block looks like this:
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
..

And XWS doesn't find it... if I change it to the following, it works fine:
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
..

I just added the "ds" prefix...
So:
- which of the above syntax is correct? Shouldn't XWS accept both?

Thanks for you help.
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.