[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: dsig and SOAP2.1
If anyone is using SOAP2.1 and having difficulty
with the signature verification (as I was struggling
with until a few moments ago), the problem may lie
in the fact that the org.apache.soap.Envelope.marshall()
method is modifying the document instead of
simply writing it out from the DOM tree. Thus, the
digest would be significatly different when validating.
In any event, I have XMLDSig signing and validation working
in my MSH implementation which is built on Apache SOAP4J 2.1.
Note that the Message Service spec (0.98b and 0.99)
will need to be changed as regards to the XPath transform
specified (as will any use of DSig for the POC) such
that the XPath for the Envelope is as follows:
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
not(ancestor-or-self::dsig:Signature[@Id='S1'] or
ancestor-or-self::eb:TraceHeaderList)
</XPath>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
If use of the Via element for multihop is used, then the XPath would
need to be:
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
not(ancestor-or-self::dsig:Signature[@Id='S1'] or
ancestor-or-self::eb:TraceHeaderList or ancestor-or-self::eb:Via)
</XPath>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
The spec will need to be updated to reflect this change (probably the
latter example so as to capture the multihop use case) for the 1.0 version.
Cheers,
Chris
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC