Email lists > Apache XML Security dev help > DO NOT REPLY [Bug 43685] New: - Problem verifying signatures generated by BEA Aqualogic > DO NOT REPLY [Bug 43685] New: - Problem verifying signatures generated by BEA Aqualogic

DO NOT REPLY [Bug 43685] New: - Problem verifying signatures generated by BEA Aqualogic




This post if a part of  this thread

2007-10-24 02:56:04
DO NOT REPLY New: - Problem verifying signatures generated by BEA Aqualogic 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43
685>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43685

           Summary: Problem verifying signatures generated
by BEA Aqualogic
           Product: Security
           Version: Java 1.4.1
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Signature
        AssignedTo: security-devxml.apache.org
        ReportedBy: krit-practice.dk
                CC: krit-practice.dk


I'm having trouble verifying a signature generated by BEA
Aqualogic - it looks 
like the SHA-1 hash generated when verifying is not the same
as specified in 
the signature.

Here is the security header, I'll attach the entire signed
XML file too.

Here, both the timestamp and the body SHA-1 hash does not
match, but the binary 
securitytoken is ok.

		<wsse:Security soapenv:mustUnderstand="1" 
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-wssecurity-
secext-1.0.xsd">
			<wsse:BinarySecurityToken
wsu:Id="bst_eYXO4naFUHt1oMiY" 
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-x509-token-
profile-1.0#X509v3" EncodingType="http://
docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-soap-message-security-
1.0#Base64Binary">MIIE7TCCBFagAwIBAgIEQDZd9zANBgkqhk
iG9w0BAQUFADA/MQswCQYDVQQGEw
JESzEMMAoGA1UEChMDVERDMSIwIAYDVQQDExlUREMgT0NFUyBTeXN0ZW10ZX
N0IENBIElJMB4XDTA1MT
AzMTA4MjgxOVoXDTA3MTAzMTA4NTgxOVowczELMAkGA1UEBhMCREsxIDAeBg
NVBAoTF1REQyBBL1MgLy
8gQ1ZSOjE0NzczOTA4MUIwGQYDVQQDExJUREMgQS9TIC0gUElEIFRFU1QwJQ
YDVQQFEx5DVlI6MTQ3Nz
M5MDgtVUlEOjEwODM4Mzg5MTQzOTIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMI
GJAoGBAKlUxEE8Miw22X
nNdMBJpkZjcvBQWBboL8N/bjKrmHyUC68PIr+OTDtlq0QcIxYwWp7iHvd/FE
QBjWc09KBTpVPy23rEM3
n/0EXoBFeq0zFOrZt3eAwhY4RA4ipaW9bBjnzuhTXEQ/VJfROIcbcjORqBrJ
bDVpjv8Z7zzmLrQGE3Ag
MBAAGjggLAMIICvDAOBgNVHQ8BAf8EBAMCA7gwKwYDVR0QBCQwIoAPMjAwNT
EwMzEwODI4MTlagQ8yMD
A3MTAzMTA4NTgxOVowRgYIKwYBBQUHAQEEOjA4MDYGCCsGAQUFBzABhipodH
RwOi8vdGVzdC5vY3NwLm
NlcnRpZmlrYXQuZGsvb2NzcC9zdGF0dXMwggEDBgNVHSAEgfswgfgwgfUGCS
kBAQEBAQEBAzCB5zAvBg
grBgEFBQcCARYjaHR0cDovL3d3dy5jZXJ0aWZpa2F0LmRrL3JlcG9zaXRvcn
kwgbMGCCsGAQUFBwICMI
GmMAoWA1REQzADAgEBGoGXVERDIFRlc3QgQ2VydGlmaWthdGVyIGZyYSBkZW
5uZSBDQSB1ZHN0ZWRlcy
B1bmRlciBPSUQgMS4xLjEuMS4xLjEuMS4xLjEuMy4gVERDIFRlc3QgQ2VydG
lmaWNhdGVzIGZyb20gdG
hpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjEuMS4xLjEuMS4xLjEuMS
4zLjAXBglghkgBhvhCAQ
0EChYIb3JnYW5XZWIwFgYDVR0RBA8wDYELcGJ1dUB0ZGMuZGswgZYGA1UdHw
SBjjCBizCBiKCBhaCBgq
RQME4xCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMxIjAgBgNVBAMTGVREQy
BPQ0VTIFN5c3RlbXRlc3
QgQ0EgSUkxDTALBgNVBAMTBENSTDOGLmh0dHA6Ly90ZXN0LmNybC5vY2VzLm
NlcnRpZmlrYXQuZGsvb2
Nlc3BjMy5jcmwwHwYDVR0jBBgwFoAUHJgJRxpMOLkQxQQpW/H0ToBqzH4wHQ
YDVR0OBBYEFOtlUEQqrO
K/XSqgOmGhs/lT4XelMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVj
cuMQMCA6gwDQYJKoZIhv
cNAQEFBQADgYEAUaMFA/2wqk8PzeNW8wHCMqDyx5G4onfRiH1lTw5v0yOC2M
NgAnIN87LHrsYRx2gobU
emjajrbjA+jDC8k2sxHkFyj2vqwXqEys7coScQeeIz5J4V5pFz9YhgXrb8xA
dI7YexWSAqAttz5mde7n
vHNsQ2vpWDLmjGsynNaP7avFg=</wsse:BinarySecurityToken>
			<dsig:Signature 
xmlns:dsig="http://w
ww.w3.org/2000/09/xmldsig#">
				<dsig:SignedInfo>
					<dsig:CanonicalizationMethod 
Algorithm="ht
tp://www.w3.org/2001/10/xml-exc-c14n#"/>
					<dsig:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
					<dsig:Reference 
URI="#Timestamp_NINwvG8AFBVIRLEX">
						<dsig:Transforms>
							<dsig:Transform 
Algorithm="htt
p://www.w3.org/2001/10/xml-exc-c14n#">
							
	<exc14n:InclusiveNamespaces PrefixList="" 
xmlns:exc14n="ht
tp://www.w3.org/2001/10/xml-exc-c14n#"/>
							</dsig:Transform>
						</dsig:Transforms>
						<dsigigestMet
hod 
Algorithm="htt
p://www.w3.org/2000/09/xmldsig#sha1"/>
					
	<dsigigestVal
ue>j6FEasOTde+K4VAIyT1AnJjj/38=</dsigigestVal
ue>
					</dsig:Reference>
					<dsig:Reference URI="#Id-650323651">
						<dsig:Transforms>
							<dsig:Transform 
Algorithm="htt
p://www.w3.org/2001/10/xml-exc-c14n#">
							
	<exc14n:InclusiveNamespaces PrefixList="" 
xmlns:exc14n="ht
tp://www.w3.org/2001/10/xml-exc-c14n#"/>
							</dsig:Transform>
						</dsig:Transforms>
						<dsigigestMet
hod 
Algorithm="htt
p://www.w3.org/2000/09/xmldsig#sha1"/>
					
	<dsigigestVal
ue>edC2luHbb+q5TSLk1XcVeiDVNb4=</dsigigestVal
ue>
					</dsig:Reference>
					<dsig:Reference 
URI="#bst_eYXO4naFUHt1oMiY">
						<dsig:Transforms>
							<dsig:Transform 
Algorithm="htt
p://www.w3.org/2001/10/xml-exc-c14n#">
							
	<exc14n:InclusiveNamespaces PrefixList="" 
xmlns:exc14n="ht
tp://www.w3.org/2001/10/xml-exc-c14n#"/>
							</dsig:Transform>
						</dsig:Transforms>
						<dsigigestMet
hod 
Algorithm="htt
p://www.w3.org/2000/09/xmldsig#sha1"/>
					
	<dsigigestVal
ue>gVM6kHVLvllHfM1wx0pXLy5fOJg=</dsigigestVal
ue>
					</dsig:Reference>
				</dsig:SignedInfo>
			
	<dsig:SignatureValue>CV3lBSJ/KI8yj3ZgQdg/XLGvOhEDGYs2
qu7qOn2L8e4e2t8Va9R
dZBvnZsuNpOC5b4Vkl6UQWc6HvNMrp+EjB6/PgD7D74R3CcJhpSQpLwiiwyz
gOnX+AGsjh+NabWJZw8F
x8SP3tQ+TqSsF0OCy+UzJ+I9bKDaWghjUMG61xkE=</dsig:Signature
Value>
				<dsig:KeyInfo>
					<wsse:SecurityTokenReference 
wsu:Id="str_eKIZMaztAU9dy8pc">
						<wsse:Reference 
URI="#bst_eYXO4naFUHt1oMiY" ValueType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0
#X509v3"/>
					</wsse:SecurityTokenReference>
				</dsig:KeyInfo>
			</dsig:Signature>
			<wsu:Timestamp
wsu:Id="Timestamp_NINwvG8AFBVIRLEX">
				<wsu:Created>2007-10-10T10:23:32Z</wsu:Created&
gt;
				<wsu:Expires>2007-10-10T10:24:32Z</wsu:Expires&
gt;
			</wsu:Timestamp>
		</wsse:Security>

What looks odd to me, is the InclusiveNamespaces PrefixList
which is empty - I 
do not know if this is the problem or not.

Can anyone help figure out what is going on ? I am working
at a project for a 
customer where this is a critical problem and I would really
appreciate if 
anyone can help me identify if it is a problem in
XML-Security or in BEA's 
Aqualogic.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema
il
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
assignee.

about | contact  Other archives ( Real Estate discussion Medical topics )