[ebxmlms-develop] troubles with signed acks (still)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi team,

signed acks pose some issues on our interoperability tests in Europe.
I'm testing against SUN and Seeburger for now. Seeburger is also using =
xmlsec 1.0.4, with Xalan and Xerces as spec'd by xmlsec. I've tried with =
xalan/xerces from hermes cvs, and with the ones spec'd from xmlsec =
1.0.4. both with the same issues. Don't know about Sun, but theirs is =
likely the same as in Asian tests.

one issue is with the soap namespace prefix. I've nailed this down to =
the fact that hermes passes the doc to xmlsec as a DOM tree, rather than =
as a string. When passing this to xmlsec, reserialization uses SAAJ, =
which hardcodes 'soap-env' as the prefix, while the others use SOAP. =
this causes a digest mismatch. I've solved this (for now) by swapping to =
SOAP as the prefix in SAAJ and Hermes, but we need to change this so =
that the actual streamed data is passed to XMLSignature in xmlsec.

Another is, which is still open is that the SOAP namespace declarations, =
which occur originally on the SOAP:envelope are moved to the SOAP:Header =
and SOAP:Body elements during C14N. I haven't managed to find or fix =
that yet. Any ideas are welcome...

One more thing, which may be related, is a nullpointer exception that's =
thrown during C14N of an ack from Sun, which has the ds:Reference =
elements for the original message. One of those happens to be =
<ds:Reference xmlns:ds=3D"....." URI=3D"">. C14N throws an exception in =
org\apache\xml\security\c14n\helper\NonNSAttrCompare.java.
This happens inside the C14N during the sorting of the attributes. =
Tracing revealed that namespace URI and localname resolve to null for =
both attribs, and the exception occurs as the compare is deferred to an =
equals call of the localnames.

thnx, Gait.