Menu
▾
▴
Re: [ebxmlms-develop] Signed messages again: not the ds namespace
|
From: Bob K. <py...@ce...> - 2003-10-02 02:39:57
|
I am investigating the problem. From the code, it seems that it is due to the problem on reading element assuming "ds" namespace in Signature constructor, and I need more time test it and fix it. Regards, Bob Koon Mayne, Peter wrote: > I'm getting a signed message delivered to my Hermes. Hermes is > accepting the message and passing it through to my listener servlet, > which does > > EbxmlMessage msg = new EbxmlMessage(headers, req.getInputStream()); > > to recreate the message. However, at this point I'm getting the exception > > hk.hku.cecid.phoenix.message.packaging.validation.SOAPValidationException: > Client: <ds:SignedInfo> is not found in <ds:Signature>! > > at > hk.hku.cecid.phoenix.message.packaging.Signature.<init>(Unknown Source) > at > hk.hku.cecid.phoenix.message.packaging.PKISignatureImpl.<init>(Unknown > Source) > at > hk.hku.cecid.phoenix.message.packaging.Signature.newInstance(Unknown > Source) > at > hk.hku.cecid.phoenix.message.packaging.HeaderContainer.<init>(Unknown > Source) > at > hk.hku.cecid.phoenix.message.packaging.EbxmlMessage.<init>(Unknown > Source) > at > hk.hku.cecid.phoenix.message.packaging.EbxmlMessage.<init>(Unknown > Source) > at com.spherion.ap.in.Listener.doPost(Listener.java:284) > > The signature part of the message is: > > <dsig:Signature> > <dsig:SignedInfo> > <dsig:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:CanonicalizationMethod> > > <dsig:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMethod> > > <dsig:Reference URI=""> > <dsig:Transforms> > <dsig:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></dsig:Transform> > > <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> > <dsig:XPath>not > (ancestor-or-self::node()[@SOAP-ENV:actor="urn:oasis:names:tc:ebxml-msg:service:nextMSH"] > | > ancestor-or-self::node()[@SOAP-ENV:actor="http://schemas.xmlsoap.org/soap/actor/next"])</dsig:XPath> > > </dsig:Transform> > <dsig:Transform > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:Transform> > > </dsig:Transforms> > <dsig:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod> > <dsig:DigestValue>HygUBl6Mc++fHlZw7MrDnCMBXQg=</dsig:DigestValue> > </dsig:Reference> > <dsig:Reference > URI="cid:26819613.1064899362588.BusinessConnect@172.26.83.100"> > <dsig:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod> > <dsig:DigestValue>vABkj3oXJQW4KRGjezGuf5M25TQ=</dsig:DigestValue> > </dsig:Reference> > </dsig:SignedInfo> > <dsig:SignatureValue> > AivNERJ/IY+rahJH/nOiTZkhkNUI0WHVj/up7bEf4dPVPaPzZ42Ah19SH7ZpaWUAvuwZXCgMVQro > > V+huco+Yb9demjNRaQPdIuLObitQ0Gc0xGEPPu/QCRCoILDtyBKsMfYaEooniRjTEKxgH6/y8vh7 > > gqRf63oo1ShA38Eir7Q= > </dsig:SignatureValue> > </dsig:Signature> > > Note the "dsig:" namespace, rather than "ds:". I'm sure this was fixed > at one stage, but I can't remember if it was fixed generally in > Hermes, or I had to fix something in my own copy. > > How come this gets through the MSH, but it falls over when my listener > client attempts to rebuild the message? What do I have to do to make > it work? > > (Unsigned messages work perfectly, of course.) > > Thanks. > > PJDM > -- > Peter Mayne > Technology Consultant > Spherion Technology Solutions > Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 > T: 61 2 62689727 F: 61 2 62689777 > >The information contained in this email and any attachments to it: > >(a) may be confidential and if you are not the intended recipient, any interference with, >use, disclosure or copying of this material is unauthorised and prohibited; and > >(b) may contain personal information of the recipient and/or the sender as defined >under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to >collect, hold and use such information and any personal information contained in a >response to this email, for any reasonable purpose in the ordinary course of >Spherion's >business, including forwarding this email internally or disclosing it to a third party. All >personal information collected by Spherion will be handled in accordance with >Spherion's Privacy Policy. If you have received this email in error, please notify the >sender and delete it. > >(c) you agree not to employ or arrange employment for any candidate(s) supplied in >this email and any attachments without first entering into a contractual agreement with >Spherion. You further agree not to divulge any information contained in this document >to any person(s) or entities without the express permission of Spherion. > > > > |
