Hi, I am using WSS4J with Axis2, using WSS4J just for signing and verification of signing.
I am able to sign SOAP message successfully, the problem is with verification of the signature at the service. When I send a SOAP message from client it looks something similar to below: <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance";> <soapenv:Header> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd "> <wsse:UsernameToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken-24737685"> <wsse:Username>wernerd</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest ">RzdB4Ur1SBLWCfdRlUeM8jhyIRw=</wsse:Password> <wsse:Nonce>aaMV3pWSVnzq+hutuYaVfA==</wsse:Nonce> <wsu:Created>2007-11-23T18:36:33.437Z</wsu:Created> </wsse:UsernameToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-6427893"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id-31116492"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>mb2J2O4njheowdiX2qm4hR+Dxms=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> niLp9WWgpctet396SfSuwOg8x2M8P+ZX/e0wM7rUrvhRqMB/kAw+5LFhJ6Wjya9x5aSyPOTKMFxp fin7CTljKA== </ds:SignatureValue> <ds:KeyInfo Id="KeyId-5076660"> <wsse:SecurityTokenReference xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-26598747"> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>CN=dims</ds:X509IssuerName> <ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-31116492"> <ac:PostRq xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0"; xmlns:wsa=" http://www.w3.org/2005/08/addressing"; xmlns=" http://www.ACORD.org/Standards/AcordMsgSvc/Inbox"; xsi:schemaLocation=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0AcordMsgSvc_v-1-4-0.xsd";> <ac:Sender> <ac:PartyId>urn:duns:123456789</ac:PartyId> <ac:PartyRoleCd>xyz.com</ac:PartyRoleCd> <ac:PartyName>Company Common Name</ac:PartyName> </ac:Sender> <ac:Receiver> <ac:PartyId>urn:duns:123456789</ac:PartyId> <ac:PartyRoleCd>Broker</ac:PartyRoleCd> <ac:PartyName>Company Common Name</ac:PartyName> </ac:Receiver> <ac:Application> <ac:ApplicationCd>Jv-Ins-Reinsurance</ac:ApplicationCd> <ac:SchemaVersion> http://www.ACORD.org/Standards/Jv-Ins-Reinsurance/2003-1</ac:SchemaVersion> </ac:Application> <ac:TimeStamp>2003-01-18T13:10:00-05:00</ac:TimeStamp> <wsa:EndpointReference> <wsa:Address>urn:xyz.com:department:abc</wsa:Address> </wsa:EndpointReference> <wsa:EndpointReference> <wsa:Address>mailto:[EMAIL PROTECTED]</wsa:Address> </wsa:EndpointReference> </ac:PostRq> </soapenv:Body> </soapenv:Envelope> But when I try to print the message at the service is as below: <?xml version="1.0" encoding="utf-8"?> <soapenv:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:soapenv=" http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ "> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd "> <wsse:UsernameToken xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken-24737685"> <wsse:Username xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ">wernerd</wsse:Username> <wsse:Password xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest ">RzdB4Ur1SBLWCfdRlUeM8jhyIRw=</wsse:Password> <wsse:Nonce xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd ">aaMV3pWSVnzq+hutuYaVfA==</wsse:Nonce> <wsu:Created xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd ">2007-11-23T18:36:33.437Z</wsu:Created> </wsse:UsernameToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-6427893"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig# "> <ds:CanonicalizationMethod xmlns:ds=" http://www.w3.org/2000/09/xmldsig#"; Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod xmlns:ds=" http://www.w3.org/2000/09/xmldsig#"; Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference xmlns:ds=" http://www.w3.org/2000/09/xmldsig#"; URI="#id-31116492"> <ds:Transforms xmlns:ds=" http://www.w3.org/2000/09/xmldsig#";> <ds:Transform xmlns:ds=" http://www.w3.org/2000/09/xmldsig#"; Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod xmlns:ds=" http://www.w3.org/2000/09/xmldsig#"; Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue xmlns:ds=" http://www.w3.org/2000/09/xmldsig# ">mb2J2O4njheowdiX2qm4hR+Dxms=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds=" http://www.w3.org/2000/09/xmldsig#";> niLp9WWgpctet396SfSuwOg8x2M8P+ZX/e0wM7rUrvhRqMB/kAw+5LFhJ6Wjya9x5aSyPOTKMFxp fin7CTljKA== </ds:SignatureValue> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="KeyId-5076660"> <wsse:SecurityTokenReference xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-26598747"> <ds:X509Data xmlns:ds=" http://www.w3.org/2000/09/xmldsig#";> <ds:X509IssuerSerial xmlns:ds=" http://www.w3.org/2000/09/xmldsig#";> <ds:X509IssuerName xmlns:ds=" http://www.w3.org/2000/09/xmldsig#";>CN=dims</ds:X509IssuerName> <ds:X509SerialNumber xmlns:ds=" http://www.w3.org/2000/09/xmldsig# ">44369778256217224370984914847992022613</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </soapenv:Header> <soapenv:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; wsu:Id="id-31116492"> <ac:PostRq xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:ac="http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0"; xmlns=" http://www.ACORD.org/Standards/AcordMsgSvc/Inbox"; xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0AcordMsgSvc_v-1-4-0.xsd";> <ac:Sender xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";> <ac:PartyId xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0 ">urn:duns:123456789</ac:PartyId> <ac:PartyRoleCd xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";>eReinsure.com, Inc.</ac:PartyRoleCd> <ac:PartyName xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";>Company Common Name</ac:PartyName> </ac:Sender> <ac:Receiver xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";> <ac:PartyId xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0 ">urn:duns:123456789</ac:PartyId> <ac:PartyRoleCd xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";>Broker</ac:PartyRoleCd> <ac:PartyName xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";>Company Common Name</ac:PartyName> </ac:Receiver> <ac:Application xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";> <ac:ApplicationCd xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0 ">Jv-Ins-Reinsurance</ac:ApplicationCd> <ac:SchemaVersion xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0";> http://www.ACORD.org/Standards/Jv-Ins-Reinsurance/2003-1</ac:SchemaVersion> </ac:Application> <ac:TimeStamp xmlns:ac=" http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0 ">2003-01-18T13:10:00-05:00</ac:TimeStamp> <wsa:EndpointReference xmlns:wsa=" http://www.w3.org/2005/08/addressing";> <wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing ">urn:xyz.com:department:abc</wsa:Address> </wsa:EndpointReference> <wsa:EndpointReference xmlns:wsa=" http://www.w3.org/2005/08/addressing";> <wsa:Address xmlns:wsa="http://www.w3.org/2005/08/addressing ">mailto:[EMAIL PROTECTED]</wsa:Address> </wsa:EndpointReference> </ac:PostRq> </soapenv:Body> </soapenv:Envelope> If you observer closely Axis2 adds namespaces to each element in the soap message, this is what causing for signature check failure. Can anyone suggest me how to go ahead or some way to remove the namespaces from each element. Help in this regards is appreciated. Thanks, Raghu
