You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Jens Granseuer (JIRA)" <ji...@apache.org> on 2011/03/23 14:37:06 UTC
[jira] [Updated] (CXF-3414) Signature verification fails with
custom SOAP header
[ https://issues.apache.org/jira/browse/CXF-3414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jens Granseuer updated CXF-3414:
--------------------------------
Attachment: signature-handler.zip
simple maven test project
> Signature verification fails with custom SOAP header
> ----------------------------------------------------
>
> Key: CXF-3414
> URL: https://issues.apache.org/jira/browse/CXF-3414
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.3.2
> Reporter: Jens Granseuer
> Attachments: signature-handler.zip
>
>
> When a client sends a signed message body, and also includes a custom SOAP header in the message, signature verification fails at the receiving end.
> {quote}
> 2011-03-23 14:33:41,159 DEBUG | verify 1 References | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | I am not requested to follow nested Manifests | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Reference", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transforms", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Request for URI http://www.w3.org/2000/09/xmldsig#sha1 | algorithms.JCEMapper
> 2011-03-23 14:33:41,159 DEBUG | I was asked to create a ResourceResolver and got 1 | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | extra resolvers to my existing 4 system-wide resolvers | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | enter engineResolve, look for: #id-2 | message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | exit engineResolve, result: XMLSignatureInput/Element/[soap:Body: null] exclude null comments:false/null | message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transform", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Pre-digested input: | utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 DEBUG | <soap:Body xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2"><greetMe xmlns="http://apache.org/hello_world_soap_http/types"><requestType>Master</requestType></greetMe><greetMe xmlns="http://apache.org/hello_world_soap_http/types"><requestType>Master</requestType></greetMe></soap:Body> | utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 WARN | Verification failed for URI "#id-2" | signature.Reference
> 2011-03-23 14:33:41,159 WARN | Expected Digest: yFxDQhgODwm09BOOEJwzrMzvfO4= | signature.Reference
> 2011-03-23 14:33:41,159 WARN | Actual Digest: l9AeEEtC5yLW+5gbX/vJunbkhrU= | signature.Reference
> {quote}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira