You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Brian Nielsen <br...@sweetxml.org> on 2005/06/29 14:30:10 UTC
Problem checking signatures
My scenario is signature/ecrypt request/response from wss4j to WSE2.0SP3.
The request sign/encrypt goes fine, and for the reponse the decryption is
also okay, but the signature fails. The strange thing is that i get the
following on the console:
Verification successful for URI "#Id-e1f13ac7-1af6-4f79-a76c-2489d05e3816"
I can see that this message comes from the call to
"sig.checkSignatureValue(certs[0]);" in WSSecurityEngine and that the return
value is "false". [1] is a pretty print of the reponse, that I've confined
to just signing to focus on the problem.
Has anyone got an idea of what's happening and a solution? I know that there
could be more information nessesary, so please write back if you've got any
clues.
Best regards
Brian Nielsen
[1]
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
<wsa:Action>http://www.oio.dk/arkitektur/webservice/security/atedResponse</w
sa:Action>
<wsa:MessageID>uuid:d7a59b71-f5c8-4789-b9a9-5e27b08dbdad</wsa:MessageID>
<wsa:RelatesTo>uuid:3de201e3-1b79-48c7-b195-0207ea3bad58</wsa:RelatesTo>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa
:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-8ba94dc8-5688-4fb9-9d05-31ccb1ec9f94">
<wsu:Created>2005-06-29T11:31:55Z</wsu:Created>
<wsu:Expires>2005-06-29T11:36:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-0170d0e7-53ad-4bf4-8176-5598acd0a7ae">MIIELzCCAxegAwIB
AgIKG07I7gAAAAAAAjANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtYbWx0b29scyBDQTAeFw0w
NDA4MTUxMzAxMDRaFw0wNTA4MTUxMzExMDRaMHYxCzAJBgNVBAYTAkRLMRUwEwYDVQQHEwxDb3Bl
bmhhZ2VuIEsxJzAlBgNVBAoTHk5hdGlvbmFsIElUIGFuZCBUZWxlY29tIEFnZW5jeTENMAsGA1UE
CxMETklUQTEYMBYGA1UEAxMPeG1sdG9vbHMub2lvLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQCqypgPb9QasSHVapTIO5tKj9B1QyQBJqDLzCq8+j1yipiG+bOUUsj4xWCtbJq2fkw/
iQKBgQCqypgPb9QasSHVapTIO5tKj9B1QyQBJqDLzCq8+j1yipiG+tOgt
Cb25W0Qkd7nq8IfLcYplYlrIeniZY03nyvm2S5dXiwDC0hMME+NqDhv9JRkmKnHo5UjOVoyv
Cb25W0Qkd7nq8IfLcYplYlrIeniZY03nyvm2S5dXiwDC0hMME+DgLb
bDSVQM2WK/zQLhXjxfn/yYsHDwIDAQABo4IBoTCCAZ0wDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3
DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG
9w0DBzATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUK955SSfcZEG27EfKy76R64hB4Jcw
HwYDVR0jBBgwFoAUI9iI5DYhchM3V6IfXb3cq8DiJZYwZQYDVR0fBF4wXDBaoFigVoYpaHR0cDov
L2l0czI2L0NlcnRFbnJvbGwvWG1sdG9vbHMlMjBDQS5jcmyGKWZpbGU6Ly9cXGl0czI2XENlcnRF
bnJvbGxcWG1sdG9vbHMgQ0EuY3JsMIGIBggrBgEFBQcBAQR8MHowOwYIKwYBBQUHMAKGL2h0dHA6
Ly9pdHMyNi9DZXJ0RW5yb2xsL2l0czI2X1htbHRvb2xzJTIwQ0EuY3J0MDsGCCsGAQUFBzAChi9m
aWxlOi8vXFxpdHMyNlxDZXJ0RW5yb2xsXGl0czI2X1htbHRvb2xzIENBLmNydDANBgkqhkiG9w0B
AQUFAAOCAQEAkSKwxWUsGnkLe+ogRfFBoGwVvTSpJKR41Qjri5e0LKndG7BrU82ZmAsWreUa
AQUFAAOCAQEAkSKwxWUsGnkLe+PbVp
WrlrsRwoPHuwXrtm0LHRLrjKLSzkW9fxjMoKJejlKGwwNJHYi2XzumTtt7DSSwVfR6zgJrY27xKj
1gs8Qm2GefZW0xIWefNZ82l0f86gaHogVVSF05v3QL5X6tnAphS0EI5PFWG+ss6ajvdcRCW0
1gs8Qm2GefZW0xIWefNZ82l0f86gaHogVVSF05v3QL5X6tnAphS0EI5PFWG+k13L
H9DCF5mweaHIQ5pjxCfdbMieFiDR0RF5wXPAJIAjkIkPPYF6Rewf7XPI+kDDK6/Y+8UqfLTc
H9DCF5mweaHIQ5pjxCfdbMieFiDR0RF5wXPAJIAjkIkPPYF6Rewf7XPI+gJiG
QUWuUq1JUAd/qCcdOujsefNAG0Uraj//2azQrtjA1sXx2V6tMw==</wsse:BinarySecurityTok
en>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-4130cb51-eb27-4f46-aa92-c7db3e906e4c">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>iDgY5vodA7dsKqrWWXJT0ynFJzI=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>TQ1okwAi9CQS5vNCSxR2p2vaRKjbYF2YYx3XtOA/lhm9ykwxCQpNlOwio4U0
eE3ko1IwRmG8/ATqkTEZ8AKQVsg6w3xRqTcKjs2jQPj3Q8epOsXeie6OEuYeD1wSbsPYoaP0jBAC
Wbdd1TR2OMiqjEENvIPGAw9jaTz0Ldp4uSU=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-0170d0e7-53ad-4bf4-8176-5598acd0a7ae"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-4130cb51-eb27-4f46-aa92-c7db3e906e4c">
<PersonalCPRDataStructure
xmlns="http://rep.oio.dk/xkom.dk/xml/schemas/2004/08/01/">
<PersonName>
<PersonGivenName
xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/">Fornavn</Person
GivenName>
<PersonMiddleName
xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/">Mellemnavn</Per
sonMiddleName>
<PersonSurnameName
xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/">Efternavn</Pers
onSurnameName>
</PersonName>
</PersonalCPRDataStructure>
</soap:Body>
</soap:Envelope>