You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Mark Badorrek <mb...@avoga.com.au> on 2006/08/09 05:05:15 UTC
The signature verification failed
Dear all,
I've successfully used Signature/Encryption with WWS4j with self-signed certificates from the client and server, using certificates exchanged between the two keystores.
I've tried to be a little more realistic and defined my own CA ,using OpenSSL to create a caKey and caCertificate. (I converted the caCertificate to a DER format)
I've used the java keytool to create :
a server keystore and key
a client keystore and key.
I then created a 'certificate signing requests' for both the server and client private keys.
I then signed these CSRs with my OpenSSL CA, and converted them to DER format.
I then:
returned the caCertificate (DER format) to both the client and server keystores.
returned the signed client certificate to the client keystore, and the signed server certificate to the server keystore.
I then added the server certificate to the client keystore (I believe that this is the correct thing to do??).
Thus:
Server keystore
serverKey
caCertificate
serverCertificate (signed by ca)
Client keystore
clientKey
caCertificate
clientCertificate (signed by ca)
serverCertificate (signed by ca)
Question 1: Is this generally the correct way to do things?
Question 2: The server fails with "The signature verification failed".
I'm using Java 1.5, Tomcat 5.0.30, Axis 1.4 and the current release of WSS4J.
Can anyone assist with this? If the above looks OK I'll send more detailed info.
Many thanks in advance,
Mark B
Server stacktrace follows:
org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:248)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:269)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:191)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:595)