You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by XyLus <ma...@gmail.com> on 2009/09/04 14:31:57 UTC
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
I've done test with
http://people.apache.org/repo/m2-snapshot-repository/org/apache/servicemix/servicemix-cxf-bc/2009.02-SNAPSHOT/servicemix-cxf-bc-2009.02-20090417.052350-16-installer.zip
but the result is the same as always -
System.Web.Services.Protocols.SoapHeaderException:
Microsoft.Web.Services3.Security.SecurityFault: The signature or decryption
was invalid
Regards,
Maciej
Freeman Fang wrote:
>
> Hi,
>
> I believe the fix for SMXCOMP-618 can address this issue.
>
> [1]https://issues.apache.org/activemq/browse/SMXCOMP-618
>
> Freeman
> On 2009-8-19, at 下午3:52, XyLus wrote:
>
>>
>> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx
>> PeRCSPoC.jmx
>>
>> Regards,
>> Maciej
>>
>>
>> Freeman Fang wrote:
>>>
>>> Hi,
>>>
>>> How is your work flow in smx get invoked?
>>> I believe you use a standalone jms client sending message to jms
>>> consumer of smx, if you, could you also append this standalone jms
>>> client? So that I can test your case from my side.
>>> Thanks
>>> Freeman
>>> On 2009-8-14, at 下午10:52, XyLus wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> I've also created CXF server (please find in
>>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>>>> attachment ).
>>>> As long as I did not provide keystore with client certificate I was
>>>> getting
>>>> error:
>>>>
>>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>>>> path
>>>> verification failed for certificate with subject
>>>> CN=WSE2QuickStartClient;
>>>> nested exception is:
>>>> org.apache.ws.security.WSSecurityException: General security error
>>>> (Error
>>>> during certificate path validation: basic constraints check failed:
>>>> this is
>>>> not a CA certificate); nested exception is:
>>>> java.security.cert.CertPathValidatorException: basic constraints
>>>> check
>>>> failed: this is not a CA certificate
>>>> at
>>>> org.apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>>>> 1176)
>>>>
>>>> So I found working configuration for CXF client <-> CXF server
>>>> (however it
>>>> does not work as I expected - I thought that client's issuer
>>>> certificate
>>>> should be only available on server side)
>>>>
>>>> Anyway, problem I am trying to solve is connecting to .NET
>>>> webservice not
>>>> CXF...
>>>>
>>>> Regards,
>>>> Maciej
>>>>
>>>>
>>>>
>>>>
>>>> XyLus wrote:
>>>>>
>>>>> Hi Freeman
>>>>>
>>>>> Please find in attachment testcase bundle - it contains standalone
>>>>> cxf
>>>>> (wse-cxf-sign-client) application,
>>>>> smx test flow (smx-testcase) and sample .Net web service code
>>>>> (.NET) I am
>>>>> trying to connect.
>>>>>
>>>>> Speaking of cxf server, I have not tried it yet since my goal is to
>>>>> work
>>>>> out working configuration for smx client <-> .NET web service.
>>>>> However I
>>>>> will try this as well and send result.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> Maciej
>>>>>
>>>>> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>>>> testcase-bundle.zip
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Freeman Fang wrote:
>>>>>>
>>>>>> Hi,
>>>>>> Could you please append your testcase, both the working standalone
>>>>>> cxf
>>>>>> client and the problem smx one?
>>>>>> If possible, also a standalone server what we can test against to
>>>>>> reproduce the error, I understand you are using .NET server on
>>>>>> windows, but if you can provide a cxf server to simulate the error
>>>>>> it
>>>>>> would be great.
>>>>>> Thanks
>>>>>> Freeman
>>>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>>>
>>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>>>> 3.0 on
>>>>>>> board) that requires signed
>>>>>>> request. I 've played with CXF framework and now I have solution
>>>>>>> that works
>>>>>>> just fine ( I get successful response from web service)
>>>>>>>
>>>>>>> When I use cxf bc provider with the same configuration I end up
>>>>>>> with
>>>>>>> 'The
>>>>>>> signature or decryption was invalid' error.
>>>>>>>
>>>>>>> I attach smx and cxf logs and requests produced by CXF standalone
>>>>>>> application and SMX flow.
>>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>>>
>>>>>>> When you compare them they look ALMOST the same what makes me
>>>>>>> confused.
>>>>>>> (digest value and signature value are different and one
>>>>>>> additional
>>>>>>> namespace
>>>>>>> is avaialbe in smx request
>>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>>>
>>>>>>> So I turned on debug mode and tried to find root cause of
>>>>>>> differences.
>>>>>>> However I can't see any meaningful information in logs . On top
>>>>>>> of
>>>>>>> that I
>>>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>>>
>>>>>>> Any help appreciated.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Maciej
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>>> Nabble.com.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Freeman Fang
>>>>>> ------------------------
>>>>>> Open Source SOA: http://fusesource.com
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>> --
>>> Freeman Fang
>>> ------------------------
>>> Open Source SOA: http://fusesource.com
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25293515.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
Posted by XyLus <ma...@gmail.com>.
Hi,
Signing works with given version
(http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/
) !
In addition to signing I tried out signing & encryption - that scenario was
a bit more difficult to get it working - my cxf configuration was correct
but I had to use old version of smx 3.3.0.2 so I received error
java.lang.NoSuchMethodError:
org.apache.ws.security.WSSecurityEngineResult.get(
Ljava/lang/Object;)Ljava/lang/Object;
I hacked it by replacing existing servicemix-shared with
servicemix-shared-3.3.1.18-fuse-installer.zip that contains wss4j-1.5.5.jar.
Next error I got was:
java.lang.NoSuchMethodError:
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkReceiverResultsAnyOrder(Ljava/util/Vector;Ljava/util/Vector;)Z
what was resolved by setting "ignoreActions" to value="true" in
WSS4JInInterceptor. (maybe if I took another servicemix-shared with newer
wss4j it won't be necessary).
Well, obviously I know it's one huge workaround - but my goal is just to
check servicemix-cxf and .NET web service interoperability when signing and
encryption/decryption are required. Current solution is a good starting
point for sure.
Thank you all for your help (especially I appreciate Freeman hints) !
Regards,
Maciej
Freeman Fang wrote:
>
> Hi,
>
> This issue get fixed by SMXCOMP-618 on Aug 21, but the snapshot you
> test is published on April, so that snapshot won't pick up the fix.
>
> You need check out code from
> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
> and build the snapshot yourself now.
> follow the step
> 1. svn co
> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
> 2. mvn install
>
>
> Another option is you can test against the fuse snapshot, you can
> download it from [1], copy it to your SMX_HOME/hotdeploy folder to
> override the old one
>
> [1]http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/
>
> Freeman
>
> On 2009-9-4, at 下午8:31, XyLus wrote:
>
>>
>> I've done test with
>> http://people.apache.org/repo/m2-snapshot-repository/org/apache/servicemix/servicemix-cxf-bc/2009.02-SNAPSHOT/servicemix-cxf-bc-2009.02-20090417.052350-16-installer.zip
>>
>> but the result is the same as always -
>> System.Web.Services.Protocols.SoapHeaderException:
>> Microsoft.Web.Services3.Security.SecurityFault: The signature or
>> decryption
>> was invalid
>>
>>
>> Regards,
>> Maciej
>>
>>
>>
>> Freeman Fang wrote:
>>>
>>> Hi,
>>>
>>> I believe the fix for SMXCOMP-618 can address this issue.
>>>
>>> [1]https://issues.apache.org/activemq/browse/SMXCOMP-618
>>>
>>> Freeman
>>> On 2009-8-19, at 下午3:52, XyLus wrote:
>>>
>>>>
>>>> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx
>>>> PeRCSPoC.jmx
>>>>
>>>> Regards,
>>>> Maciej
>>>>
>>>>
>>>> Freeman Fang wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> How is your work flow in smx get invoked?
>>>>> I believe you use a standalone jms client sending message to jms
>>>>> consumer of smx, if you, could you also append this standalone jms
>>>>> client? So that I can test your case from my side.
>>>>> Thanks
>>>>> Freeman
>>>>> On 2009-8-14, at 下午10:52, XyLus wrote:
>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I've also created CXF server (please find in
>>>>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>>>>>> attachment ).
>>>>>> As long as I did not provide keystore with client certificate I
>>>>>> was
>>>>>> getting
>>>>>> error:
>>>>>>
>>>>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>>>>>> path
>>>>>> verification failed for certificate with subject
>>>>>> CN=WSE2QuickStartClient;
>>>>>> nested exception is:
>>>>>> org.apache.ws.security.WSSecurityException: General security
>>>>>> error
>>>>>> (Error
>>>>>> during certificate path validation: basic constraints check
>>>>>> failed:
>>>>>> this is
>>>>>> not a CA certificate); nested exception is:
>>>>>> java.security.cert.CertPathValidatorException: basic constraints
>>>>>> check
>>>>>> failed: this is not a CA certificate
>>>>>> at
>>>>>> org
>>>>>> .apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>>>>>> 1176)
>>>>>>
>>>>>> So I found working configuration for CXF client <-> CXF server
>>>>>> (however it
>>>>>> does not work as I expected - I thought that client's issuer
>>>>>> certificate
>>>>>> should be only available on server side)
>>>>>>
>>>>>> Anyway, problem I am trying to solve is connecting to .NET
>>>>>> webservice not
>>>>>> CXF...
>>>>>>
>>>>>> Regards,
>>>>>> Maciej
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> XyLus wrote:
>>>>>>>
>>>>>>> Hi Freeman
>>>>>>>
>>>>>>> Please find in attachment testcase bundle - it contains
>>>>>>> standalone
>>>>>>> cxf
>>>>>>> (wse-cxf-sign-client) application,
>>>>>>> smx test flow (smx-testcase) and sample .Net web service code
>>>>>>> (.NET) I am
>>>>>>> trying to connect.
>>>>>>>
>>>>>>> Speaking of cxf server, I have not tried it yet since my goal
>>>>>>> is to
>>>>>>> work
>>>>>>> out working configuration for smx client <-> .NET web service.
>>>>>>> However I
>>>>>>> will try this as well and send result.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Maciej
>>>>>>>
>>>>>>> Attachment:
>>>>>>> http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>>>>>> testcase-bundle.zip
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Freeman Fang wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>> Could you please append your testcase, both the working
>>>>>>>> standalone
>>>>>>>> cxf
>>>>>>>> client and the problem smx one?
>>>>>>>> If possible, also a standalone server what we can test against
>>>>>>>> to
>>>>>>>> reproduce the error, I understand you are using .NET server on
>>>>>>>> windows, but if you can provide a cxf server to simulate the
>>>>>>>> error
>>>>>>>> it
>>>>>>>> would be great.
>>>>>>>> Thanks
>>>>>>>> Freeman
>>>>>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>>>>>> 3.0 on
>>>>>>>>> board) that requires signed
>>>>>>>>> request. I 've played with CXF framework and now I have
>>>>>>>>> solution
>>>>>>>>> that works
>>>>>>>>> just fine ( I get successful response from web service)
>>>>>>>>>
>>>>>>>>> When I use cxf bc provider with the same configuration I end up
>>>>>>>>> with
>>>>>>>>> 'The
>>>>>>>>> signature or decryption was invalid' error.
>>>>>>>>>
>>>>>>>>> I attach smx and cxf logs and requests produced by CXF
>>>>>>>>> standalone
>>>>>>>>> application and SMX flow.
>>>>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>>>>>
>>>>>>>>> When you compare them they look ALMOST the same what makes me
>>>>>>>>> confused.
>>>>>>>>> (digest value and signature value are different and one
>>>>>>>>> additional
>>>>>>>>> namespace
>>>>>>>>> is avaialbe in smx request
>>>>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>>>>>
>>>>>>>>> So I turned on debug mode and tried to find root cause of
>>>>>>>>> differences.
>>>>>>>>> However I can't see any meaningful information in logs . On top
>>>>>>>>> of
>>>>>>>>> that I
>>>>>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>>>>>
>>>>>>>>> Any help appreciated.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Maciej
>>>>>>>>> --
>>>>>>>>> View this message in context:
>>>>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>>>>> Nabble.com.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Freeman Fang
>>>>>>>> ------------------------
>>>>>>>> Open Source SOA: http://fusesource.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>> Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Freeman Fang
>>>>> ------------------------
>>>>> Open Source SOA: http://fusesource.com
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
>>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>> --
>>> Freeman Fang
>>> ------------------------
>>> Open Source SOA: http://fusesource.com
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25293515.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25311700.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The signature or decryption was invalid
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
This issue get fixed by SMXCOMP-618 on Aug 21, but the snapshot you
test is published on April, so that snapshot won't pick up the fix.
You need check out code from https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
and build the snapshot yourself now.
follow the step
1. svn co https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
2. mvn install
Another option is you can test against the fuse snapshot, you can
download it from [1], copy it to your SMX_HOME/hotdeploy folder to
override the old one
[1]http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/
Freeman
On 2009-9-4, at 下午8:31, XyLus wrote:
>
> I've done test with
> http://people.apache.org/repo/m2-snapshot-repository/org/apache/servicemix/servicemix-cxf-bc/2009.02-SNAPSHOT/servicemix-cxf-bc-2009.02-20090417.052350-16-installer.zip
>
> but the result is the same as always -
> System.Web.Services.Protocols.SoapHeaderException:
> Microsoft.Web.Services3.Security.SecurityFault: The signature or
> decryption
> was invalid
>
>
> Regards,
> Maciej
>
>
>
> Freeman Fang wrote:
>>
>> Hi,
>>
>> I believe the fix for SMXCOMP-618 can address this issue.
>>
>> [1]https://issues.apache.org/activemq/browse/SMXCOMP-618
>>
>> Freeman
>> On 2009-8-19, at 下午3:52, XyLus wrote:
>>
>>>
>>> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx
>>> PeRCSPoC.jmx
>>>
>>> Regards,
>>> Maciej
>>>
>>>
>>> Freeman Fang wrote:
>>>>
>>>> Hi,
>>>>
>>>> How is your work flow in smx get invoked?
>>>> I believe you use a standalone jms client sending message to jms
>>>> consumer of smx, if you, could you also append this standalone jms
>>>> client? So that I can test your case from my side.
>>>> Thanks
>>>> Freeman
>>>> On 2009-8-14, at 下午10:52, XyLus wrote:
>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> I've also created CXF server (please find in
>>>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>>>>> attachment ).
>>>>> As long as I did not provide keystore with client certificate I
>>>>> was
>>>>> getting
>>>>> error:
>>>>>
>>>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>>>>> path
>>>>> verification failed for certificate with subject
>>>>> CN=WSE2QuickStartClient;
>>>>> nested exception is:
>>>>> org.apache.ws.security.WSSecurityException: General security
>>>>> error
>>>>> (Error
>>>>> during certificate path validation: basic constraints check
>>>>> failed:
>>>>> this is
>>>>> not a CA certificate); nested exception is:
>>>>> java.security.cert.CertPathValidatorException: basic constraints
>>>>> check
>>>>> failed: this is not a CA certificate
>>>>> at
>>>>> org
>>>>> .apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>>>>> 1176)
>>>>>
>>>>> So I found working configuration for CXF client <-> CXF server
>>>>> (however it
>>>>> does not work as I expected - I thought that client's issuer
>>>>> certificate
>>>>> should be only available on server side)
>>>>>
>>>>> Anyway, problem I am trying to solve is connecting to .NET
>>>>> webservice not
>>>>> CXF...
>>>>>
>>>>> Regards,
>>>>> Maciej
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> XyLus wrote:
>>>>>>
>>>>>> Hi Freeman
>>>>>>
>>>>>> Please find in attachment testcase bundle - it contains
>>>>>> standalone
>>>>>> cxf
>>>>>> (wse-cxf-sign-client) application,
>>>>>> smx test flow (smx-testcase) and sample .Net web service code
>>>>>> (.NET) I am
>>>>>> trying to connect.
>>>>>>
>>>>>> Speaking of cxf server, I have not tried it yet since my goal
>>>>>> is to
>>>>>> work
>>>>>> out working configuration for smx client <-> .NET web service.
>>>>>> However I
>>>>>> will try this as well and send result.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Maciej
>>>>>>
>>>>>> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>>>>> testcase-bundle.zip
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Freeman Fang wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>> Could you please append your testcase, both the working
>>>>>>> standalone
>>>>>>> cxf
>>>>>>> client and the problem smx one?
>>>>>>> If possible, also a standalone server what we can test against
>>>>>>> to
>>>>>>> reproduce the error, I understand you are using .NET server on
>>>>>>> windows, but if you can provide a cxf server to simulate the
>>>>>>> error
>>>>>>> it
>>>>>>> would be great.
>>>>>>> Thanks
>>>>>>> Freeman
>>>>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>>>>> 3.0 on
>>>>>>>> board) that requires signed
>>>>>>>> request. I 've played with CXF framework and now I have
>>>>>>>> solution
>>>>>>>> that works
>>>>>>>> just fine ( I get successful response from web service)
>>>>>>>>
>>>>>>>> When I use cxf bc provider with the same configuration I end up
>>>>>>>> with
>>>>>>>> 'The
>>>>>>>> signature or decryption was invalid' error.
>>>>>>>>
>>>>>>>> I attach smx and cxf logs and requests produced by CXF
>>>>>>>> standalone
>>>>>>>> application and SMX flow.
>>>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>>>>
>>>>>>>> When you compare them they look ALMOST the same what makes me
>>>>>>>> confused.
>>>>>>>> (digest value and signature value are different and one
>>>>>>>> additional
>>>>>>>> namespace
>>>>>>>> is avaialbe in smx request
>>>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>>>>
>>>>>>>> So I turned on debug mode and tried to find root cause of
>>>>>>>> differences.
>>>>>>>> However I can't see any meaningful information in logs . On top
>>>>>>>> of
>>>>>>>> that I
>>>>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>>>>
>>>>>>>> Any help appreciated.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Maciej
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>>>> Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Freeman Fang
>>>>>>> ------------------------
>>>>>>> Open Source SOA: http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>> Nabble.com.
>>>>>
>>>>
>>>>
>>>> --
>>>> Freeman Fang
>>>> ------------------------
>>>> Open Source SOA: http://fusesource.com
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>
>>
>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25293515.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com