You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-user@axis.apache.org by "Chen, Min" <Mi...@bmc.com> on 2009/12/18 18:46:04 UTC
Signature verification failure when signing the body in Rampart/C
(but not in Rampart/Java)
Hi there,
I am trying to write a C client using Axis2/C (1.6.0) and Rampart/C (1.3.0) to consume a simple secured Echo web service. This web service has a security policy applied that requires that the content of the body be signed. The web service is written using Axis2/Java and secured using Rampart/Java. The C client stub is automatically generated using WSDL2C.bat, and a policy file is applied in the test code. While running this C client, I ran into a problem "The signature or decryption was invalid", from tcpmon, I can see that a secured SOAP message is sent out but response has the detailed exception trace as follows:
org.apache.axis2.AxisFault: The signature or decryption was invalid org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166 org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
 at org.apache.axis2.engine.Phase.invoke(Phase.java:318 org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
 at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160 org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167 org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266 org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281 org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187 org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82 java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675
java.lang.Thread.run(Thread.java:595
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:419 org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85 org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311 org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228
org.apache.rampart.RampartEngine.process(RampartEngine.java:146 org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 11 more
To make sure that my service is written properly, I also wrote a Java client (using wsdl2java to automatically generate stub from the same wsdl file) using Axis2/Java (1.5.1) and Rampart/Java (1.4) to consume it, with a similar policy file used in C client and same security keys stored in JKS keystore, and it works fine. This makes me wonder if this is a known bug in Rampart/C or Axis2/C?
Here attached related files for investigating this issue. Any help from Axis2-C developers or users will be greatly appreciated.
1. policy.xml: security policy file used in C client
2. services.xml: web service xml file
3. Echo.c : C client code
4. Keys.zip: containing all the security keys used in this exercise. server.jks contains keys for both client and server (alias are "client" and "server" respectively). Both keystore and key password are "testing", and client and server PEM files are generated from server.jks by following steps in http://www.swview.org/node/191).
5. Echo.wsdl: wsdl used to generate code for client stub.
6. echo.log: detailed Axis2 log from running Echo client
7. reqsoap.xml: SOAP request sent from Echo c client
Thanks.
-min
RE: Signature verification failure when signing the body in
Rampart/C (but not in Rampart/Java)
Posted by "Chen, Min" <Mi...@bmc.com>.
Did anybody have a chance to look into this issue? I am totally stuck here, and any help would be greatly appreciated. Thanks.
-min
From: Chen, Min [mailto:Min_Chen@bmc.com]
Sent: Friday, December 18, 2009 9:46 AM
To: axis-c-user@ws.apache.org
Subject: Signature verification failure when signing the body in Rampart/C (but not in Rampart/Java)
Hi there,
I am trying to write a C client using Axis2/C (1.6.0) and Rampart/C (1.3.0) to consume a simple secured Echo web service. This web service has a security policy applied that requires that the content of the body be signed. The web service is written using Axis2/Java and secured using Rampart/Java. The C client stub is automatically generated using WSDL2C.bat, and a policy file is applied in the test code. While running this C client, I ran into a problem "The signature or decryption was invalid", from tcpmon, I can see that a secured SOAP message is sent out but response has the detailed exception trace as follows:
org.apache.axis2.AxisFault: The signature or decryption was invalid org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166 org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
 at org.apache.axis2.engine.Phase.invoke(Phase.java:318 org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:251)
 at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:160 org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167 org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:266 org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281 org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187 org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82 java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675
java.lang.Thread.run(Thread.java:595
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:419 org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85 org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311 org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228
org.apache.rampart.RampartEngine.process(RampartEngine.java:146 org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 11 more
To make sure that my service is written properly, I also wrote a Java client (using wsdl2java to automatically generate stub from the same wsdl file) using Axis2/Java (1.5.1) and Rampart/Java (1.4) to consume it, with a similar policy file used in C client and same security keys stored in JKS keystore, and it works fine. This makes me wonder if this is a known bug in Rampart/C or Axis2/C?
Here attached related files for investigating this issue. Any help from Axis2-C developers or users will be greatly appreciated.
1. policy.xml: security policy file used in C client
2. services.xml: web service xml file
3. Echo.c : C client code
4. Keys.zip: containing all the security keys used in this exercise. server.jks contains keys for both client and server (alias are "client" and "server" respectively). Both keystore and key password are "testing", and client and server PEM files are generated from server.jks by following steps in http://www.swview.org/node/191).
5. Echo.wsdl: wsdl used to generate code for client stub.
6. echo.log: detailed Axis2 log from running Echo client
7. reqsoap.xml: SOAP request sent from Echo c client
Thanks.
-min