You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2008/05/20 08:51:30 UTC

DO NOT REPLY [Bug 43685] Problem verifying signatures generated by BEA Aqualogic

https://issues.apache.org/bugzilla/show_bug.cgi?id=43685


René Nielsen <re...@hjortskov.dk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rene@hjortskov.dk




--- Comment #11 from René Nielsen <re...@hjortskov.dk>  2008-05-19 23:51:29 PST ---
I too have the BEA Aqualogic / WSS4J issue as Kim reported back in December
2007. 

Maybe I can help this bugreport with some digests. FYI, the same BEA client is
used and thus it is the signed server response where I'm getting this error.

The original digest which is working and is output by the BEA serverside has
this body reference element:
"
<dsig:Reference URI="#Body_ZPjVfxxAijn8HTWs">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
  <exc14n:InclusiveNamespaces
xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" /> 
  </dsig:Transform>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
  <dsig:DigestValue>rU1baQUuqrcsdOmBAVzsCDJn7wE=</dsig:DigestValue> 
  </dsig:Reference>
"

WSS4J yields the following response Body reference on the same request and
content:
"
<ds:Reference URI="#id-18980564">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>uXlkH/DReGo0XPrkX2ukFrg6jN0=</ds:DigestValue>
</ds:Reference>
"

The SOAP Body in both references above is this test sample:
"
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-18980564">
  <m:getMeOperationResponse xmlns:m="http://skat.dk">
    <m:return>
      <java:Me
xmlns:java="java:dk.skat.ip.test.fkt23.komponent.b2B.service">-1</java:Me>
    </m:return>
  </m:getMeOperationResponse>
</soapenv:Body>
"

The reported error from the requesting BEA client, when the server side used
WSS4J, is:
"
     [java] java.rmi.RemoteException:
weblogic.xml.dom.marshal.MarshalException:
weblogic.xml.crypto.wss.WSSecurityException: Signature failed to vali
date.  Reference: #id-18980564 does not validate.
     [java] ; nested exception is:
     [java]     weblogic.xml.crypto.wss.WSSecurityException:
weblogic.xml.dom.marshal.MarshalException:
weblogic.xml.crypto.wss.WSSecurityException: S
ignature failed to validate.  Reference: #id-18980564 does not validate.
     [java]
"

Please let me know if I can provide anything else in order to get this bug
fixed.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.