You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by XyLus <ma...@gmail.com> on 2009/08/12 17:14:18 UTC
Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
Hi All,
I have to connect to web service ( .NET implementation with WSE 3.0 on
board) that requires signed
request. I 've played with CXF framework and now I have solution that works
just fine ( I get successful response from web service)
When I use cxf bc provider with the same configuration I end up with 'The
signature or decryption was invalid' error.
I attach smx and cxf logs and requests produced by CXF standalone
application and SMX flow.
http://www.nabble.com/file/p24938687/cxf.log cxf.log
http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
http://www.nabble.com/file/p24938687/smx.log smx.log
http://www.nabble.com/file/p24938687/smx.xml smx.xml
When you compare them they look ALMOST the same what makes me confused.
(digest value and signature value are different and one additional namespace
is avaialbe in smx request
http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
So I turned on debug mode and tried to find root cause of differences.
However I can't see any meaningful information in logs . On top of that I
use the same version of wss4j and xmlsec library in both cases.
Any help appreciated.
Regards,
Maciej
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
Posted by XyLus <ma...@gmail.com>.
Hi,
Signing works with given version
(http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/
) !
In addition to signing I tried out signing & encryption - that scenario was
a bit more difficult to get it working - my cxf configuration was correct
but I had to use old version of smx 3.3.0.2 so I received error
java.lang.NoSuchMethodError:
org.apache.ws.security.WSSecurityEngineResult.get(
Ljava/lang/Object;)Ljava/lang/Object;
I hacked it by replacing existing servicemix-shared with
servicemix-shared-3.3.1.18-fuse-installer.zip that contains wss4j-1.5.5.jar.
Next error I got was:
java.lang.NoSuchMethodError:
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkReceiverResultsAnyOrder(Ljava/util/Vector;Ljava/util/Vector;)Z
what was resolved by setting "ignoreActions" to value="true" in
WSS4JInInterceptor. (maybe if I took another servicemix-shared with newer
wss4j it won't be necessary).
Well, obviously I know it's one huge workaround - but my goal is just to
check servicemix-cxf and .NET web service interoperability when signing and
encryption/decryption are required. Current solution is a good starting
point for sure.
Thank you all for your help (especially I appreciate Freeman hints) !
Regards,
Maciej
Freeman Fang wrote:
>
> Hi,
>
> This issue get fixed by SMXCOMP-618 on Aug 21, but the snapshot you
> test is published on April, so that snapshot won't pick up the fix.
>
> You need check out code from
> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
> and build the snapshot yourself now.
> follow the step
> 1. svn co
> https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
> 2. mvn install
>
>
> Another option is you can test against the fuse snapshot, you can
> download it from [1], copy it to your SMX_HOME/hotdeploy folder to
> override the old one
>
> [1]http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/
>
> Freeman
>
> On 2009-9-4, at 下午8:31, XyLus wrote:
>
>>
>> I've done test with
>> http://people.apache.org/repo/m2-snapshot-repository/org/apache/servicemix/servicemix-cxf-bc/2009.02-SNAPSHOT/servicemix-cxf-bc-2009.02-20090417.052350-16-installer.zip
>>
>> but the result is the same as always -
>> System.Web.Services.Protocols.SoapHeaderException:
>> Microsoft.Web.Services3.Security.SecurityFault: The signature or
>> decryption
>> was invalid
>>
>>
>> Regards,
>> Maciej
>>
>>
>>
>> Freeman Fang wrote:
>>>
>>> Hi,
>>>
>>> I believe the fix for SMXCOMP-618 can address this issue.
>>>
>>> [1]https://issues.apache.org/activemq/browse/SMXCOMP-618
>>>
>>> Freeman
>>> On 2009-8-19, at 下午3:52, XyLus wrote:
>>>
>>>>
>>>> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx
>>>> PeRCSPoC.jmx
>>>>
>>>> Regards,
>>>> Maciej
>>>>
>>>>
>>>> Freeman Fang wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> How is your work flow in smx get invoked?
>>>>> I believe you use a standalone jms client sending message to jms
>>>>> consumer of smx, if you, could you also append this standalone jms
>>>>> client? So that I can test your case from my side.
>>>>> Thanks
>>>>> Freeman
>>>>> On 2009-8-14, at 下午10:52, XyLus wrote:
>>>>>
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I've also created CXF server (please find in
>>>>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>>>>>> attachment ).
>>>>>> As long as I did not provide keystore with client certificate I
>>>>>> was
>>>>>> getting
>>>>>> error:
>>>>>>
>>>>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>>>>>> path
>>>>>> verification failed for certificate with subject
>>>>>> CN=WSE2QuickStartClient;
>>>>>> nested exception is:
>>>>>> org.apache.ws.security.WSSecurityException: General security
>>>>>> error
>>>>>> (Error
>>>>>> during certificate path validation: basic constraints check
>>>>>> failed:
>>>>>> this is
>>>>>> not a CA certificate); nested exception is:
>>>>>> java.security.cert.CertPathValidatorException: basic constraints
>>>>>> check
>>>>>> failed: this is not a CA certificate
>>>>>> at
>>>>>> org
>>>>>> .apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>>>>>> 1176)
>>>>>>
>>>>>> So I found working configuration for CXF client <-> CXF server
>>>>>> (however it
>>>>>> does not work as I expected - I thought that client's issuer
>>>>>> certificate
>>>>>> should be only available on server side)
>>>>>>
>>>>>> Anyway, problem I am trying to solve is connecting to .NET
>>>>>> webservice not
>>>>>> CXF...
>>>>>>
>>>>>> Regards,
>>>>>> Maciej
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> XyLus wrote:
>>>>>>>
>>>>>>> Hi Freeman
>>>>>>>
>>>>>>> Please find in attachment testcase bundle - it contains
>>>>>>> standalone
>>>>>>> cxf
>>>>>>> (wse-cxf-sign-client) application,
>>>>>>> smx test flow (smx-testcase) and sample .Net web service code
>>>>>>> (.NET) I am
>>>>>>> trying to connect.
>>>>>>>
>>>>>>> Speaking of cxf server, I have not tried it yet since my goal
>>>>>>> is to
>>>>>>> work
>>>>>>> out working configuration for smx client <-> .NET web service.
>>>>>>> However I
>>>>>>> will try this as well and send result.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Maciej
>>>>>>>
>>>>>>> Attachment:
>>>>>>> http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>>>>>> testcase-bundle.zip
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Freeman Fang wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>> Could you please append your testcase, both the working
>>>>>>>> standalone
>>>>>>>> cxf
>>>>>>>> client and the problem smx one?
>>>>>>>> If possible, also a standalone server what we can test against
>>>>>>>> to
>>>>>>>> reproduce the error, I understand you are using .NET server on
>>>>>>>> windows, but if you can provide a cxf server to simulate the
>>>>>>>> error
>>>>>>>> it
>>>>>>>> would be great.
>>>>>>>> Thanks
>>>>>>>> Freeman
>>>>>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>>>>>> 3.0 on
>>>>>>>>> board) that requires signed
>>>>>>>>> request. I 've played with CXF framework and now I have
>>>>>>>>> solution
>>>>>>>>> that works
>>>>>>>>> just fine ( I get successful response from web service)
>>>>>>>>>
>>>>>>>>> When I use cxf bc provider with the same configuration I end up
>>>>>>>>> with
>>>>>>>>> 'The
>>>>>>>>> signature or decryption was invalid' error.
>>>>>>>>>
>>>>>>>>> I attach smx and cxf logs and requests produced by CXF
>>>>>>>>> standalone
>>>>>>>>> application and SMX flow.
>>>>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>>>>>
>>>>>>>>> When you compare them they look ALMOST the same what makes me
>>>>>>>>> confused.
>>>>>>>>> (digest value and signature value are different and one
>>>>>>>>> additional
>>>>>>>>> namespace
>>>>>>>>> is avaialbe in smx request
>>>>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>>>>>
>>>>>>>>> So I turned on debug mode and tried to find root cause of
>>>>>>>>> differences.
>>>>>>>>> However I can't see any meaningful information in logs . On top
>>>>>>>>> of
>>>>>>>>> that I
>>>>>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>>>>>
>>>>>>>>> Any help appreciated.
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Maciej
>>>>>>>>> --
>>>>>>>>> View this message in context:
>>>>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>>>>> Nabble.com.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Freeman Fang
>>>>>>>> ------------------------
>>>>>>>> Open Source SOA: http://fusesource.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>> Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Freeman Fang
>>>>> ------------------------
>>>>> Open Source SOA: http://fusesource.com
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
>>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>> --
>>> Freeman Fang
>>> ------------------------
>>> Open Source SOA: http://fusesource.com
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25293515.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25311700.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The signature or decryption was invalid
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
This issue get fixed by SMXCOMP-618 on Aug 21, but the snapshot you
test is published on April, so that snapshot won't pick up the fix.
You need check out code from https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
and build the snapshot yourself now.
follow the step
1. svn co https://svn.apache.org/repos/asf/servicemix/components/bindings/servicemix-cxf-bc/trunk/
2. mvn install
Another option is you can test against the fuse snapshot, you can
download it from [1], copy it to your SMX_HOME/hotdeploy folder to
override the old one
[1]http://repo.open.iona.com/maven2-snapshot/org/apache/servicemix/servicemix-cxf-bc/2009.01.1-fuse-SNAPSHOT/
Freeman
On 2009-9-4, at 下午8:31, XyLus wrote:
>
> I've done test with
> http://people.apache.org/repo/m2-snapshot-repository/org/apache/servicemix/servicemix-cxf-bc/2009.02-SNAPSHOT/servicemix-cxf-bc-2009.02-20090417.052350-16-installer.zip
>
> but the result is the same as always -
> System.Web.Services.Protocols.SoapHeaderException:
> Microsoft.Web.Services3.Security.SecurityFault: The signature or
> decryption
> was invalid
>
>
> Regards,
> Maciej
>
>
>
> Freeman Fang wrote:
>>
>> Hi,
>>
>> I believe the fix for SMXCOMP-618 can address this issue.
>>
>> [1]https://issues.apache.org/activemq/browse/SMXCOMP-618
>>
>> Freeman
>> On 2009-8-19, at 下午3:52, XyLus wrote:
>>
>>>
>>> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx
>>> PeRCSPoC.jmx
>>>
>>> Regards,
>>> Maciej
>>>
>>>
>>> Freeman Fang wrote:
>>>>
>>>> Hi,
>>>>
>>>> How is your work flow in smx get invoked?
>>>> I believe you use a standalone jms client sending message to jms
>>>> consumer of smx, if you, could you also append this standalone jms
>>>> client? So that I can test your case from my side.
>>>> Thanks
>>>> Freeman
>>>> On 2009-8-14, at 下午10:52, XyLus wrote:
>>>>
>>>>>
>>>>> Hi,
>>>>>
>>>>> I've also created CXF server (please find in
>>>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>>>>> attachment ).
>>>>> As long as I did not provide keystore with client certificate I
>>>>> was
>>>>> getting
>>>>> error:
>>>>>
>>>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>>>>> path
>>>>> verification failed for certificate with subject
>>>>> CN=WSE2QuickStartClient;
>>>>> nested exception is:
>>>>> org.apache.ws.security.WSSecurityException: General security
>>>>> error
>>>>> (Error
>>>>> during certificate path validation: basic constraints check
>>>>> failed:
>>>>> this is
>>>>> not a CA certificate); nested exception is:
>>>>> java.security.cert.CertPathValidatorException: basic constraints
>>>>> check
>>>>> failed: this is not a CA certificate
>>>>> at
>>>>> org
>>>>> .apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>>>>> 1176)
>>>>>
>>>>> So I found working configuration for CXF client <-> CXF server
>>>>> (however it
>>>>> does not work as I expected - I thought that client's issuer
>>>>> certificate
>>>>> should be only available on server side)
>>>>>
>>>>> Anyway, problem I am trying to solve is connecting to .NET
>>>>> webservice not
>>>>> CXF...
>>>>>
>>>>> Regards,
>>>>> Maciej
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> XyLus wrote:
>>>>>>
>>>>>> Hi Freeman
>>>>>>
>>>>>> Please find in attachment testcase bundle - it contains
>>>>>> standalone
>>>>>> cxf
>>>>>> (wse-cxf-sign-client) application,
>>>>>> smx test flow (smx-testcase) and sample .Net web service code
>>>>>> (.NET) I am
>>>>>> trying to connect.
>>>>>>
>>>>>> Speaking of cxf server, I have not tried it yet since my goal
>>>>>> is to
>>>>>> work
>>>>>> out working configuration for smx client <-> .NET web service.
>>>>>> However I
>>>>>> will try this as well and send result.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Maciej
>>>>>>
>>>>>> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>>>>> testcase-bundle.zip
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Freeman Fang wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>> Could you please append your testcase, both the working
>>>>>>> standalone
>>>>>>> cxf
>>>>>>> client and the problem smx one?
>>>>>>> If possible, also a standalone server what we can test against
>>>>>>> to
>>>>>>> reproduce the error, I understand you are using .NET server on
>>>>>>> windows, but if you can provide a cxf server to simulate the
>>>>>>> error
>>>>>>> it
>>>>>>> would be great.
>>>>>>> Thanks
>>>>>>> Freeman
>>>>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>>>>> 3.0 on
>>>>>>>> board) that requires signed
>>>>>>>> request. I 've played with CXF framework and now I have
>>>>>>>> solution
>>>>>>>> that works
>>>>>>>> just fine ( I get successful response from web service)
>>>>>>>>
>>>>>>>> When I use cxf bc provider with the same configuration I end up
>>>>>>>> with
>>>>>>>> 'The
>>>>>>>> signature or decryption was invalid' error.
>>>>>>>>
>>>>>>>> I attach smx and cxf logs and requests produced by CXF
>>>>>>>> standalone
>>>>>>>> application and SMX flow.
>>>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>>>>
>>>>>>>> When you compare them they look ALMOST the same what makes me
>>>>>>>> confused.
>>>>>>>> (digest value and signature value are different and one
>>>>>>>> additional
>>>>>>>> namespace
>>>>>>>> is avaialbe in smx request
>>>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>>>>
>>>>>>>> So I turned on debug mode and tried to find root cause of
>>>>>>>> differences.
>>>>>>>> However I can't see any meaningful information in logs . On top
>>>>>>>> of
>>>>>>>> that I
>>>>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>>>>
>>>>>>>> Any help appreciated.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Maciej
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>>>> Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Freeman Fang
>>>>>>> ------------------------
>>>>>>> Open Source SOA: http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>> Nabble.com.
>>>>>
>>>>
>>>>
>>>> --
>>>> Freeman Fang
>>>> ------------------------
>>>> Open Source SOA: http://fusesource.com
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>
>>
>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25293515.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
Posted by XyLus <ma...@gmail.com>.
I've done test with
http://people.apache.org/repo/m2-snapshot-repository/org/apache/servicemix/servicemix-cxf-bc/2009.02-SNAPSHOT/servicemix-cxf-bc-2009.02-20090417.052350-16-installer.zip
but the result is the same as always -
System.Web.Services.Protocols.SoapHeaderException:
Microsoft.Web.Services3.Security.SecurityFault: The signature or decryption
was invalid
Regards,
Maciej
Freeman Fang wrote:
>
> Hi,
>
> I believe the fix for SMXCOMP-618 can address this issue.
>
> [1]https://issues.apache.org/activemq/browse/SMXCOMP-618
>
> Freeman
> On 2009-8-19, at 下午3:52, XyLus wrote:
>
>>
>> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx
>> PeRCSPoC.jmx
>>
>> Regards,
>> Maciej
>>
>>
>> Freeman Fang wrote:
>>>
>>> Hi,
>>>
>>> How is your work flow in smx get invoked?
>>> I believe you use a standalone jms client sending message to jms
>>> consumer of smx, if you, could you also append this standalone jms
>>> client? So that I can test your case from my side.
>>> Thanks
>>> Freeman
>>> On 2009-8-14, at 下午10:52, XyLus wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> I've also created CXF server (please find in
>>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>>>> attachment ).
>>>> As long as I did not provide keystore with client certificate I was
>>>> getting
>>>> error:
>>>>
>>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>>>> path
>>>> verification failed for certificate with subject
>>>> CN=WSE2QuickStartClient;
>>>> nested exception is:
>>>> org.apache.ws.security.WSSecurityException: General security error
>>>> (Error
>>>> during certificate path validation: basic constraints check failed:
>>>> this is
>>>> not a CA certificate); nested exception is:
>>>> java.security.cert.CertPathValidatorException: basic constraints
>>>> check
>>>> failed: this is not a CA certificate
>>>> at
>>>> org.apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>>>> 1176)
>>>>
>>>> So I found working configuration for CXF client <-> CXF server
>>>> (however it
>>>> does not work as I expected - I thought that client's issuer
>>>> certificate
>>>> should be only available on server side)
>>>>
>>>> Anyway, problem I am trying to solve is connecting to .NET
>>>> webservice not
>>>> CXF...
>>>>
>>>> Regards,
>>>> Maciej
>>>>
>>>>
>>>>
>>>>
>>>> XyLus wrote:
>>>>>
>>>>> Hi Freeman
>>>>>
>>>>> Please find in attachment testcase bundle - it contains standalone
>>>>> cxf
>>>>> (wse-cxf-sign-client) application,
>>>>> smx test flow (smx-testcase) and sample .Net web service code
>>>>> (.NET) I am
>>>>> trying to connect.
>>>>>
>>>>> Speaking of cxf server, I have not tried it yet since my goal is to
>>>>> work
>>>>> out working configuration for smx client <-> .NET web service.
>>>>> However I
>>>>> will try this as well and send result.
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>> Maciej
>>>>>
>>>>> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>>>> testcase-bundle.zip
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Freeman Fang wrote:
>>>>>>
>>>>>> Hi,
>>>>>> Could you please append your testcase, both the working standalone
>>>>>> cxf
>>>>>> client and the problem smx one?
>>>>>> If possible, also a standalone server what we can test against to
>>>>>> reproduce the error, I understand you are using .NET server on
>>>>>> windows, but if you can provide a cxf server to simulate the error
>>>>>> it
>>>>>> would be great.
>>>>>> Thanks
>>>>>> Freeman
>>>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>>>
>>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>>>> 3.0 on
>>>>>>> board) that requires signed
>>>>>>> request. I 've played with CXF framework and now I have solution
>>>>>>> that works
>>>>>>> just fine ( I get successful response from web service)
>>>>>>>
>>>>>>> When I use cxf bc provider with the same configuration I end up
>>>>>>> with
>>>>>>> 'The
>>>>>>> signature or decryption was invalid' error.
>>>>>>>
>>>>>>> I attach smx and cxf logs and requests produced by CXF standalone
>>>>>>> application and SMX flow.
>>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>>>
>>>>>>> When you compare them they look ALMOST the same what makes me
>>>>>>> confused.
>>>>>>> (digest value and signature value are different and one
>>>>>>> additional
>>>>>>> namespace
>>>>>>> is avaialbe in smx request
>>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>>>
>>>>>>> So I turned on debug mode and tried to find root cause of
>>>>>>> differences.
>>>>>>> However I can't see any meaningful information in logs . On top
>>>>>>> of
>>>>>>> that I
>>>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>>>
>>>>>>> Any help appreciated.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Maciej
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>>> Nabble.com.
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Freeman Fang
>>>>>> ------------------------
>>>>>> Open Source SOA: http://fusesource.com
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>> --
>>> Freeman Fang
>>> ------------------------
>>> Open Source SOA: http://fusesource.com
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25293515.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The signature or decryption was invalid
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
I believe the fix for SMXCOMP-618 can address this issue.
[1]https://issues.apache.org/activemq/browse/SMXCOMP-618
Freeman
On 2009-8-19, at 下午3:52, XyLus wrote:
>
> Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx
> PeRCSPoC.jmx
>
> Regards,
> Maciej
>
>
> Freeman Fang wrote:
>>
>> Hi,
>>
>> How is your work flow in smx get invoked?
>> I believe you use a standalone jms client sending message to jms
>> consumer of smx, if you, could you also append this standalone jms
>> client? So that I can test your case from my side.
>> Thanks
>> Freeman
>> On 2009-8-14, at 下午10:52, XyLus wrote:
>>
>>>
>>> Hi,
>>>
>>> I've also created CXF server (please find in
>>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>>> attachment ).
>>> As long as I did not provide keystore with client certificate I was
>>> getting
>>> error:
>>>
>>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>>> path
>>> verification failed for certificate with subject
>>> CN=WSE2QuickStartClient;
>>> nested exception is:
>>> org.apache.ws.security.WSSecurityException: General security error
>>> (Error
>>> during certificate path validation: basic constraints check failed:
>>> this is
>>> not a CA certificate); nested exception is:
>>> java.security.cert.CertPathValidatorException: basic constraints
>>> check
>>> failed: this is not a CA certificate
>>> at
>>> org.apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>>> 1176)
>>>
>>> So I found working configuration for CXF client <-> CXF server
>>> (however it
>>> does not work as I expected - I thought that client's issuer
>>> certificate
>>> should be only available on server side)
>>>
>>> Anyway, problem I am trying to solve is connecting to .NET
>>> webservice not
>>> CXF...
>>>
>>> Regards,
>>> Maciej
>>>
>>>
>>>
>>>
>>> XyLus wrote:
>>>>
>>>> Hi Freeman
>>>>
>>>> Please find in attachment testcase bundle - it contains standalone
>>>> cxf
>>>> (wse-cxf-sign-client) application,
>>>> smx test flow (smx-testcase) and sample .Net web service code
>>>> (.NET) I am
>>>> trying to connect.
>>>>
>>>> Speaking of cxf server, I have not tried it yet since my goal is to
>>>> work
>>>> out working configuration for smx client <-> .NET web service.
>>>> However I
>>>> will try this as well and send result.
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Maciej
>>>>
>>>> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>>> testcase-bundle.zip
>>>>
>>>>
>>>>
>>>>
>>>> Freeman Fang wrote:
>>>>>
>>>>> Hi,
>>>>> Could you please append your testcase, both the working standalone
>>>>> cxf
>>>>> client and the problem smx one?
>>>>> If possible, also a standalone server what we can test against to
>>>>> reproduce the error, I understand you are using .NET server on
>>>>> windows, but if you can provide a cxf server to simulate the error
>>>>> it
>>>>> would be great.
>>>>> Thanks
>>>>> Freeman
>>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>>
>>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>>> 3.0 on
>>>>>> board) that requires signed
>>>>>> request. I 've played with CXF framework and now I have solution
>>>>>> that works
>>>>>> just fine ( I get successful response from web service)
>>>>>>
>>>>>> When I use cxf bc provider with the same configuration I end up
>>>>>> with
>>>>>> 'The
>>>>>> signature or decryption was invalid' error.
>>>>>>
>>>>>> I attach smx and cxf logs and requests produced by CXF standalone
>>>>>> application and SMX flow.
>>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>>
>>>>>> When you compare them they look ALMOST the same what makes me
>>>>>> confused.
>>>>>> (digest value and signature value are different and one
>>>>>> additional
>>>>>> namespace
>>>>>> is avaialbe in smx request
>>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>>
>>>>>> So I turned on debug mode and tried to find root cause of
>>>>>> differences.
>>>>>> However I can't see any meaningful information in logs . On top
>>>>>> of
>>>>>> that I
>>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>>
>>>>>> Any help appreciated.
>>>>>>
>>>>>> Regards,
>>>>>> Maciej
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>>> Sent from the ServiceMix - User mailing list archive at
>>>>>> Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Freeman Fang
>>>>> ------------------------
>>>>> Open Source SOA: http://fusesource.com
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>
>>
>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
Posted by XyLus <ma...@gmail.com>.
Here you go : http://www.nabble.com/file/p25039423/PeRCSPoC.jmx PeRCSPoC.jmx
Regards,
Maciej
Freeman Fang wrote:
>
> Hi,
>
> How is your work flow in smx get invoked?
> I believe you use a standalone jms client sending message to jms
> consumer of smx, if you, could you also append this standalone jms
> client? So that I can test your case from my side.
> Thanks
> Freeman
> On 2009-8-14, at 下午10:52, XyLus wrote:
>
>>
>> Hi,
>>
>> I've also created CXF server (please find in
>> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
>> attachment ).
>> As long as I did not provide keystore with client certificate I was
>> getting
>> error:
>>
>> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
>> path
>> verification failed for certificate with subject
>> CN=WSE2QuickStartClient;
>> nested exception is:
>> org.apache.ws.security.WSSecurityException: General security error
>> (Error
>> during certificate path validation: basic constraints check failed:
>> this is
>> not a CA certificate); nested exception is:
>> java.security.cert.CertPathValidatorException: basic constraints
>> check
>> failed: this is not a CA certificate
>> at
>> org.apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
>> 1176)
>>
>> So I found working configuration for CXF client <-> CXF server
>> (however it
>> does not work as I expected - I thought that client's issuer
>> certificate
>> should be only available on server side)
>>
>> Anyway, problem I am trying to solve is connecting to .NET
>> webservice not
>> CXF...
>>
>> Regards,
>> Maciej
>>
>>
>>
>>
>> XyLus wrote:
>>>
>>> Hi Freeman
>>>
>>> Please find in attachment testcase bundle - it contains standalone
>>> cxf
>>> (wse-cxf-sign-client) application,
>>> smx test flow (smx-testcase) and sample .Net web service code
>>> (.NET) I am
>>> trying to connect.
>>>
>>> Speaking of cxf server, I have not tried it yet since my goal is to
>>> work
>>> out working configuration for smx client <-> .NET web service.
>>> However I
>>> will try this as well and send result.
>>>
>>>
>>>
>>> Regards,
>>> Maciej
>>>
>>> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
>>> testcase-bundle.zip
>>>
>>>
>>>
>>>
>>> Freeman Fang wrote:
>>>>
>>>> Hi,
>>>> Could you please append your testcase, both the working standalone
>>>> cxf
>>>> client and the problem smx one?
>>>> If possible, also a standalone server what we can test against to
>>>> reproduce the error, I understand you are using .NET server on
>>>> windows, but if you can provide a cxf server to simulate the error
>>>> it
>>>> would be great.
>>>> Thanks
>>>> Freeman
>>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>>
>>>>>
>>>>> Hi All,
>>>>>
>>>>> I have to connect to web service ( .NET implementation with WSE
>>>>> 3.0 on
>>>>> board) that requires signed
>>>>> request. I 've played with CXF framework and now I have solution
>>>>> that works
>>>>> just fine ( I get successful response from web service)
>>>>>
>>>>> When I use cxf bc provider with the same configuration I end up
>>>>> with
>>>>> 'The
>>>>> signature or decryption was invalid' error.
>>>>>
>>>>> I attach smx and cxf logs and requests produced by CXF standalone
>>>>> application and SMX flow.
>>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>>
>>>>> When you compare them they look ALMOST the same what makes me
>>>>> confused.
>>>>> (digest value and signature value are different and one additional
>>>>> namespace
>>>>> is avaialbe in smx request
>>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>>
>>>>> So I turned on debug mode and tried to find root cause of
>>>>> differences.
>>>>> However I can't see any meaningful information in logs . On top of
>>>>> that I
>>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>>
>>>>> Any help appreciated.
>>>>>
>>>>> Regards,
>>>>> Maciej
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>>> --
>>>> Freeman Fang
>>>> ------------------------
>>>> Open Source SOA: http://fusesource.com
>>>>
>>>>
>>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p25039423.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The signature or decryption was invalid
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
How is your work flow in smx get invoked?
I believe you use a standalone jms client sending message to jms
consumer of smx, if you, could you also append this standalone jms
client? So that I can test your case from my side.
Thanks
Freeman
On 2009-8-14, at 下午10:52, XyLus wrote:
>
> Hi,
>
> I've also created CXF server (please find in
> http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip
> attachment ).
> As long as I did not provide keystore with client certificate I was
> getting
> error:
>
> org.apache.ws.security.WSSecurityException: WSHandler: Certificate
> path
> verification failed for certificate with subject
> CN=WSE2QuickStartClient;
> nested exception is:
> org.apache.ws.security.WSSecurityException: General security error
> (Error
> during certificate path validation: basic constraints check failed:
> this is
> not a CA certificate); nested exception is:
> java.security.cert.CertPathValidatorException: basic constraints
> check
> failed: this is not a CA certificate
> at
> org.apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:
> 1176)
>
> So I found working configuration for CXF client <-> CXF server
> (however it
> does not work as I expected - I thought that client's issuer
> certificate
> should be only available on server side)
>
> Anyway, problem I am trying to solve is connecting to .NET
> webservice not
> CXF...
>
> Regards,
> Maciej
>
>
>
>
> XyLus wrote:
>>
>> Hi Freeman
>>
>> Please find in attachment testcase bundle - it contains standalone
>> cxf
>> (wse-cxf-sign-client) application,
>> smx test flow (smx-testcase) and sample .Net web service code
>> (.NET) I am
>> trying to connect.
>>
>> Speaking of cxf server, I have not tried it yet since my goal is to
>> work
>> out working configuration for smx client <-> .NET web service.
>> However I
>> will try this as well and send result.
>>
>>
>>
>> Regards,
>> Maciej
>>
>> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
>> testcase-bundle.zip
>>
>>
>>
>>
>> Freeman Fang wrote:
>>>
>>> Hi,
>>> Could you please append your testcase, both the working standalone
>>> cxf
>>> client and the problem smx one?
>>> If possible, also a standalone server what we can test against to
>>> reproduce the error, I understand you are using .NET server on
>>> windows, but if you can provide a cxf server to simulate the error
>>> it
>>> would be great.
>>> Thanks
>>> Freeman
>>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>>
>>>>
>>>> Hi All,
>>>>
>>>> I have to connect to web service ( .NET implementation with WSE
>>>> 3.0 on
>>>> board) that requires signed
>>>> request. I 've played with CXF framework and now I have solution
>>>> that works
>>>> just fine ( I get successful response from web service)
>>>>
>>>> When I use cxf bc provider with the same configuration I end up
>>>> with
>>>> 'The
>>>> signature or decryption was invalid' error.
>>>>
>>>> I attach smx and cxf logs and requests produced by CXF standalone
>>>> application and SMX flow.
>>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>>
>>>> When you compare them they look ALMOST the same what makes me
>>>> confused.
>>>> (digest value and signature value are different and one additional
>>>> namespace
>>>> is avaialbe in smx request
>>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>>
>>>> So I turned on debug mode and tried to find root cause of
>>>> differences.
>>>> However I can't see any meaningful information in logs . On top of
>>>> that I
>>>> use the same version of wss4j and xmlsec library in both cases.
>>>>
>>>> Any help appreciated.
>>>>
>>>> Regards,
>>>> Maciej
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>> --
>>> Freeman Fang
>>> ------------------------
>>> Open Source SOA: http://fusesource.com
>>>
>>>
>>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
Posted by XyLus <ma...@gmail.com>.
Hi,
I've also created CXF server (please find in
http://www.nabble.com/file/p24973027/wse-cxf-sign-server.zip attachment ).
As long as I did not provide keystore with client certificate I was getting
error:
org.apache.ws.security.WSSecurityException: WSHandler: Certificate path
verification failed for certificate with subject CN=WSE2QuickStartClient;
nested exception is:
org.apache.ws.security.WSSecurityException: General security error (Error
during certificate path validation: basic constraints check failed: this is
not a CA certificate); nested exception is:
java.security.cert.CertPathValidatorException: basic constraints check
failed: this is not a CA certificate
at
org.apache.ws.security.handler.WSHandler.verifyTrust(WSHandler.java:1176)
So I found working configuration for CXF client <-> CXF server (however it
does not work as I expected - I thought that client's issuer certificate
should be only available on server side)
Anyway, problem I am trying to solve is connecting to .NET webservice not
CXF...
Regards,
Maciej
XyLus wrote:
>
> Hi Freeman
>
> Please find in attachment testcase bundle - it contains standalone cxf
> (wse-cxf-sign-client) application,
> smx test flow (smx-testcase) and sample .Net web service code (.NET) I am
> trying to connect.
>
> Speaking of cxf server, I have not tried it yet since my goal is to work
> out working configuration for smx client <-> .NET web service. However I
> will try this as well and send result.
>
>
>
> Regards,
> Maciej
>
> Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
> testcase-bundle.zip
>
>
>
>
> Freeman Fang wrote:
>>
>> Hi,
>> Could you please append your testcase, both the working standalone cxf
>> client and the problem smx one?
>> If possible, also a standalone server what we can test against to
>> reproduce the error, I understand you are using .NET server on
>> windows, but if you can provide a cxf server to simulate the error it
>> would be great.
>> Thanks
>> Freeman
>> On 2009-8-12, at 下午11:14, XyLus wrote:
>>
>>>
>>> Hi All,
>>>
>>> I have to connect to web service ( .NET implementation with WSE 3.0 on
>>> board) that requires signed
>>> request. I 've played with CXF framework and now I have solution
>>> that works
>>> just fine ( I get successful response from web service)
>>>
>>> When I use cxf bc provider with the same configuration I end up with
>>> 'The
>>> signature or decryption was invalid' error.
>>>
>>> I attach smx and cxf logs and requests produced by CXF standalone
>>> application and SMX flow.
>>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>>> http://www.nabble.com/file/p24938687/smx.log smx.log
>>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>>
>>> When you compare them they look ALMOST the same what makes me
>>> confused.
>>> (digest value and signature value are different and one additional
>>> namespace
>>> is avaialbe in smx request
>>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>>
>>> So I turned on debug mode and tried to find root cause of differences.
>>> However I can't see any meaningful information in logs . On top of
>>> that I
>>> use the same version of wss4j and xmlsec library in both cases.
>>>
>>> Any help appreciated.
>>>
>>> Regards,
>>> Maciej
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>
>>
>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24973027.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The
signature or decryption was invalid
Posted by XyLus <ma...@gmail.com>.
Hi Freeman
Please find in attachment testcase bundle - it contains standalone cxf
(wse-cxf-sign-client) application,
smx test flow (smx-testcase) and sample .Net web service code (.NET) I am
trying to connect.
Speaking of cxf server, I have not tried it yet since my goal is to work out
working configuration for smx client <-> .NET web service. However I will
try this as well and send result.
Regards,
Maciej
Attachment: http://www.nabble.com/file/p24954647/testcase-bundle.zip
testcase-bundle.zip
Freeman Fang wrote:
>
> Hi,
> Could you please append your testcase, both the working standalone cxf
> client and the problem smx one?
> If possible, also a standalone server what we can test against to
> reproduce the error, I understand you are using .NET server on
> windows, but if you can provide a cxf server to simulate the error it
> would be great.
> Thanks
> Freeman
> On 2009-8-12, at 下午11:14, XyLus wrote:
>
>>
>> Hi All,
>>
>> I have to connect to web service ( .NET implementation with WSE 3.0 on
>> board) that requires signed
>> request. I 've played with CXF framework and now I have solution
>> that works
>> just fine ( I get successful response from web service)
>>
>> When I use cxf bc provider with the same configuration I end up with
>> 'The
>> signature or decryption was invalid' error.
>>
>> I attach smx and cxf logs and requests produced by CXF standalone
>> application and SMX flow.
>> http://www.nabble.com/file/p24938687/cxf.log cxf.log
>> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
>> http://www.nabble.com/file/p24938687/smx.log smx.log
>> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>>
>> When you compare them they look ALMOST the same what makes me
>> confused.
>> (digest value and signature value are different and one additional
>> namespace
>> is avaialbe in smx request
>> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>>
>> So I turned on debug mode and tried to find root cause of differences.
>> However I can't see any meaningful information in logs . On top of
>> that I
>> use the same version of wss4j and xmlsec library in both cases.
>>
>> Any help appreciated.
>>
>> Regards,
>> Maciej
>> --
>> View this message in context:
>> http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24954647.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: Once again: Microsoft.Web.Services3.Security.SecurityFault: The signature or decryption was invalid
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Could you please append your testcase, both the working standalone cxf
client and the problem smx one?
If possible, also a standalone server what we can test against to
reproduce the error, I understand you are using .NET server on
windows, but if you can provide a cxf server to simulate the error it
would be great.
Thanks
Freeman
On 2009-8-12, at 下午11:14, XyLus wrote:
>
> Hi All,
>
> I have to connect to web service ( .NET implementation with WSE 3.0 on
> board) that requires signed
> request. I 've played with CXF framework and now I have solution
> that works
> just fine ( I get successful response from web service)
>
> When I use cxf bc provider with the same configuration I end up with
> 'The
> signature or decryption was invalid' error.
>
> I attach smx and cxf logs and requests produced by CXF standalone
> application and SMX flow.
> http://www.nabble.com/file/p24938687/cxf.log cxf.log
> http://www.nabble.com/file/p24938687/cxf.xml cxf.xml
> http://www.nabble.com/file/p24938687/smx.log smx.log
> http://www.nabble.com/file/p24938687/smx.xml smx.xml
>
> When you compare them they look ALMOST the same what makes me
> confused.
> (digest value and signature value are different and one additional
> namespace
> is avaialbe in smx request
> http://java.sun.com/xml/ns/jbi/wsdl-11-wrapper)
>
> So I turned on debug mode and tried to find root cause of differences.
> However I can't see any meaningful information in logs . On top of
> that I
> use the same version of wss4j and xmlsec library in both cases.
>
> Any help appreciated.
>
> Regards,
> Maciej
> --
> View this message in context: http://www.nabble.com/Once-again%3A-Microsoft.Web.Services3.Security.SecurityFault%3A-The-signature-or-decryption-was-invalid-tp24938687p24938687.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com