You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2011/03/23 16:14:05 UTC
[jira] [Commented] (CXF-3414) Signature verification fails with
custom SOAP header
[ https://issues.apache.org/jira/browse/CXF-3414?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13010166#comment-13010166 ]
Colm O hEigeartaigh commented on CXF-3414:
------------------------------------------
Hi,
Two points...
1) The custom SOAP header is not sent in the message, the SOAP handler is only installed on the inbound side.
2) The test-case works if you remove the SAAJInInterceptor. It isn't needed, as the WSS4JInInterceptor will call it automatically.
Beyond that, I'm not sure without digging into it deeper what's causing the SOAP body child to be duplicated, and cause the signature verification to fail as a result.
Colm.
> Signature verification fails with custom SOAP header
> ----------------------------------------------------
>
> Key: CXF-3414
> URL: https://issues.apache.org/jira/browse/CXF-3414
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.3.2
> Reporter: Jens Granseuer
> Attachments: signature-handler.zip
>
>
> When a client sends a signed message body, and also includes a custom SOAP header in the message, signature verification fails at the receiving end.
> {quote}
> 2011-03-23 14:33:41,159 DEBUG | verify 1 References | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | I am not requested to follow nested Manifests | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Reference", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transforms", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Request for URI http://www.w3.org/2000/09/xmldsig#sha1 | algorithms.JCEMapper
> 2011-03-23 14:33:41,159 DEBUG | I was asked to create a ResourceResolver and got 1 | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | extra resolvers to my existing 4 system-wide resolvers | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | enter engineResolve, look for: #id-2 | message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | exit engineResolve, result: XMLSignatureInput/Element/[soap:Body: null] exclude null comments:false/null | message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transform", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Pre-digested input: | utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 DEBUG | <soap:Body xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2"><greetMe xmlns="http://apache.org/hello_world_soap_http/types"><requestType>Master</requestType></greetMe><greetMe xmlns="http://apache.org/hello_world_soap_http/types"><requestType>Master</requestType></greetMe></soap:Body> | utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 WARN | Verification failed for URI "#id-2" | signature.Reference
> 2011-03-23 14:33:41,159 WARN | Expected Digest: yFxDQhgODwm09BOOEJwzrMzvfO4= | signature.Reference
> 2011-03-23 14:33:41,159 WARN | Actual Digest: l9AeEEtC5yLW+5gbX/vJunbkhrU= | signature.Reference
> {quote}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira