You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "david leruse (JIRA)" <ji...@apache.org> on 2016/05/17 14:35:13 UTC

[jira] [Created] (SANTUARIO-442) invalid signature in case of soap fault

david leruse created SANTUARIO-442:
--------------------------------------

             Summary: invalid signature in case of soap fault
                 Key: SANTUARIO-442
                 URL: https://issues.apache.org/jira/browse/SANTUARIO-442
             Project: Santuario
          Issue Type: Bug
          Components: Java
    Affects Versions: Java 2.0.6
            Reporter: david leruse
            Assignee: Colm O hEigeartaigh


Hello, this issue is a forwarded  issue from CXF (https://issues.apache.org/jira/browse/CXF-6900). 

Hello,

Having signature verification problems on the cxf client-side with a .NET Ws-fed protected webservice, I ask you a little help...
 Here is a summary of the problem :
 Most of the time, communication works well excepted when we got a soap fault message.
 Indeed signature validation works usually well excepted when
 we receive a fault message inside the body of the soap message. Even In this boundary case, signature verification works well excepted for one element, the fault message (see the enclosed server7.log file). 

After digging a bit, i've found that the calculated digest couldn't be equal to the claimed one because the content of the message given to the DigesterOutpustrream is not well canonicalized or normalized.

Partial decrypted msg

...
 <s:Body u:Id="_3">
 <Fault xmlns="http://www.w3.org/2003/05/soap-envelope"><Code><Value>DataNotFoundFault</Value></Code><Reason><Text xml:lang="nl-BE">ContextContactInfo with Id '1' does not exist.</Text></Reason><Detail><DataNotFoundFault xmlns="http://schemas.riziv.fgov.be/contact/2015/08/faults" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><ErrorCode>ContextContactInfoNotFound</ErrorCode><Message>ContextContactInfo with Id '1' does not exist.</Message></DataNotFoundFault></Detail></Fault>
 </s:Body>
 ...

Predigested input :

<s:Body xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" u:Id="_3"><env:Fault><Code xmlns="http://www.w3.org/2003/05/soap-envelope"><Value>DataNotFoundFault</Value></Code><Reason xmlns="http://www.w3.org/2003/05/soap-envelope"><Text xml:lang="nl-BE">ContextContactInfo with Id '1' does not exist.</Text></Reason><env:Detail><DataNotFoundFault xmlns="http://schemas.riziv.fgov.be/contact/2015/08/faults"><ErrorCode>ContextContactInfoNotFound</ErrorCode><Message>ContextContactInfo with Id '1' does not exist.</Message></DataNotFoundFault></env:Detail></env:Fault></s:Body>

Could you please check this problem and give me an advice ?

The library used are :

cxf 3.0.3
 wss4j 2.0.2
 xmlsec 2.0.2 or xmlsec 2.0.4 or xmlsec 2.0.6   

on a jdk 1.6.0_45

Thanks in advance
 David L




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)