You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by RuneB <ru...@spk.no> on 2009/09/29 13:02:08 UTC

Signed soap-faults fail signature verification

After upgrading CXF from 2.1.3 to 2.2, an odd problem has cropped up:
Signed soap-faults now always fail signature verification. 

Regular response messages, however, which are also signed, still work fine,
i.e. they pass signature verification.

All this is on the client side.

I should add that the signature check configured on the inInterceptors
chain, not the cxf:inFaultInterceptors chain, but I don't know if that's
relevant.

Does anyone have an idea what might be going on here?


Here's an example of the error:
-------------------------------------
12:38:37,017 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI
"#Body-6e8bbacc-b9f6-4391-a03d-c49d66fab0f8"
12:38:37,017 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.xml.security.signature.Reference verify
WARNING: Expected Digest: 3wvgCSSSsdh27tqtB3MnOn+oumY=
12:38:37,032 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.xml.security.signature.Reference verify
WARNING: Actual Digest: bo13kplIHCjyrqBe/HLnBKPZ11U=
12:38:37,048 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: The signature or decryption was
invalid
        at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:438)
        at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:179)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
        at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2108)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1987)
        at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1912)
        at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
        at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:179)
        at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
        at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:611)
        at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSende
rInterceptor.java:62)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
        at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
		...


- Rune
-- 
View this message in context: http://www.nabble.com/Signed-soap-faults-fail-signature-verification-tp25660934p25660934.html
Sent from the cxf-user mailing list archive at Nabble.com.