You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by RuneB <ru...@spk.no> on 2009/09/29 13:02:08 UTC
Signed soap-faults fail signature verification
After upgrading CXF from 2.1.3 to 2.2, an odd problem has cropped up:
Signed soap-faults now always fail signature verification.
Regular response messages, however, which are also signed, still work fine,
i.e. they pass signature verification.
All this is on the client side.
I should add that the signature check configured on the inInterceptors
chain, not the cxf:inFaultInterceptors chain, but I don't know if that's
relevant.
Does anyone have an idea what might be going on here?
Here's an example of the error:
-------------------------------------
12:38:37,017 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI
"#Body-6e8bbacc-b9f6-4391-a03d-c49d66fab0f8"
12:38:37,017 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.xml.security.signature.Reference verify
WARNING: Expected Digest: 3wvgCSSSsdh27tqtB3MnOn+oumY=
12:38:37,032 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.xml.security.signature.Reference verify
WARNING: Actual Digest: bo13kplIHCjyrqBe/HLnBKPZ11U=
12:38:37,048 ERROR [STDERR] 29.sep.2009 12:38:37
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING:
org.apache.ws.security.WSSecurityException: The signature or decryption was
invalid
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:438)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:179)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:641)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2108)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1987)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1912)
at
org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
at
org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:179)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:611)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSende
rInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:469)
...
- Rune
--
View this message in context: http://www.nabble.com/Signed-soap-faults-fail-signature-verification-tp25660934p25660934.html
Sent from the cxf-user mailing list archive at Nabble.com.