You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by p m <mp...@gmail.com> on 2006/11/27 17:21:42 UTC
XML Signature success and fails in the same time
Hi,
I have implemented my own security Handler which extends WSS4JHandler.
I put my web-service on a IBM WAS 5.1
When i try to verify the signature, i have this logs when i call the
WSSecurityEngine.getInstance().processSecurityHeader(doc,null,null),crypto);
org.apache.xml.security.signature.Reference Verification successful for URI
"#id-1052770798"
org.apache.ws.security.WSSecurityException: The signature verification
failed
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
SignatureProcessor.java:327)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(
SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
WSSecurityEngine.java:269)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
WSSecurityEngine.java:191)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
WSSecurityEngine.java:144)
I don't understand what it means : the first log says that's the signature
verification is correct, but the second log says that the signature
verification fails? But why it's failed?
Can anyone help me?
Thanks
Matthieu
Re: XML Signature success and fails in the same time
Posted by Guy Rixon <gt...@ast.cam.ac.uk>.
The first message comes from the xmlsec library that checks the cryptography
of the signature. After that check, WSS4J checks whether the user's public
key can be trusted. I suspect it's the latter check that fails.
Possible causes:
- The server doesn't have the CA certificate for the user's certificate.
(i.e. improper user or incomplete configuration of the service).
- The user's certificate has expired.
...and there could probably be other, more subtle variations; but it all comes
down to checking the chain of trust.
On Mon, 27 Nov 2006, p m wrote:
> Hi,
> I have implemented my own security Handler which extends WSS4JHandler.
> I put my web-service on a IBM WAS 5.1
> When i try to verify the signature, i have this logs when i call the
> WSSecurityEngine.getInstance().processSecurityHeader(doc,null,null),crypto);
>
> org.apache.xml.security.signature.Reference Verification successful for URI
> "#id-1052770798"
>
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:327)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(
> SignatureProcessor.java:79)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:269)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:191)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:144)
>
> I don't understand what it means : the first log says that's the signature
> verification is correct, but the second log says that the signature
> verification fails? But why it's failed?
> Can anyone help me?
> Thanks
> Matthieu
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: XML Signature success and fails in the same time
Posted by Guy Rixon <gt...@ast.cam.ac.uk>.
The first message comes from the xmlsec library that checks the cryptography
of the signature. After that check, WSS4J checks whether the user's public
key can be trusted. I suspect it's the latter check that fails.
Possible causes:
- The server doesn't have the CA certificate for the user's certificate.
(i.e. improper user or incomplete configuration of the service).
- The user's certificate has expired.
...and there could probably be other, more subtle variations; but it all comes
down to checking the chain of trust.
On Mon, 27 Nov 2006, p m wrote:
> Hi,
> I have implemented my own security Handler which extends WSS4JHandler.
> I put my web-service on a IBM WAS 5.1
> When i try to verify the signature, i have this logs when i call the
> WSSecurityEngine.getInstance().processSecurityHeader(doc,null,null),crypto);
>
> org.apache.xml.security.signature.Reference Verification successful for URI
> "#id-1052770798"
>
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> SignatureProcessor.java:327)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(
> SignatureProcessor.java:79)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:269)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:191)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> WSSecurityEngine.java:144)
>
> I don't understand what it means : the first log says that's the signature
> verification is correct, but the second log says that the signature
> verification fails? But why it's failed?
> Can anyone help me?
> Thanks
> Matthieu
>
Guy Rixon gtr@ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org