Hi,
I work on a webservice client and I always receive the same error when I
try to make a request to our clients webservice.
"org.apache.ws.security.WSSecurityException (The signature verification
failed)"
- Our client's webservice is axis-based, more I don't know
- I use rampart 1.3 and Axis2 1.4.1, EclipseEE
- I generated the customers WSDLs with axis2 1.4.1 in EclipseEE
- I received certificates of our customer and imported them to a keystore
- I set up the the security using outflow configuration. I know it's
deprecated but it seemed easier to me than using a policy.xml.
- I also set up a client using a policy.xml signing the body but reveice
the same error. I will change to policy in the next step.
- I read all I could find on the web and in mailinglists but nothing
helped:
- XML is UTF-B
- JVM argument "language=EN" didn't help
- Mixing different Axis2 and rampart versions didn't help
- Changing xmlsec1.4.0. jar to 1.4.1 or 1.4.2 didn't help
- The certs are have not expired
- Eclipse' Workspace encoding is UTF-8
Question:
- Does the exception really mean the SOAP-Envelope has been changed after
is was singed? Are there any other reasons this exception could be thrown?
- What is about the "Pretty Printing" of the XML issue I've found on the
mailing list. This this really solved in axis2 1.4.1?
- Is there a way to set up namespace optimation and pretty printing
manually in axis2 like in axis 1?
- Could somethig else be wrong with the certificates?
The thing is when I use the a modified sample using a policy.xml I get the
same Exception
- Is there anything I could tell our client to changed what could help me?
What did I do special:
- Wrote a little handler to avoid "mustunderstand"-Problem in the
response: I Set all headers in the response to processed. The error also
occurs if I don't engage my handler
Here is my Security setup using outflowConfiguration:
...options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
getOutflowConfiguration());
...
private Parameter getOutflowConfiguration() {
OutflowConfiguration ofc = new OutflowConfiguration();
ofc.setActionItems("Timestamp Signature");
ofc.setSignatureParts("{Element}{
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
}Timestamp");
ofc.setUser("fcms-aci");
ofc.setPasswordCallbackClass("de.aci.handler.PWCBHandler");
ofc.setSignaturePropRefId("cyrpto_props");
ofc.setSignatureKeyIdentifier(WSSHandlerConstants.
X509_KEY_IDENTIFIER);
return ofc.getProperty();
}
The PWCBHandler is the same as in all Samples. I just changed the alias
and the password
I set the properties programmatically, because they should change
dynamically later:
Properties prop1 = getProps();
serviceclient.getOptions.options.setProperty("cyrpto_props", prop1);
...
private Properties getProps() {
Properties prop1 = new Properties();
prop1.setProperty("org.apache.ws.security.crypto.provider"
, "org.apache.ws.security.components.crypto.Merlin");
prop1.setProperty(
"org.apache.ws.security.crypto.merlin.keystore.type", "jks");
prop1.setProperty(
"org.apache.ws.security.crypto.merlin.keystore.password",
"l7uzjx1ju...@+w2");
prop1.setProperty(
"org.apache.ws.security.crypto.merlin.file", "fcms.keystore");
return prop1;
}
Does anybody has an idea what I do wrong?
Thank you so very much in advance for any ideas!!!!
Greetings
Hans
