My scenario is signature/ecrypt request/response from wss4j to WSE2.0SP3. The request sign/encrypt goes fine, and for the reponse the decryption is also okay, but the signature fails. The strange thing is that i get the following on the console:
Verification successful for URI "#Id-e1f13ac7-1af6-4f79-a76c-2489d05e3816" I can see that this message comes from the call to "sig.checkSignatureValue(certs[0]);" in WSSecurityEngine and that the return value is "false". [1] is a pretty print of the reponse, that I've confined to just signing to focus on the problem. Has anyone got an idea of what's happening and a solution? I know that there could be more information nessesary, so please write back if you've got any clues. Best regards Brian Nielsen [1] <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"> <soap:Header> <wsa:Action>http://www.oio.dk/arkitektur/webservice/security/atedResponse</w sa:Action> <wsa:MessageID>uuid:d7a59b71-f5c8-4789-b9a9-5e27b08dbdad</wsa:MessageID> <wsa:RelatesTo>uuid:3de201e3-1b79-48c7-b195-0207ea3bad58</wsa:RelatesTo> <wsa:To>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa :To> <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-8ba94dc8-5688-4fb9-9d05-31ccb1ec9f94"> <wsu:Created>2005-06-29T11:31:55Z</wsu:Created> <wsu:Expires>2005-06-29T11:36:55Z</wsu:Expires> </wsu:Timestamp> <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m essage-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd" wsu:Id="SecurityToken-0170d0e7-53ad-4bf4-8176-5598acd0a7ae">MIIELzCCAxegAwIB AgIKG07I7gAAAAAAAjANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDEwtYbWx0b29scyBDQTAeFw0w NDA4MTUxMzAxMDRaFw0wNTA4MTUxMzExMDRaMHYxCzAJBgNVBAYTAkRLMRUwEwYDVQQHEwxDb3Bl bmhhZ2VuIEsxJzAlBgNVBAoTHk5hdGlvbmFsIElUIGFuZCBUZWxlY29tIEFnZW5jeTENMAsGA1UE CxMETklUQTEYMBYGA1UEAxMPeG1sdG9vbHMub2lvLmRrMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCqypgPb9QasSHVapTIO5tKj9B1QyQBJqDLzCq8+j1yipiG+bOUUsj4xWCtbJq2fkw/ iQKBgQCqypgPb9QasSHVapTIO5tKj9B1QyQBJqDLzCq8+j1yipiG+tOgt Cb25W0Qkd7nq8IfLcYplYlrIeniZY03nyvm2S5dXiwDC0hMME+NqDhv9JRkmKnHo5UjOVoyv Cb25W0Qkd7nq8IfLcYplYlrIeniZY03nyvm2S5dXiwDC0hMME+DgLb bDSVQM2WK/zQLhXjxfn/yYsHDwIDAQABo4IBoTCCAZ0wDgYDVR0PAQH/BAQDAgTwMEQGCSqGSIb3 DQEJDwQ3MDUwDgYIKoZIhvcNAwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG 9w0DBzATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUK955SSfcZEG27EfKy76R64hB4Jcw HwYDVR0jBBgwFoAUI9iI5DYhchM3V6IfXb3cq8DiJZYwZQYDVR0fBF4wXDBaoFigVoYpaHR0cDov L2l0czI2L0NlcnRFbnJvbGwvWG1sdG9vbHMlMjBDQS5jcmyGKWZpbGU6Ly9cXGl0czI2XENlcnRF bnJvbGxcWG1sdG9vbHMgQ0EuY3JsMIGIBggrBgEFBQcBAQR8MHowOwYIKwYBBQUHMAKGL2h0dHA6 Ly9pdHMyNi9DZXJ0RW5yb2xsL2l0czI2X1htbHRvb2xzJTIwQ0EuY3J0MDsGCCsGAQUFBzAChi9m aWxlOi8vXFxpdHMyNlxDZXJ0RW5yb2xsXGl0czI2X1htbHRvb2xzIENBLmNydDANBgkqhkiG9w0B AQUFAAOCAQEAkSKwxWUsGnkLe+ogRfFBoGwVvTSpJKR41Qjri5e0LKndG7BrU82ZmAsWreUa AQUFAAOCAQEAkSKwxWUsGnkLe+PbVp WrlrsRwoPHuwXrtm0LHRLrjKLSzkW9fxjMoKJejlKGwwNJHYi2XzumTtt7DSSwVfR6zgJrY27xKj 1gs8Qm2GefZW0xIWefNZ82l0f86gaHogVVSF05v3QL5X6tnAphS0EI5PFWG+ss6ajvdcRCW0 1gs8Qm2GefZW0xIWefNZ82l0f86gaHogVVSF05v3QL5X6tnAphS0EI5PFWG+k13L H9DCF5mweaHIQ5pjxCfdbMieFiDR0RF5wXPAJIAjkIkPPYF6Rewf7XPI+kDDK6/Y+8UqfLTc H9DCF5mweaHIQ5pjxCfdbMieFiDR0RF5wXPAJIAjkIkPPYF6Rewf7XPI+gJiG QUWuUq1JUAd/qCcdOujsefNAG0Uraj//2azQrtjA1sXx2V6tMw==</wsse:BinarySecurityTok en> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <Reference URI="#Id-4130cb51-eb27-4f46-aa92-c7db3e906e4c"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <DigestValue>iDgY5vodA7dsKqrWWXJT0ynFJzI=</DigestValue> </Reference> </SignedInfo> <SignatureValue>TQ1okwAi9CQS5vNCSxR2p2vaRKjbYF2YYx3XtOA/lhm9ykwxCQpNlOwio4U0 eE3ko1IwRmG8/ATqkTEZ8AKQVsg6w3xRqTcKjs2jQPj3Q8epOsXeie6OEuYeD1wSbsPYoaP0jBAC Wbdd1TR2OMiqjEENvIPGAw9jaTz0Ldp4uSU=</SignatureValue> <KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#SecurityToken-0170d0e7-53ad-4bf4-8176-5598acd0a7ae" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke n-profile-1.0#X509v3" /> </wsse:SecurityTokenReference> </KeyInfo> </Signature> </wsse:Security> </soap:Header> <soap:Body wsu:Id="Id-4130cb51-eb27-4f46-aa92-c7db3e906e4c"> <PersonalCPRDataStructure xmlns="http://rep.oio.dk/xkom.dk/xml/schemas/2004/08/01/";> <PersonName> <PersonGivenName xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/";>Fornavn</Person GivenName> <PersonMiddleName xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/";>Mellemnavn</Per sonMiddleName> <PersonSurnameName xmlns="http://rep.oio.dk/ebxml/xml/schemas/dkcc/2003/02/13/";>Efternavn</Pers onSurnameName> </PersonName> </PersonalCPRDataStructure> </soap:Body> </soap:Envelope>
