[jira] [Created] (CXF-3414) Signature verification fails with custom SOAP header

Wed, 23 Mar 2011 06:37:46 -0700 

Signature verification fails with custom SOAP header
----------------------------------------------------

                 Key: CXF-3414
                 URL: https://issues.apache.org/jira/browse/CXF-3414
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.3.2
            Reporter: Jens Granseuer
         Attachments: signature-handler.zip

When a client sends a signed message body, and also includes a custom SOAP 
header in the message, signature verification fails at the receiving end.

{quote}
2011-03-23 14:33:41,159 DEBUG | verify 1 References | signature.Manifest
2011-03-23 14:33:41,159 DEBUG | I am not requested to follow nested Manifests | 
signature.Manifest
2011-03-23 14:33:41,159 DEBUG | setElement("ds:Reference", "null") | 
utils.ElementProxy
2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transforms", "null") | 
utils.ElementProxy
2011-03-23 14:33:41,159 DEBUG | Request for URI 
http://www.w3.org/2000/09/xmldsig#sha1 | algorithms.JCEMapper
2011-03-23 14:33:41,159 DEBUG | I was asked to create a ResourceResolver and 
got 1 | resolver.ResourceResolver
2011-03-23 14:33:41,159 DEBUG |  extra resolvers to my existing 4 system-wide 
resolvers | resolver.ResourceResolver
2011-03-23 14:33:41,159 DEBUG | check resolvability by class 
org.apache.ws.security.message.EnvelopeIdResolver | resolver.ResourceResolver
2011-03-23 14:33:41,159 DEBUG | enter engineResolve, look for: #id-2 | 
message.EnvelopeIdResolver
2011-03-23 14:33:41,159 DEBUG | exit engineResolve, result: 
XMLSignatureInput/Element/[soap:Body: null] exclude null comments:false/null | 
message.EnvelopeIdResolver
2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transform", "null") | 
utils.ElementProxy
2011-03-23 14:33:41,159 DEBUG | Pre-digested input: | utils.DigesterOutputStream
2011-03-23 14:33:41,159 DEBUG | <soap:Body 
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 wsu:Id="id-2"><greetMe 
xmlns="http://apache.org/hello_world_soap_http/types";><requestType>Master</requestType></greetMe><greetMe
 
xmlns="http://apache.org/hello_world_soap_http/types";><requestType>Master</requestType></greetMe></soap:Body>
 | utils.DigesterOutputStream
2011-03-23 14:33:41,159 WARN  | Verification failed for URI "#id-2" | 
signature.Reference
2011-03-23 14:33:41,159 WARN  | Expected Digest: yFxDQhgODwm09BOOEJwzrMzvfO4= | 
signature.Reference
2011-03-23 14:33:41,159 WARN  | Actual Digest: l9AeEEtC5yLW+5gbX/vJunbkhrU= | 
signature.Reference
{quote}


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to