[jira] [Updated] (CXF-3414) Signature verification fails with custom SOAP header

Wed, 23 Mar 2011 06:37:50 -0700 

     [ 
https://issues.apache.org/jira/browse/CXF-3414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jens Granseuer updated CXF-3414:
--------------------------------

    Attachment: signature-handler.zip

simple maven test project

> Signature verification fails with custom SOAP header
> ----------------------------------------------------
>
>                 Key: CXF-3414
>                 URL: https://issues.apache.org/jira/browse/CXF-3414
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3.2
>            Reporter: Jens Granseuer
>         Attachments: signature-handler.zip
>
>
> When a client sends a signed message body, and also includes a custom SOAP 
> header in the message, signature verification fails at the receiving end.
> {quote}
> 2011-03-23 14:33:41,159 DEBUG | verify 1 References | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | I am not requested to follow nested Manifests 
> | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Reference", "null") | 
> utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transforms", "null") | 
> utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Request for URI 
> http://www.w3.org/2000/09/xmldsig#sha1 | algorithms.JCEMapper
> 2011-03-23 14:33:41,159 DEBUG | I was asked to create a ResourceResolver and 
> got 1 | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG |  extra resolvers to my existing 4 system-wide 
> resolvers | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | check resolvability by class 
> org.apache.ws.security.message.EnvelopeIdResolver | resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | enter engineResolve, look for: #id-2 | 
> message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | exit engineResolve, result: 
> XMLSignatureInput/Element/[soap:Body: null] exclude null comments:false/null 
> | message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transform", "null") | 
> utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Pre-digested input: | 
> utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 DEBUG | <soap:Body 
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; 
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>  wsu:Id="id-2"><greetMe 
> xmlns="http://apache.org/hello_world_soap_http/types";><requestType>Master</requestType></greetMe><greetMe
>  
> xmlns="http://apache.org/hello_world_soap_http/types";><requestType>Master</requestType></greetMe></soap:Body>
>  | utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 WARN  | Verification failed for URI "#id-2" | 
> signature.Reference
> 2011-03-23 14:33:41,159 WARN  | Expected Digest: yFxDQhgODwm09BOOEJwzrMzvfO4= 
> | signature.Reference
> 2011-03-23 14:33:41,159 WARN  | Actual Digest: l9AeEEtC5yLW+5gbX/vJunbkhrU= | 
> signature.Reference
> {quote}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to