[jira] [Commented] (CXF-6652) can't sign SOAP header Signature "signature verification failed"

Thu, 22 Oct 2015 07:01:52 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-6652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14969196#comment-14969196
 ] 

Alexandre Meyer commented on CXF-6652:
--------------------------------------

Hello,

The problem is on the creation side. When I configure Signature to consume 
secured web service on WCF server.

In my SOAP message id of "Signature" element isn't referenced in header.

So the server response is "An error occurred when verifying security for the 
message."

I think that a Signature element is missing on my side, to reference the 
previous Signature element.(SIG-ed19886d-2f14-4595-a815-8544867deae4)

i haven't stacktrace on my side because the soap message is correct... but 
incomplete.

> can't sign SOAP header Signature "signature verification failed"
> ----------------------------------------------------------------
>
>                 Key: CXF-6652
>                 URL: https://issues.apache.org/jira/browse/CXF-6652
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.1.3
>            Reporter: Alexandre Meyer
>
> When you configure Signature action:
> Map<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION,"Signature Encrypt Timestamp");
> ...
> and SIGNATURE_PARTS
> ...
> outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
>       
> "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
>  "
>       + "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID 
> ");
> All works fine but the Signature element does not have any reference.
> Result:
> <wsu:Timestamp wsu:Id="TS-1">
>       <wsu:Created>2015-10-22T11:55:21.937Z</wsu:Created>
>       <wsu:Expires>2015-10-22T12:00:21.937Z</wsu:Expires>
> </wsu:Timestamp>
> <Action ... wsu:Id="id-1">
> <MessageID ... wsu:Id="id-2">
> <To ... wsu:Id="id-3">
> <ReplyTo ... wsu:Id="id-4">
>       
> <Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
> </ReplyTo>
> ....
> <ds:Signature ... Id="SIG-ed19886d-2f14-4595-a815-8544867deae4">
>       <ds:SignedInfo>
>               <ds:CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>               <ds:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>               <ds:Reference URI="#TS-1">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-1">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-2">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-3">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-4">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>       </ds:SignedInfo>
>       <ds:SignatureValue>.......</ds:SignatureValue>
>       <ds:KeyInfo Id="KI-...">
>               ....
>       </ds:KeyInfo>
> </ds:Signature>
> But where is the reference to "SIG-ed19886d-2f14-4595-a815-8544867deae4"?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to