[jira] [Comment Edited] (CXF-6652) can't sign SOAP header Signature "signature verification failed"

Fri, 23 Oct 2015 07:28:45 -0700 

    [ 
https://issues.apache.org/jira/browse/CXF-6652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14970703#comment-14970703
 ] 

Alexandre Meyer edited comment on CXF-6652 at 10/23/15 2:27 PM:
----------------------------------------------------------------

{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:jaxws="http://cxf.apache.org/jaxws";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
           xmlns:wsa="http://cxf.apache.org/ws/addressing";
           xmlns:sec="http://cxf.apache.org/configuration/security";
           xmlns:p="http://cxf.apache.org/policy";
           xmlns:cxf="http://cxf.apache.org/core";
       xsi:schemaLocation="http://cxf.apache.org/core 
http://cxf.apache.org/schemas/core.xsd
          http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd
          http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
                  http://cxf.apache.org/transports/http/configuration 
http://cxf.apache.org/schemas/configuration/http-conf.xsd";>

        <cxf:bus>
                <cxf:features>
                        <p:policies/>
                        <cxf:logging/>
                </cxf:features>
        </cxf:bus>
        
        <jaxws:client name="{urn:AutoConnectSSO.WebService}TokenAccessService" 
createdFromAPI="true">
                <jaxws:properties>
                        <entry key="security.callback-handler" 
value="testing.ClientPasswordCallback"/>
                        <entry key="security.encryption.properties" 
value="encryption.properties"/>
                        <entry key="security.encryption.username" 
value="server"/>
                        <entry key="security.signature.properties" 
value="sunPKCS11.properties"/>
                </jaxws:properties>
        </jaxws:client>
</beans>
{code}


was (Author: alexflex25):
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:jaxws="http://cxf.apache.org/jaxws";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
           xmlns:wsa="http://cxf.apache.org/ws/addressing";
           xmlns:sec="http://cxf.apache.org/configuration/security";
           xmlns:p="http://cxf.apache.org/policy";
           xmlns:cxf="http://cxf.apache.org/core";
       xsi:schemaLocation="http://cxf.apache.org/core 
http://cxf.apache.org/schemas/core.xsd
          http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans.xsd
          http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
                  http://cxf.apache.org/transports/http/configuration 
http://cxf.apache.org/schemas/configuration/http-conf.xsd";>

        <cxf:bus>
                <cxf:features>
                        <p:policies/>
                        <cxf:logging/>
                </cxf:features>
        </cxf:bus>
        
        <jaxws:client name="{urn:AutoConnectSSO.WebService}TokenAccessService" 
createdFromAPI="true">
                <jaxws:properties>
                        <entry key="security.callback-handler" 
value="testing.ClientPasswordCallback"/>
                        <entry key="security.encryption.properties" 
value="encryption.properties"/>
                        <entry key="security.encryption.username" 
value="server"/>
                        <entry key="security.signature.properties" 
value="sunPKCS11.properties"/>
                </jaxws:properties>
        </jaxws:client>
</beans>

> can't sign SOAP header Signature "signature verification failed"
> ----------------------------------------------------------------
>
>                 Key: CXF-6652
>                 URL: https://issues.apache.org/jira/browse/CXF-6652
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.1.3
>            Reporter: Alexandre Meyer
>
> When you configure Signature action:
> Map<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION,"Signature Encrypt Timestamp");
> ...
> and SIGNATURE_PARTS
> ...
> outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
>       
> "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
>  "
>       + "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo; "
>       + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID 
> ");
> All works fine but the Signature element does not have any reference.
> Result:
> <wsu:Timestamp wsu:Id="TS-1">
>       <wsu:Created>2015-10-22T11:55:21.937Z</wsu:Created>
>       <wsu:Expires>2015-10-22T12:00:21.937Z</wsu:Expires>
> </wsu:Timestamp>
> <Action ... wsu:Id="id-1">
> <MessageID ... wsu:Id="id-2">
> <To ... wsu:Id="id-3">
> <ReplyTo ... wsu:Id="id-4">
>       
> <Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
> </ReplyTo>
> ....
> <ds:Signature ... Id="SIG-ed19886d-2f14-4595-a815-8544867deae4">
>       <ds:SignedInfo>
>               <ds:CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>               <ds:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>               <ds:Reference URI="#TS-1">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-1">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-2">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-3">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>               <ds:Reference URI="#id-4">
>                       <ds:Transforms>
>                               <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                       </ds:Transforms>
>                       <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                       <ds:DigestValue>...</ds:DigestValue>
>               </ds:Reference>
>       </ds:SignedInfo>
>       <ds:SignatureValue>.......</ds:SignatureValue>
>       <ds:KeyInfo Id="KI-...">
>               ....
>       </ds:KeyInfo>
> </ds:Signature>
> But where is the reference to "SIG-ed19886d-2f14-4595-a815-8544867deae4"?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to