[
https://issues.apache.org/jira/browse/CXF-6652?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexandre Meyer updated CXF-6652:
---------------------------------
Description:
When you configure Signature action:
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,"Signature Encrypt Timestamp");
...
and SIGNATURE_PARTS
...
outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID
");
All works fine but the Signature element does not have any reference.
Result:
{code:xml}
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2015-10-22T11:55:21.937Z</wsu:Created>
<wsu:Expires>2015-10-22T12:00:21.937Z</wsu:Expires>
</wsu:Timestamp>
<Action ... wsu:Id="id-1">
<MessageID ... wsu:Id="id-2">
<To ... wsu:Id="id-3">
<ReplyTo ... wsu:Id="id-4">
<Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
</ReplyTo>
....
<ds:Signature ... Id="SIG-ed19886d-2f14-4595-a815-8544867deae4">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-1">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-3">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-4">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>.......</ds:SignatureValue>
<ds:KeyInfo Id="KI-...">
....
</ds:KeyInfo>
</ds:Signature>
{code}
But where is the reference to "SIG-ed19886d-2f14-4595-a815-8544867deae4"?
was:
When you configure Signature action:
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,"Signature Encrypt Timestamp");
...
and SIGNATURE_PARTS
...
outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
"
+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo; "
+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID
");
All works fine but the Signature element does not have any reference.
Result:
<wsu:Timestamp wsu:Id="TS-1">
<wsu:Created>2015-10-22T11:55:21.937Z</wsu:Created>
<wsu:Expires>2015-10-22T12:00:21.937Z</wsu:Expires>
</wsu:Timestamp>
<Action ... wsu:Id="id-1">
<MessageID ... wsu:Id="id-2">
<To ... wsu:Id="id-3">
<ReplyTo ... wsu:Id="id-4">
<Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
</ReplyTo>
....
<ds:Signature ... Id="SIG-ed19886d-2f14-4595-a815-8544867deae4">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#TS-1">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-1">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-2">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-3">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-4">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>.......</ds:SignatureValue>
<ds:KeyInfo Id="KI-...">
....
</ds:KeyInfo>
</ds:Signature>
But where is the reference to "SIG-ed19886d-2f14-4595-a815-8544867deae4"?
> can't sign SOAP header Signature "signature verification failed"
> ----------------------------------------------------------------
>
> Key: CXF-6652
> URL: https://issues.apache.org/jira/browse/CXF-6652
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 3.1.3
> Reporter: Alexandre Meyer
>
> When you configure Signature action:
> Map<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION,"Signature Encrypt Timestamp");
> ...
> and SIGNATURE_PARTS
> ...
> outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
>
> "{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
> "
> + "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; "
> + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action; "
> + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To; "
> + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo; "
> + "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID
> ");
> All works fine but the Signature element does not have any reference.
> Result:
> {code:xml}
> <wsu:Timestamp wsu:Id="TS-1">
> <wsu:Created>2015-10-22T11:55:21.937Z</wsu:Created>
> <wsu:Expires>2015-10-22T12:00:21.937Z</wsu:Expires>
> </wsu:Timestamp>
> <Action ... wsu:Id="id-1">
> <MessageID ... wsu:Id="id-2">
> <To ... wsu:Id="id-3">
> <ReplyTo ... wsu:Id="id-4">
>
> <Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
> </ReplyTo>
> ....
> <ds:Signature ... Id="SIG-ed19886d-2f14-4595-a815-8544867deae4">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="#TS-1">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>...</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-1">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>...</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-2">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>...</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-3">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>...</ds:DigestValue>
> </ds:Reference>
> <ds:Reference URI="#id-4">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>...</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>.......</ds:SignatureValue>
> <ds:KeyInfo Id="KI-...">
> ....
> </ds:KeyInfo>
> </ds:Signature>
> {code}
> But where is the reference to "SIG-ed19886d-2f14-4595-a815-8544867deae4"?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
