Re: Error on decryption

DSL Thu, 08 Dec 2011 04:35:11 -0800

I am putting an STS token in the header....so I tried removing it and
it seems to get past the sign/encrypt:


2011-12-08 07:23:59,100 DEBUG
[org.apache.ws.security.components.crypto.CryptoFactory]
(http-127.0.0.1-8080-5) Using Crypto Engine
[org.apache.ws.security.components.crypto.Merlin]
2011-12-08 07:23:59,100 DEBUG [org.apache.ws.security.util.Loader]
(http-127.0.0.1-8080-5) Trying to find [server-keystore.jks] using
BaseClassLoader@17f9021e{vfszip:/C:/Workspace/jboss-as/jboss-5.1.0.GA/server/default/deploy/HelloSecureWorldServer-1.0-SNAPSHOT.war/}
class loader.
2011-12-08 07:23:59,107 DEBUG
[org.apache.ws.security.components.crypto.AbstractCrypto]
(http-127.0.0.1-8080-5) CA certs have been loaded
2011-12-08 07:23:59,107 DEBUG
[org.apache.ws.security.WSSecurityEngine] (http-127.0.0.1-8080-5)
enter processSecurityHeader()
2011-12-08 07:23:59,107 DEBUG
[org.apache.ws.security.WSSecurityEngine] (http-127.0.0.1-8080-5)
Processing WS-Security header for '' actor.
2011-12-08 07:23:59,108 DEBUG
[org.apache.ws.security.processor.EncryptedKeyProcessor]
(http-127.0.0.1-8080-5) Found encrypted key element
2011-12-08 07:23:59,108 INFO
[org.apache.ws.security.message.token.SecurityTokenReference]
(http-127.0.0.1-8080-5) X509IssuerSerial alias: serverx509v1
2011-12-08 07:23:59,109 DEBUG
[org.apache.ws.security.processor.EncryptedKeyProcessor]
(http-127.0.0.1-8080-5) X509IssuerSerial alias: serverx509v1
2011-12-08 07:23:59,111 DEBUG
[org.apache.ws.security.processor.EncryptedKeyProcessor]
(http-127.0.0.1-8080-5) found data reference: EncDataId-14
2011-12-08 07:23:59,111 DEBUG
[org.apache.ws.security.processor.X509Util] (http-127.0.0.1-8080-5)
Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#tripledes-cbc
2011-12-08 07:23:59,115 DEBUG
[org.apache.ws.security.processor.EncryptedKeyProcessor]
(http-127.0.0.1-8080-5) found data reference: EncDataId-15
2011-12-08 07:23:59,116 DEBUG
[org.apache.ws.security.processor.X509Util] (http-127.0.0.1-8080-5)
Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#tripledes-cbc
2011-12-08 07:23:59,120 DEBUG
[org.apache.ws.security.processor.SignatureProcessor]
(http-127.0.0.1-8080-5) Found signature element
2011-12-08 07:23:59,120 DEBUG
[org.apache.ws.security.processor.SignatureProcessor]
(http-127.0.0.1-8080-5) Verify XML Signature
2011-12-08 07:23:59,121 DEBUG
[org.apache.ws.security.message.EnvelopeIdResolver]
(http-127.0.0.1-8080-5) enter engineResolve, look for: #Timestamp-11
2011-12-08 07:23:59,121 DEBUG
[org.apache.ws.security.message.EnvelopeIdResolver]
(http-127.0.0.1-8080-5) exit engineResolve, result:
XMLSignatureInput/Element/[wsu:Timestamp: null] exclude null
comments:false/null
2011-12-08 07:23:59,122 DEBUG
[org.apache.ws.security.message.EnvelopeIdResolver]
(http-127.0.0.1-8080-5) enter engineResolve, look for: #id-13
2011-12-08 07:23:59,122 DEBUG
[org.apache.ws.security.message.EnvelopeIdResolver]
(http-127.0.0.1-8080-5) exit engineResolve, result:
XMLSignatureInput/Element/[soap:Body: null] exclude null
comments:false/null
2011-12-08 07:23:59,122 DEBUG [org.apache.ws.security.TIME]
(http-127.0.0.1-8080-5) Verify: total= 2, prepare-cert= 0, verify= 2
2011-12-08 07:23:59,140 DEBUG
[org.apache.ws.security.processor.TimestampProcessor]
(http-127.0.0.1-8080-5) Found Timestamp list element
2011-12-08 07:23:59,141 DEBUG
[org.apache.ws.security.processor.TimestampProcessor]
(http-127.0.0.1-8080-5) Preparing to verify the timestamp
2011-12-08 07:23:59,141 DEBUG
[org.apache.ws.security.processor.TimestampProcessor]
(http-127.0.0.1-8080-5) Current time: 2011-12-08T12:23:59.141Z
2011-12-08 07:23:59,141 DEBUG
[org.apache.ws.security.processor.TimestampProcessor]
(http-127.0.0.1-8080-5) Timestamp created: 2011-12-08T12:23:58.952Z
2011-12-08 07:23:59,142 DEBUG
[org.apache.ws.security.processor.TimestampProcessor]
(http-127.0.0.1-8080-5) Timestamp expires: 2011-12-08T12:28:58.952Z
2011-12-08 07:23:59,142 DEBUG [org.apache.ws.security.TIME]
(http-127.0.0.1-8080-5) processHeader: total 35, prepare 0, handle 35
2011-12-08 07:23:59,142 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
WSHandler: Transmitted certificate has subject CN=Mayank
Mishra,OU=Dev,O=Apache,L=INDORE,ST=MP,C=IN
2011-12-08 07:23:59,143 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
WSHandler: Transmitted certificate has issuer CN=Mayank
Mishra,OU=Dev,O=Apache,L=INDORE,ST=MP,C=IN (serial 1245003015)
2011-12-08 07:23:59,143 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
Direct trust for certificate with CN=Mayank
Mishra,OU=Dev,O=Apache,L=INDORE,ST=MP,C=IN
2011-12-08 07:23:59,143 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
Preparing to verify the timestamp
2011-12-08 07:23:59,144 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
Validation of Timestamp: Current time is 2011-12-08T12:23:59.143Z
2011-12-08 07:23:59,144 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
Validation of Timestamp: Valid creation is 2011-12-08T12:18:59.143Z
2011-12-08 07:23:59,144 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
Validation of Timestamp: Timestamp created is 2011-12-08T12:23:58.952Z
2011-12-08 07:23:59,144 DEBUG
[org.apache.ws.security.handler.WSHandler] (http-127.0.0.1-8080-5)
Validation of Timestamp: Everything is ok

but I am getting:

2011-12-08 07:23:59,160 WARN
[org.apache.cxf.phase.PhaseInterceptorChain] (http-127.0.0.1-8080-5)
Interceptor for
{http://example.com/HelloSecureWorldService}HelloSecureWorldService#{http://example.com/HelloSecureWorldService}HelloSecureWorld
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: These policy alternatives can not be
satisfied:

{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}EncryptedParts
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts

with my policy:

    <wsp:Policy wsu:Id="ServiceInputOutputPolicy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:EncryptedParts>
                    <sp:Body/>
                </sp:EncryptedParts>
                <sp:SignedParts>
                    <sp:Body/>
<!--
                    <sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing"/>
                    <sp:Header Name="AckRequested"
Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
                    <sp:Header Name="SequenceAcknowledgement"
Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
                    <sp:Header Name="Sequence"
Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
                    <sp:Header Name="CreateSequence"
Namespace="http://schemas.xmlsoap.org/ws/2005/02/rm"/>
-->
                </sp:SignedParts>
            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>

On Thu, Dec 8, 2011 at 6:58 AM, Colm O hEigeartaigh <[email protected]> wrote:
> The error is essentially saying that two elements in the request have
> the same "Id". Is it possible that the first encrypted element
> contains an Id that matches that of the EncryptedData element in the
> SOAP Body?
>
> Colm.
>
> On Wed, Dec 7, 2011 at 1:24 PM, DSL <[email protected]> wrote:
>> Thank you for your quick response, I have included the information you
>> requested below:
>>
>> Environment:
>>
>>    Jboss AS 5.1.0, jbossws-cxf 3.4.0 which uses ( cxf 2.3.0 )
>>
>> Incoming message:
>>
>> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><soap:Header><wsse:Security
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>> soap:mustUnderstand="1"><xenc:EncryptedKey
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
>> Id="EncKeyId-0369294A1849191CAA132326392348286"><xenc:EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /><ds:KeyInfo
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=Mayank
>> Mishra,OU=Dev,O=Apache,L=INDORE,ST=MP,C=IN</ds:X509IssuerName><ds:X509SerialNumber>1245003015</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>mX8QPqWxnWsVE1FEuPrjxUrCi+Yk4lXvV+DcE5t5aDF3vlLdj3mEyg3YmtzgG//jmLI/Cjczt6dqIJVDD4jNUwYzgLTRpbb01894N64In0u94BsI+ri+dM9GVDV9clii5uqIKztX+Ay2FETtKn6+AcNGkix9mQS3K7dKmE2b7b0=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
>> URI="#EncDataId-77" /><xenc:DataReference URI="#EncDataId-78"
>> /></xenc:ReferenceList></xenc:EncryptedKey><wsse:BinarySecurityToken
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
>> wsu:Id="CertId-0369294A1849191CAA132326392346282">MIICNjCCAZ8CBEo1PQcwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAk1QMQ8wDQYDVQQHEwZJTkRPUkUxDzANBgNVBAoTBkFwYWNoZTEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw1NYXlhbmsgTWlzaHJhMB4XDTA5MDYxNDE4MTAxNVoXDTE5MDYxMjE4MTAxNVowYjELMAkGA1UEBhMCSU4xCzAJBgNVBAgTAk1QMQ8wDQYDVQQHEwZJTkRPUkUxDzANBgNVBAoTBkFwYWNoZTEMMAoGA1UECxMDRGV2MRYwFAYDVQQDEw1NYXlhbmsgTWlzaHJhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAiXozxqFqRmn5d7JK7+iOL0n0IvoxsphntXk1OEzalwFITzOr3IbnwDWDI5FIUidq/QmpqijEQmCX2Ne4CTTxDVeSNvxWLc3KjmsECDwrKulmireRVdg/T0K8JZ0ezZxP35+dM0o3Evq5ocekJJ84Em46WrLH7DR2yA1DryowXQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEpO4eEh//9weRuBlr8H8/oJSNtt9DywNwIqBtn+7i7hWX6pz+Uf1sH+B+hY1HZDKPMyl8Wxh6jduRdRRh2Hgi+0yUDSmWxJXgF5NnwaKf2EN53opm/S4X/ZjbO31Y8vNWHFMUhAFFxgE2bV3LaN3Lwi6muBpdx6KVS8hvN/SzBr</wsse:BinarySecurityToken><xenc:EncryptedData
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncDataId-77"
>> Type="http://www.w3.org/2001/04/xmlenc#Element";><xenc:EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
>> /><ds:KeyInfo 
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>> URI="#EncKeyId-0369294A1849191CAA132326392348286"
>> /></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>FD8K9IqkKjo1PKLuCQGW6iJaAUoq0nvsjHPPeh/C4ikqHrF8KkDCGh1cDz4R20vExL8++jNu7QGCw3LU7DgH+K0XT4DT+PhetfSf1uQ+BKzZu8UU4nJ37LiD3V1xaxLxsNVtkZ4vz1aKnn0tugj85O/gPazVeNZaEkbauTzvhLjEC+VItYVae5DI9UVUUOj8XgTWleYayPlH1TKFbeHJpTfcCDVbEyuEEGAByUpPdIML1E0i/6DcnRJ6fONpoOfPRkMSA4OQmdejV7Yvz+iqjFi+fjik88sQ/ut0Z2kknoutctFgJbYn1CmvzttWQLUYhHuJjt8v+cV2ZlfbwWZVvJwZLTFvMdl2hXLoNkJCt7C3d0GWpcKS7LuI546vyabwOfTy3Fx4zqXRro6t/63yosmoTs5sqF9KFATKID7mbRPkdRXosVOzTAuRYoktLYPk8PGpXS2taFE81e0t0T8Sbq0sbel+ggij563RvQUULCJw/52DteWtSBFDI68U1MOewf+Hql3e8FeqJYNobFcLsstK0b6dXYk02SIKna4QbSWE0WrBgaE6vkder0at7mJCS0zm9wzEO+X8SPb2fHDTPFIVWfvVVH6mK5pzNOV5X29zBmDKG34Q44why1Oj3YkhvnxTRTuZAlTRPlmEkogdLJDH+e/oeYKYCUbkwmnfNqkdDiKIYIdskrp4x/VWpnEehETdpDXkFkMWp+HmRS5WssfkC+lrMSqYLrki5iTYR4EzCUlM3ixxzaeiWbhW7jEiSrNnQTO4QLBR/vWwd1Zurkyp+sFhJbtoqedJRToRu4L5w412jefuoop0FcHr7RO8HDtMwCXwOPxQaqKT/NamRF7zeUrExKX/8t6aHikDXVXm7gSt7OLhbj+qLQMAEvZlcHRKQLgNwVtJZ6zqBvpWMMsnO0PtlDN/gnNYOmMC9dPLdFUv6AwtdMKnzYceWIV49GnMkoG6d/jirm1W5RwhS2G2UIS7H90rlTMCnjXz6b45Lfw/PNMKQs1DUXTWaEDCyn5shR+iODndN5HmC9NRDDs2lKwlzQ+DPBmONNIbzUBJQ6nwhjGTQPIGBUojQsqu/7vIm65jJT9gtlJ1DXu4C9pbzwEFnvXM/lKdREQoH4RoHlavc6IlxnbtfR5mmNfAfvp/PSNrVPaY3Mlg3rAOCroc0YYsk3lzTaOoLrqroijjKx/aB/8z9dW53V+7BaXwVu/V2PPMmGCcPvQsSRN6ctf1jJUmp/gP6VDy5XuUZPmDWK0ESw2Gd0DlDnrpD3APRfGv4V1aIhXbbuw9YvX3F9l1h4YFjD36B2Nlm7AJ42NNM94kRnuU5IOO7WkUxD1Nu9+7pxOSta9tMEyOUWDSZiWk0V3jLtEv9rq4Tvtyc1HTCyBmK19eXP8vq6C/ek7LpFsyaVkiHgDn5Ehf7ORv4m/r9DfDGuQ0TLRYlSSDKxFwIVcyUcgXiodxcLQ+bsER3MTIft6UTJTHiz7LxWMftly22zNsNp0wLyUkPMXBSFnoZy7eM/MnFT4silWfOQx8otC9N8B9uIreSdvtETfa2pZEZALeiaxFRBvwPbUTSEpvCYth3GiZ+oatbJhUtYAAXtevJrftaj8bTJlwki/z35HeP/WqhgCb0VEbuXyHaw4KViIvvtc6Eyaj04ouSa9M7Am1enXZw7cpKVHhm4doWqu/sta6cv869dW3fPxt21hhHUvOC8YG7EcJHnPszTccWvDlBpr5rIbM8x/vShFRRbQaDwwcVAE8cDamF92Pfd1QGlg/RBGIlezc/tj+Yo/+UIc5jjq3len8SZCvx3RSavM8RTby8+jQugIfXMW0MAq8gpf9y4+rc/bHcQx/ZbJ2MIUXunSoL4gG1D9LoGWpDj+AwAlNVHoOjrIMTk1vWi+iDJU6WqkNZlsmfC+fRiUj1//q8qEKP+KwShy+HAx/hw+8QIk+c1nl64bPhl9XqC4juN6kL8o/L455XjCB+cwOs/XIuEwVIsTAn9WxscFp5Tue6ph+cBz9GeKHLliTzoI/J8DP985C8b6VuWr6jlEdlSo+GgNkk2QbGUDrF9Xp5hVC5CHZOY8utT07nzdacJBYk9pLT+ZqxItetgd/iKP6UXCwVzSdwI0JCJcnV0SbGGed6cVwuliirqFTJ7bcZFfJdeAaMBGUX4rnUvvRmSBD+ZIq6nAUcxpo9EaoN0YpQ1pthRzIV0c7wqssULlDZ1NwsO4aR2wvd4rTz+wjDb2jhwRdkj1AaPMsFMj5Rt63L+34q9R/HBcJGDvryYpawgREupWT5gn4OZsMMO67jwVdD4H1ItQR+wP1yu7Mr+eP3+bMKmZ8c+s8pPWYgQs0AygE6PMnG/ZbNTbLgSZjiT2M4orsn1knbTSo7T1OO2PqAG9dAbEfxEfyNe2YYIMiFCY=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>> wsu:Id="Timestamp-74"><wsu:Created>2011-12-07T13:18:43.461Z</wsu:Created><wsu:Expires>2011-12-07T13:23:43.461Z</wsu:Expires></wsu:Timestamp><saml:Assertion
>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>> ID="ID_9b05e5ae-9ee4-4026-b999-3a0d2cfbd20d"
>> IssueInstant="2011-12-07T13:18:43.426Z" Version="2.0"><saml:Issuer
>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">PicketLinkSTS</saml:Issuer><dsig:Signature
>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><dsig:SignedInfo><dsig:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
>> /><dsig:SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
>> /><dsig:Reference
>> URI="#ID_9b05e5ae-9ee4-4026-b999-3a0d2cfbd20d"><dsig:Transforms><dsig:Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
>> /><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";
>> /></dsig:Transforms><dsig:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
>> /><dsig:DigestValue>r3kDx65esz73i55SlYatjvWHE0g=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>NWoVO/hCzJ+6DiOFkWLFWyQAuDSmo/dnEnroSYNxYymnET8plkRIi7PBQe0sZik9e+oIyEAW146K
>> 5Sb38lLntPaH9IlPmoe7WDDdu+S0GfotT0cUUFBtfl3wDkeoDY0Fcg4KE6mfcAkhLhWG1XLjsQ0Q
>> TgTVyGczpXkJz3LuOiE=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
>> dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJns2qVnMuRK19ju2dxpKw
>> lYGGtrP5VQv00dfNPbs=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><saml:Subject><saml:NameID
>> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>> NameQualifier="urn:picketlink:identity-federation">admin</saml:NameID><saml:SubjectConfirmation
>> Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"
>> /></saml:Subject><saml:Conditions NotBefore="2011-12-07T13:18:43.426Z"
>> NotOnOrAfter="2011-12-07T15:18:43.426Z"
>> /></saml:Assertion></wsse:Security><Action
>> xmlns="http://www.w3.org/2005/08/addressing";>http://example.com/HelloSecureWorldService/HelloSecureWorldServicePortType/HelloSecureWorldRequest</Action><MessageID
>> xmlns="http://www.w3.org/2005/08/addressing";>urn:uuid:66d444b3-ed14-4dc7-a7b6-0e4359f36598</MessageID><To
>> xmlns="http://www.w3.org/2005/08/addressing";>http://localhost:8080/HelloSecureWorldServer/HelloSecureWorldServer</To><ReplyTo
>> xmlns="http://www.w3.org/2005/08/addressing";><Address>http://www.w3.org/2005/08/addressing/anonymous</Address></ReplyTo></soap:Header><soap:Body
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
>> wsu:Id="id-76"><xenc:EncryptedData
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncDataId-78"
>> Type="http://www.w3.org/2001/04/xmlenc#Content";><xenc:EncryptionMethod
>> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
>> /><ds:KeyInfo 
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>> URI="#EncKeyId-0369294A1849191CAA132326392348286"
>> /></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>hRsTHc1NSAVx87Uo+IHphSvJg4WfFWOoVBDoaWFYG3be06ofTLQTAcMojENU+Exy9yDvQH2G7tyPu7kUyq3r9zS261K/0Y7JrpxwaI6kNXHAIccFhBd0VVHcgu++BI48brHiTmjsn9o=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
>>
>> On Wed, Dec 7, 2011 at 6:03 AM, Colm O hEigeartaigh <[email protected]> 
>> wrote:
>>> What version of CXF are you using + can you include the incoming message?
>>>
>>> Colm.
>>>
>>> On Tue, Dec 6, 2011 at 6:46 PM, DSL <[email protected]> wrote:
>>>> Has anyone seen this error on a web service when decrypting the
>>>> incomding message:
>>>>
>>>> 2011-12-06 13:37:18,100 ERROR [STDERR] (http-127.0.0.1-8080-2)
>>>> javax.xml.ws.soap.SOAPFaultException: An error was discovered
>>>> processing the <wsse:Security> header (WSSecurityEngine: DataReference
>>>> - referenced data not found)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> $Proxy715.helloSecureWorld(Unknown Source)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> com.example.HelloWorldClient.helloSecureWorld(HelloWorldClient.java:84)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> com.example.HelloWorldServlet.doGet(HelloWorldServlet.java:71)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> 2011-12-06 13:37:18,101 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
>>>> 2011-12-06 13:37:18,102 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
>>>> 2011-12-06 13:37:18,103 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>> 2011-12-06 13:37:18,103 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> java.lang.Thread.run(Thread.java:662)
>>>> 2011-12-06 13:37:18,103 ERROR [STDERR] (http-127.0.0.1-8080-2) Caused
>>>> by: org.apache.cxf.binding.soap.SoapFault: An error was discovered
>>>> processing the <wsse:Security> header (WSSecurityEngine: DataReference
>>>> - referenced data not found)
>>>> 2011-12-06 13:37:18,103 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
>>>> 2011-12-06 13:37:18,103 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
>>>> 2011-12-06 13:37:18,103 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
>>>> 2011-12-06 13:37:18,103 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:99)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:142)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.jaxws.handler.soap.SOAPHandlerInterceptor.handleMessage(SOAPHandlerInterceptor.java:71)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2330)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2192)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2036)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:188)
>>>> 2011-12-06 13:37:18,104 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:696)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  at
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
>>>> 2011-12-06 13:37:18,105 ERROR [STDERR] (http-127.0.0.1-8080-2)  ... 25 more
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com

Re: Error on decryption

Reply via email to