Hi all, We are using a generated Apache CXF client 2.2.6 with WSS4J 1.5.8 to send encrypted and signed payload to a web service.
The old request looks like this: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <soap:Header> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " soap:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary " ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 " wsu:Id="CertId-CF8CF283F652CEF28413370846975151">MIICrDCCAhUCAQEwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0emVybGFuZDENMAsGA1UEBxMEQmVybjEUMBIGA1UEChMLWWVsbG93d29ybGQxCzAJBgNVBAsTAmNhMRcwFQYDVQQDEw5ZZWxsb3d3b3JsZCBDQTEgMB4GCSqGSIb3DQEJARYRY2FAeWVsbG93d29ybGQuY2gwHhcNMDkxMjE1MTIzNjM2WhcNMTQxMjE5MTIzNjM2WjCBqzELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAkJFMQ0wCwYDVQQHEwRCZXJuMSAwHgYDVQQKExdTd2lzcyBQb3N0IFNvbHV0aW9ucyBBRzETMBEGA1UECxMKT3BlcmF0aW9uczEbMBkGA1UEAxQSTJR3ZW5mbGVzUGFybnRlckFHMSwwKgYJKoZIhvcNAQkBFh1pcGVjb3BlcmF0aW9uc0B5ZWxsb3d3b3JsZC5jaDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5A39bwcdfR5Oph98tM18RzSPtlciRhnuC0C0ytGHGDNkIalvz9QOZD3oIdtEIWt8SlxDm6v8uerQdL+T7dFTKHC5WScaFmREEvpGTiCWp+UnrZEBmMx4kqwBuiCx4lM3glHR68IUkq3O9UeT2g+RDd6Lc+7s+w99p5soPHUvo2cCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC/CA6l41uILhDs5lpgnpOMbjhlRF/s7y6rof7kynybatWd6U1pyP6IVVZLY3ShUP4HniODfiEM/G2krJy4ikRCpoWNqzrQyHv8nGc4jyak3T4K0MANaSgq9OOMrgf1Lqw8HorD4sz1zYVK/McPPjpJaYnZJVBCaUwic+KbLchz4g== </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-3"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#id-4"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"; /> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>fxZfi4oX3tBU97FEfLk0o2XMl3U=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> SXhsH5MsJm3U8A+5SeCaE8z3qpAkE8PSGwgajg6PaWo6AZskvdZJXEiMdDIxz8U7+D1gGVDyh3L/ os6ZtVRHhPEUUcUSEUWlRAJhXuimL1VIGLBKnd+gV+cs5L8R3p5hdYFbVR77M1kEtqXe7vZTQ2FS bUOLlZCEgyFDjHNd9wc= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-CF8CF283F652CEF28413370846975202"> <wsse:SecurityTokenReference xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="STRId-CF8CF283F652CEF28413370846975213"> <wsse:Reference xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " URI="#CertId-CF8CF283F652CEF28413370846975151" ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="Timestamp-2"> <wsu:Created>2012-05-15T12:24:57.512Z</wsu:Created> <wsu:Expires>2012-05-15T12:29:57.512Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="UsernameToken-1"> <wsse:Username>username</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">password</wsse:Password> <wsse:Nonce EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary ">EKSdOe91H3KXx80xHwPSfA==</wsse:Nonce> <wsu:Created>2012-05-15T12:24:57.511Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="id-4"> <UploadFiles xmlns="http://www.yellowworld.ch";> <invoices> <Invoice> <FileType>XML</FileType> <TransactionID>36821497-dfe5-46f7-96c5-b329f9ce931b</TransactionID> <Data>... </Data> </Invoice> </invoices> <BillerID>41100000000061250</BillerID> </UploadFiles> </soap:Body> </soap:Envelope> The new request, using Apache CXF 2.4.7 and WSS4J 1.6.5 looks like this <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> <soap:Header> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd " xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " soap:mustUnderstand="1"> <wsse:BinarySecurityToken EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary " ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 " wsu:Id="X509-E53B87963B33CCFEBE13370833763031">MIICrDCCAhUCAQEwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0emVybGFuZDENMAsGA1UEBxMEQmVybjEUMBIGA1UEChMLWWVsbG93d29ybGQxCzAJBgNVBAsTAmNhMRcwFQYDVQQDEw5ZZWxsb3d3b3JsZCBDQTEgMB4GCSqGSIb3DQEJARYRY2FAeWVsbG93d29ybGQuY2gwHhcNMDkxMjE1MTIzNjM2WhcNMTQxMjE5MTIzNjM2WjCBqzELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAkJFMQ0wCwYDVQQHEwRCZXJuMSAwHgYDVQQKExdTd2lzcyBQb3N0IFNvbHV0aW9ucyBBRzETMBEGA1UECxMKT3BlcmF0aW9uczEbMBkGA1UEAxQSTJR3ZW5mbGVzUGFybnRlckFHMSwwKgYJKoZIhvcNAQkBFh1pcGVjb3BlcmF0aW9uc0B5ZWxsb3d3b3JsZC5jaDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5A39bwcdfR5Oph98tM18RzSPtlciRhnuC0C0ytGHGDNkIalvz9QOZD3oIdtEIWt8SlxDm6v8uerQdL+T7dFTKHC5WScaFmREEvpGTiCWp+UnrZEBmMx4kqwBuiCx4lM3glHR68IUkq3O9UeT2g+RDd6Lc+7s+w99p5soPHUvo2cCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC/CA6l41uILhDs5lpgnpOMbjhlRF/s7y6rof7kynybatWd6U1pyP6IVVZLY3ShUP4HniODfiEM/G2krJy4ikRCpoWNqzrQyHv8nGc4jyak3T4K0MANaSgq9OOMrgf1Lqw8HorD4sz1zYVK/McPPjpJaYnZJVBCaUwic+KbLchz4g== </wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="SIG-4"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec=" http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="soap" /> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <ds:Reference URI="#id-3"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#";> <ec:InclusiveNamespaces xmlns:ec=" http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="" /> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"; /> <ds:DigestValue>cXfpCofTCBpD+RJQTFFHGbsu7B8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>tX06ZLOU89n8hhyjkfUryQPhFXRC15QM+Dw18vIUsZnZKrpfii4TZFwTR+WW6+5yCaSAIMPDKiXEW+oOZ38Pfnalk4Fo4uWfwKq79mcEmfZ9rWrxA/kJP+Tv0C0/97LE0+Fofu7iEgsuNSGxJpNBWKAAy8OXRapUV9dgkXu6xkg= </ds:SignatureValue> <ds:KeyInfo Id="KI-E53B87963B33CCFEBE13370833763072"> <wsse:SecurityTokenReference wsu:Id="STR-E53B87963B33CCFEBE13370833763093"> <wsse:Reference URI="#X509-E53B87963B33CCFEBE13370833763031" ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; /> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:Id="TS-2"> <wsu:Created>2012-05-15T12:02:55.000Z</wsu:Created> <wsu:Expires>2012-05-15T12:07:55.000Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken wsu:Id="UsernameToken-1"> <wsse:Username>username</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText ">password</wsse:Password> <wsse:Nonce EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary ">JaL7icBKeyXAl2SIWMx9XA==</wsse:Nonce> <wsu:Created>2012-05-15T12:02:54.998Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " wsu:Id="id-3"> <UploadFiles xmlns="http://www.yellowworld.ch";> <invoices> <Invoice> <FileType>XML</FileType> <TransactionID>43526ee2-5137-4518-83df-c1d878548e5a</TransactionID> <Data>... </Data> </Invoice> </invoices> <BillerID>41100000000061250</BillerID> </UploadFiles> </soap:Body> </soap:Envelope> With the new request I get "The signature or decryption was invalid" from the server: 14:50:40.787 main [] ERROR c.l.p.webservice.PostfinanceAdapter#handleError:228-> Exception caught during call to postfinance webservice: javax.xml.ws.soap.SOAPFaultException: Microsoft.Web.Services2.Security.SecurityFault: The signature or decryption was invalid at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) at Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156) at $Proxy33.uploadFiles(Unknown Source) at ch.loewenfels.postfinance.webservice.PostfinanceAdapter.uploadRechnung(PostfinanceAdapter.java:69) at ch.loewenfels.postfinance.webservice.YellowNetRealTest.upload(YellowNetRealTest.java:42) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) at org.junit.runners.ParentRunner.run(ParentRunner.java:236) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) Caused by: org.apache.cxf.binding.soap.SoapFault: Microsoft.Web.Services2.Security.SecurityFault: The signature or decryption was invalid at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) at Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:111) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:795) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1634) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1501) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1409) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:194) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:364) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) ... 27 common frames omitted We are using Sun JDK 6 / Sun JDK 7 with strong JCE on Linux. Any help appreciated VERY much! Best regards, Peti
