Colm, you saved my day!
with setting "isBSPCompliant" to false... outProps.put(WSHandlerConstants.IS_BSP_COMPLIANT, Boolean.FALSE.toString()); ... the microsoft server can process my request. Thank you VERY VERY much! Best regards, Peti 2012/5/15 Colm O hEigeartaigh <[email protected]> > What configuration are you using to generate the request? > > Try setting the following configuration property "isBSPCompliant" to > "false" to see if it works - this will disable the InclusiveNamespaces > stuff in CXF 2.4.7, in case this is causing the problem. > > Do you have access to more detailed logging on the WCF side to see > what exactly is going wrong? > > Colm. > > On Tue, May 15, 2012 at 2:16 PM, Peti Koch <[email protected]> wrote: > > Hi all, > > > > We are using a generated Apache CXF client 2.2.6 with WSS4J 1.5.8 to send > > encrypted and signed payload to a web service. > > > > The old request looks like this: > > > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > > <soap:Header> > > <wsse:Security > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > > soap:mustUnderstand="1"> > > <wsse:BinarySecurityToken > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > EncodingType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > " > > ValueType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > > " > > > > > wsu:Id="CertId-CF8CF283F652CEF28413370846975151">MIICrDCCAhUCAQEwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0emVybGFuZDENMAsGA1UEBxMEQmVybjEUMBIGA1UEChMLWWVsbG93d29ybGQxCzAJBgNVBAsTAmNhMRcwFQYDVQQDEw5ZZWxsb3d3b3JsZCBDQTEgMB4GCSqGSIb3DQEJARYRY2FAeWVsbG93d29ybGQuY2gwHhcNMDkxMjE1MTIzNjM2WhcNMTQxMjE5MTIzNjM2WjCBqzELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAkJFMQ0wCwYDVQQHEwRCZXJuMSAwHgYDVQQKExdTd2lzcyBQb3N0IFNvbHV0aW9ucyBBRzETMBEGA1UECxMKT3BlcmF0aW9uczEbMBkGA1UEAxQSTJR3ZW5mbGVzUGFybnRlckFHMSwwKgYJKoZIhvcNAQkBFh1pcGVjb3BlcmF0aW9uc0B5ZWxsb3d3b3JsZC5jaDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5A39bwcdfR5Oph98tM18RzSPtlciRhnuC0C0ytGHGDNkIalvz9QOZD3oIdtEIWt8SlxDm6v8uerQdL+T7dFTKHC5WScaFmREEvpGTiCWp+UnrZEBmMx4kqwBuiCx4lM3glHR68IUkq3O9UeT2g+RDd6Lc+7s+w99p5soPHUvo2cCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC/CA6l41uILhDs5lpgnpOMbjhlRF/s7y6rof7kynybatWd6U1pyP6IVVZLY3ShUP4HniODfiEM/G2krJy4ikRCpoWNqzrQyHv8nGc4jyak3T4K0MANaSgq9OOMrgf1Lqw8HorD4sz1zYVK/McPPjpJaYnZJVBCaUwic+KbLchz4g== > > </wsse:BinarySecurityToken> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > Id="Signature-3"> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod > > Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"; > > /> > > <ds:SignatureMethod Algorithm=" > > http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > <ds:Reference URI="#id-4"> > > <ds:Transforms> > > <ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n#"; /> > > </ds:Transforms> > > <ds:DigestMethod Algorithm=" > > http://www.w3.org/2000/09/xmldsig#sha1"; /> > > > > <ds:DigestValue>fxZfi4oX3tBU97FEfLk0o2XMl3U=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > <ds:SignatureValue> > > > > > SXhsH5MsJm3U8A+5SeCaE8z3qpAkE8PSGwgajg6PaWo6AZskvdZJXEiMdDIxz8U7+D1gGVDyh3L/ > > > > > os6ZtVRHhPEUUcUSEUWlRAJhXuimL1VIGLBKnd+gV+cs5L8R3p5hdYFbVR77M1kEtqXe7vZTQ2FS > > bUOLlZCEgyFDjHNd9wc= > > </ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-CF8CF283F652CEF28413370846975202"> > > <wsse:SecurityTokenReference > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > wsu:Id="STRId-CF8CF283F652CEF28413370846975213"> > > <wsse:Reference > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > > URI="#CertId-CF8CF283F652CEF28413370846975151" > > ValueType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > " > > /> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > <wsu:Timestamp > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > wsu:Id="Timestamp-2"> > > <wsu:Created>2012-05-15T12:24:57.512Z</wsu:Created> > > <wsu:Expires>2012-05-15T12:29:57.512Z</wsu:Expires> > > </wsu:Timestamp> > > <wsse:UsernameToken > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > wsu:Id="UsernameToken-1"> > > <wsse:Username>username</wsse:Username> > > <wsse:Password > > Type=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > ">password</wsse:Password> > > <wsse:Nonce > > EncodingType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > ">EKSdOe91H3KXx80xHwPSfA==</wsse:Nonce> > > <wsu:Created>2012-05-15T12:24:57.511Z</wsu:Created> > > </wsse:UsernameToken> > > </wsse:Security> > > </soap:Header> > > <soap:Body > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > wsu:Id="id-4"> > > <UploadFiles xmlns="http://www.yellowworld.ch";> > > <invoices> > > <Invoice> > > <FileType>XML</FileType> > > > > <TransactionID>36821497-dfe5-46f7-96c5-b329f9ce931b</TransactionID> > > <Data>... > > </Data> > > </Invoice> > > </invoices> > > <BillerID>41100000000061250</BillerID> > > </UploadFiles> > > </soap:Body> > > </soap:Envelope> > > > > The new request, using Apache CXF 2.4.7 and WSS4J 1.6.5 looks like this > > > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > > <soap:Header> > > <wsse:Security > > xmlns:wsse=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > " > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > soap:mustUnderstand="1"> > > <wsse:BinarySecurityToken > > EncodingType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > " > > ValueType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > > " > > > > > wsu:Id="X509-E53B87963B33CCFEBE13370833763031">MIICrDCCAhUCAQEwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0emVybGFuZDENMAsGA1UEBxMEQmVybjEUMBIGA1UEChMLWWVsbG93d29ybGQxCzAJBgNVBAsTAmNhMRcwFQYDVQQDEw5ZZWxsb3d3b3JsZCBDQTEgMB4GCSqGSIb3DQEJARYRY2FAeWVsbG93d29ybGQuY2gwHhcNMDkxMjE1MTIzNjM2WhcNMTQxMjE5MTIzNjM2WjCBqzELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAkJFMQ0wCwYDVQQHEwRCZXJuMSAwHgYDVQQKExdTd2lzcyBQb3N0IFNvbHV0aW9ucyBBRzETMBEGA1UECxMKT3BlcmF0aW9uczEbMBkGA1UEAxQSTJR3ZW5mbGVzUGFybnRlckFHMSwwKgYJKoZIhvcNAQkBFh1pcGVjb3BlcmF0aW9uc0B5ZWxsb3d3b3JsZC5jaDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5A39bwcdfR5Oph98tM18RzSPtlciRhnuC0C0ytGHGDNkIalvz9QOZD3oIdtEIWt8SlxDm6v8uerQdL+T7dFTKHC5WScaFmREEvpGTiCWp+UnrZEBmMx4kqwBuiCx4lM3glHR68IUkq3O9UeT2g+RDd6Lc+7s+w99p5soPHUvo2cCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC/CA6l41uILhDs5lpgnpOMbjhlRF/s7y6rof7kynybatWd6U1pyP6IVVZLY3ShUP4HniODfiEM/G2krJy4ikRCpoWNqzrQyHv8nGc4jyak3T4K0MANaSgq9OOMrgf1Lqw8HorD4sz1zYVK/McPPjpJaYnZJVBCaUwic+KbLchz4g== > > </wsse:BinarySecurityToken> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > Id="SIG-4"> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod > > Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces xmlns:ec=" > > http://www.w3.org/2001/10/xml-exc-c14n#"; > > PrefixList="soap" /> > > </ds:CanonicalizationMethod> > > <ds:SignatureMethod Algorithm=" > > http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > > <ds:Reference URI="#id-3"> > > <ds:Transforms> > > <ds:Transform Algorithm=" > > http://www.w3.org/2001/10/xml-exc-c14n#";> > > <ec:InclusiveNamespaces > > xmlns:ec=" > > http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="" /> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod Algorithm=" > > http://www.w3.org/2000/09/xmldsig#sha1"; /> > > > > <ds:DigestValue>cXfpCofTCBpD+RJQTFFHGbsu7B8=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > > > > <ds:SignatureValue>tX06ZLOU89n8hhyjkfUryQPhFXRC15QM+Dw18vIUsZnZKrpfii4TZFwTR+WW6+5yCaSAIMPDKiXEW+oOZ38Pfnalk4Fo4uWfwKq79mcEmfZ9rWrxA/kJP+Tv0C0/97LE0+Fofu7iEgsuNSGxJpNBWKAAy8OXRapUV9dgkXu6xkg= > > </ds:SignatureValue> > > <ds:KeyInfo Id="KI-E53B87963B33CCFEBE13370833763072"> > > <wsse:SecurityTokenReference > > wsu:Id="STR-E53B87963B33CCFEBE13370833763093"> > > <wsse:Reference > > URI="#X509-E53B87963B33CCFEBE13370833763031" > > ValueType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > " > > /> > > </wsse:SecurityTokenReference> > > </ds:KeyInfo> > > </ds:Signature> > > <wsu:Timestamp wsu:Id="TS-2"> > > <wsu:Created>2012-05-15T12:02:55.000Z</wsu:Created> > > <wsu:Expires>2012-05-15T12:07:55.000Z</wsu:Expires> > > </wsu:Timestamp> > > <wsse:UsernameToken wsu:Id="UsernameToken-1"> > > <wsse:Username>username</wsse:Username> > > <wsse:Password > > Type=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > > ">password</wsse:Password> > > <wsse:Nonce > > EncodingType=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > > ">JaL7icBKeyXAl2SIWMx9XA==</wsse:Nonce> > > <wsu:Created>2012-05-15T12:02:54.998Z</wsu:Created> > > </wsse:UsernameToken> > > </wsse:Security> > > </soap:Header> > > <soap:Body > > xmlns:wsu=" > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > wsu:Id="id-3"> > > <UploadFiles xmlns="http://www.yellowworld.ch";> > > <invoices> > > <Invoice> > > <FileType>XML</FileType> > > > > <TransactionID>43526ee2-5137-4518-83df-c1d878548e5a</TransactionID> > > <Data>... > > </Data> > > </Invoice> > > </invoices> > > <BillerID>41100000000061250</BillerID> > > </UploadFiles> > > </soap:Body> > > </soap:Envelope> > > > > With the new request I get "The signature or decryption was invalid" from > > the server: > > > > 14:50:40.787 main [] ERROR > > c.l.p.webservice.PostfinanceAdapter#handleError:228-> Exception caught > > during call to postfinance webservice: > > javax.xml.ws.soap.SOAPFaultException: > > Microsoft.Web.Services2.Security.SecurityFault: The signature or > decryption > > was invalid > > at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement > element) > > at > > > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope > > envelope) > > at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope > > envelope) > > at > > > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage > > message) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156) > > at $Proxy33.uploadFiles(Unknown Source) > > at > > > ch.loewenfels.postfinance.webservice.PostfinanceAdapter.uploadRechnung(PostfinanceAdapter.java:69) > > at > > > ch.loewenfels.postfinance.webservice.YellowNetRealTest.upload(YellowNetRealTest.java:42) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:597) > > at > > > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) > > at > > > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) > > at > > > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) > > at > > > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) > > at > > > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > > at > > > org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79) > > at > > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71) > > at > > > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49) > > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) > > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) > > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) > > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) > > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) > > at org.junit.runners.ParentRunner.run(ParentRunner.java:236) > > at > > > org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) > > at > > > org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) > > Caused by: org.apache.cxf.binding.soap.SoapFault: > > Microsoft.Web.Services2.Security.SecurityFault: The signature or > decryption > > was invalid > > at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement > element) > > at > > > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope > > envelope) > > at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope > > envelope) > > at > > > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage > > message) > > at > > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) > > at > > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) > > at > > > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) > > at > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > > at > > > org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:111) > > at > > > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) > > at > > > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) > > at > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > > at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:795) > > at > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1634) > > at > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1501) > > at > > > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1409) > > at > > > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) > > at > > org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:194) > > at > > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) > > at > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649) > > at > > > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > > at > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:364) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317) > > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) > > ... 27 common frames omitted > > > > > > We are using Sun JDK 6 / Sun JDK 7 with strong JCE on Linux. > > > > Any help appreciated VERY much! > > > > Best regards, > > Peti > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
