If you use the Apache Santuario JSR105 provider in SignUtil it works: "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI". Not entirely sure why, but possibly there is a problem with switching from the JDK JSR implementation to Apache Santuario as used by CXF for WS-Security.
Colm. On Tue, Dec 2, 2014 at 11:36 AM, Teppo Jalava <[email protected]> wrote: > Hi, > > I've got this project where I have to integrate to a web service provided > by a local bank. The message format consists of an XML document, called > ApplicationRequest, which has to be signed and embedded as a base64binary > into the SOAP-message. The SOAP-message is also signed (with the same key). > Sounds kinda stupid but there's some legacy stuff involved etc. > > Anyway, the problem I have is that I can sign the ApplicationRequest only > once. Or, more precisely, I can create a valid signature of the > ApplicationRequest only before I make the first call to the web service. > After the first call, subsequential signatures won't validate, neither if I > try to validate them myself, or at the server. > > I'm using the basic javax.xml.crypto-packages of the JDK to sign and > validate the ApplicationRequest and WSS4JInterceptors to handle the signing > of the SOAP-messages. I've created a small project based on the CXF's > ws-security samples where the problem can be reproduced. The project is > here: https://github.com/tjjalava/ws-security-sample. > > It's more than likely that I've just done something wrong, since I haven't > done much ws-projects in a while, but I just can't figure out why this is > happening. So any help or suggestions will be appreciated. > > - Teppo > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
