It's impossible to say what the problem is without access to the signature validation logs. Turn on DEBUG logging and it should tell you what the problem is. All of WSS4J 1.5.x is deprecated and no longer supported by the way.
Colm. On Thu, Feb 25, 2016 at 12:12 PM, Sam Amarteifio < [email protected]> wrote: > We are currently using the WSS4J (version 1.5.3) with Axis 1.4 for our > WS-Security digital signature validation. > > > > We use the WSSecurityEngine.ProcessSecurityHeader method to validate the > signature in the security header. > > > > The issue we are experiencing here is that the signature validation is > successful for one form of security header (Header A. see below) and fails > for another form of security header (Header B. see below). You will notice > a difference in the construct of the ‘<wsse:Security’> and ‘<ds:Signature>’ > elements in respect of their namespace definitions. > > > > Please could someone enlighten us if we are doing something wrong or do we > need to upgrade to a particular version of the WSS4J WS-Security library, > please note we are bound at the moment to Axis 1.4. > > > > Regards, > Sam > > > > > > Header A. > > > > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; xmlns:xsd=" > http://www.w3.org/2001/XMLSchema"; xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance";> > > <SOAP-ENV:Header xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/";> > > <wsse:Security SOAP-ENV:mustUnderstand="1" > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > "> > > <ds:Signature xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#";> > > > <ds:SignedInfo> > > > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1 > "/> > > > <ds:Reference URI="#id-38"> > > > <ds:Transforms> > > > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > </ds:Transforms> > > > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > > > <ds:DigestValue>vIxJAh8EITqs1uZPiC1yrt4H2DU=</ds:DigestValue> > > > </ds:Reference> > > > </ds:SignedInfo> > > > <ds:SignatureValue>zcaDiNn0om913HKIryt1+S4EPWXHIKH8bsQTdGDKlUepfv5yMJTLPA9PNecyAAMDF3GuT096lR5WjB2IJQClOoCobbabofvjr7GbfHV8XQLRPiykGKd8+IuiKEKHqyxClUi5strXIOw5ppFnEHkfib2h2YJQzjSptmke7PsAixgh5mDkDranYHNUE3+zdRFeLyC0ZFCeyMD45+tkdnr6koV1di5Z+dJggo4EbWIUv20OUdPblZaw6B82uMondZ/iK/Em8qniMz3FPf583vySkBlb+kLecDPrB/DidYtyDnuFicxsD2pdJ9KsPApXr5dpsnoBITiw8ZubVFbE3uZl1g==</ds:SignatureValue> > > > <ds:KeyInfo> > > > <wsse:SecurityTokenReference > wsu:Id="Id-18fe8f24-d993-1004-81fe-8f8827f68a2b" xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > > > <ds:X509Data> > > > <ds:X509IssuerSerial> > > > <ds:X509IssuerName>CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust > Inc.,C=US</ds:X509IssuerName> > > > <ds:X509SerialNumber>604358</ds:X509SerialNumber> > > > </ds:X509IssuerSerial> > > > </ds:X509Data> > > > </wsse:SecurityTokenReference> > > > </ds:KeyInfo> > > </ds:Signature> > > </wsse:Security> > > </SOAP-ENV:Header> > > <soapenv:Body wsu:Id="id-38" xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > > ...... > > </soapenv:Body> > > </soapenv:Envelope> > > > > > > > > > > Header B. > > > > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; xmlns:xsd=" > http://www.w3.org/2001/XMLSchema"; xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance";> > > <SOAP-ENV:Header xmlns:SOAP-ENV=" > http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds=" > http://www.w3.org/2000/09/xmldsig#"; xmlns:wsa=" > http://www.w3.org/2005/08/addressing"; > > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > > xmlns:xenc=" > http://www.w3.org/2001/04/xmlenc#";> > > <wsse:Security SOAP-ENV:mustUnderstand="1"> > > <ds:Signature> > > > <ds:SignedInfo> > > > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1 > "/> > > > <ds:Reference URI="#MainBody"> > > > <ds:Transforms> > > > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > > > </ds:Transforms> > > > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > > > > <ds:DigestValue>20WF+Eg2mHpaHbvKWVasYdNoFsw=</ds:DigestValue> > > > </ds:Reference> > > > </ds:SignedInfo> > > > <ds:SignatureValue>J4ItDIaW2ak6R1UwdQEHMpQHpdjZVVqsx5mxTUjVoFwRNBPpbIua54mdaIZnJJpl06AdZ1i04Kl4yx4xkvd+IzDEWvAISu0CeCQDgmB+R2BfcHwtVtqBi04lGNyIdPZJVv2y9Y5VUywgtWvOLuwydXKVpy9uA5j47LDfEuI0YbrK6+I8d6bfD+aO0I6q7+yHU6iZOUchv920r3eVMGjNfihMag80qRBPzScIWnH3kWp2iOCCJi8Q/O5nTwUI8DwW7EJXvMPVPouDzzbxYekQuOEG+GdumXKcfmeOqCDd9cqflbyUbTOpB5fFVu2qmqVOsVStNzGNn15vH8SHuibXvA==</ds:SignatureValue> > > > <ds:KeyInfo> > > > <wsse:SecurityTokenReference > wsu:Id="Id-fb589ba8-d9bb-1004-8f49-10246a7582f9"> > > > <ds:X509Data> > > > <ds:X509IssuerSerial> > > > <ds:X509IssuerName>CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of > use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust > Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName> > > > > <ds:X509SerialNumber>62129071348004622724048880787045315607</ds:X509SerialNumber> > > > </ds:X509IssuerSerial> > > > </ds:X509Data> > > > </wsse:SecurityTokenReference> > > > </ds:KeyInfo> > > </ds:Signature> > > </wsse:Security> > > </SOAP-ENV:Header> > > <soapenv:Body Id="MainBody" xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > > ........ > > </soapenv:Body> > > </soapenv:Envelope> > > > > > > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
