yes that was the culprit - I disabled both the namespace optmization and
the pretty printing and it worked!
thanks for the help
Anamitra
"Dittmann,
Werner"
<werner.dittmann@ To
siemens.com> <[EMAIL PROTECTED]>,
<[email protected]>
02/27/2006 02:34 cc
AM
Subject
AW: Signature verification problem
[more info from debugging into the
WSSecurityEngine]
Most often this happens if the message is modified after the
Signature was created, e.g. by doing some sort of pretty
printing or such. AFAIK there is a parameter in Axis to
switch off such a behaviour.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> Gesendet: Montag, 27. Februar 2006 02:53
> An: [email protected]
> Betreff: Re: Signature verification problem [more info from
> debugging into the WSSecurityEngine]
>
> Hi
> I debugged further into the exception [as shown below] that
> was there in
> the server logs and I put some some debugs in the
> WSSecurityEngine file and checked that with the IssuerSerial
> token its able
> to load the correct certificate [I printed the certificate handle] and
> then it gives error in signature verification! thats pretty
> strange and am
> just wondering whether this something to do with the
> exclusive c14n used. Not sure if I am hitting a bug there with the xml
> security implementation?? Am using wss4j 1.1 with Axis 1.2.1.
> Can anybody pls confirm if this a bug and if it is whether it has been
> fixed in any builds.
>
> org.apache.ws.security.WSSecurityException: The signature verification
> failed
> at
> org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity
> Engine.java:630)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:320)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
> ityEngine.java:245)
> at
> org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja
> va:156)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
> y.java:32)
> at
> org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
> y.java:32)
> at
> org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
> at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
> at
> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453
> )
> at
> org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
> at
> org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:69
> 9)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at
> org.apache.axis.transport.http.AxisServletBase.service(AxisServletBas
> e.java:327)
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at
> weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run
> (ServletStubImpl.java:1006)
> at
> weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm
> pl.java:419)
> at
> weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm
> pl.java:315)
> at
> weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
> n.run(WebAppServletContext.java:6718)
> at
> weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
> dSubject.java:321)
> at
> weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
> 121)
> at
> weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe
> rvletContext.java:3764)
> at
> weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm
> pl.java:2644)
> at
> weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
> at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
> thanks
> Anamitra
>
>
>
>
>
> Anamitra.Bhattach
>
> [EMAIL PROTECTED]
>
>
> To
> 02/24/2006 12:47
> [email protected]
> PM
> cc
>
>
>
> Subject
> Signature verification
> problem
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Hi
> I am trying to test a Signature action from the client to the
> server. I
> have imported the clients certificate into the server store.
> When I try
> invoking the web service I get the following exception. I checked the
> message in tcpmon and am not seeing anything to raise a flag
> except that
> the serial number does not match the serial number shown by
> the keytool
> [not sure if its encoded in different way]. I am not sure what I am
> missing. I am attaching the server wsdd and the client wsdd
> and the keytool
> commands.
>
> AxisFault
> faultCode:
> {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
> faultSubcode:
> faultString: WSDoAllReceiver: security processing failed;
> nested exception
> is:
> org.apache.ws.security.WSSecurityException: The signature
> verification failed
> faultActor:
> faultNode:
> faultDetail:
> {http://xml.apache.org/axis/}hostname:D2DFJ971
>
> WSDoAllReceiver: security processing failed; nested exception is:
> org.apache.ws.security.WSSecurityException: The signature
> verification failed
>
> soap header
> ---------------------
> <wsse:Security
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> rity-secext-1.0.xsd
> "
> soapenv:mustUnderstand="1"><ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> "></ds:CanonicalizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1
> "></ds:SignatureMethod>
> <ds:Reference URI="#id-27173235">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
> <ds:DigestValue>bIURuKkNJkvOePjL2w3nNum8KrA=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> uH8F5vW9KKvWTs9hJtEq2mWn01+t+MHQCDWvC/gUn/dxqkWpdjfXtfWuhYEkjj
> E5U4PYpfyqY3De
>
> D5JULLmW2qBJfFUbONFbcpR2VTUi+Ya9c+jcLpSP9dYZ/bys9ey/h5JhZWkEN2
> ERmwwQCJiKDg6R
>
> 522tMtlT9HMFa7GxZ18=
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-24697864">
> <wsse:SecurityTokenReference
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
> rity-utility-1.0.xsd
> "
> wsu:Id="STRId-26625789"><ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=testalias2</ds:X509IssuerName>
>
> <ds:X509SerialNumber>1140456858</ds:X509SerialNumber>
> </ds:X509IssuerSerial></wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature></wsse:Security>
>
>
> Server wsdd
> --------------------
> <service name="MXINVOICEInterface" provider="java:MSG"
> style="message"
> use="literal">
> <requestFlow>
> <handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> <parameter name="action" value="Signature"/>
> <parameter name="signaturePropFile"
> value="mysigcrypto.properties" />
> </handler>
> </requestFlow>
>
> <wsdlFile>C:\bea8\user_projects\domains\mydomain\wsdl\MXINVOIC
> EInterface.wsdl</wsdlFile>
>
> <parameter name="allowedMethods" value="processDocument"/>
> <parameter name="className"
> value="psdi.iface.webservices.MEADocumentService"/>
> <parameter name="scope" value="Application"/>
> <parameter name="sendXsiTypes" value="false"/>
> <parameter name="sendMultiRefs" value="false"/>
> </service>
>
> mysigcrypto.properties
> -----------------------------------
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=testsp1
> org.apache.ws.security.crypto.merlin.file=teststore1
>
>
> Clients wsdd
> ---------------------
> <deployment xmlns="http://xml.apache.org/axis/wsdd/";
> xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <globalConfiguration >
> <requestFlow >
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
> <parameter name="action" value="Signature"/>
> <parameter name="user" value="testalias2"/>
> <parameter name="signaturePropFile"
> value="clientsigcrypto.properties"
> />
> <parameter name="passwordCallbackClass"
> value="psdi.iface.webservices.PWCallBack"/>
> </handler>
> </requestFlow>
> </globalConfiguration>
> </deployment>
>
> clientsigcrypto.properties
> --------------------------------------
> org.apache.ws.security.crypto.provider=org.apache.ws.security.
> components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.password=testsp2
> org.apache.ws.security.crypto.merlin.file=teststore2
>
>
>
> Keytool commands
> ------------------------------
> keytool -genkey -alias testalias1 -keystore teststore1 -dname
> "cn=testalias1" -keypass testkp1 -storepass testsp1 -keyalg RSA
>
> keytool -genkey -alias testalias2 -keystore teststore2 -dname
> "cn=testalias2" -keypass testkp2 -storepass testsp2 -keyalg RSA
>
> keytool -selfcert -alias testalias1 -keystore teststore1
> -keypass testkp1
> -storepass testsp1
>
> keytool -selfcert -alias testalias2 -keystore teststore2
> -keypass testkp2
> -storepass testsp2
>
> keytool -export -keystore teststore2 -alias testalias2
> -storepass testsp2
> -file testcert2 -rfc
>
> keytool -import -alias testcert2 -file testcert2 -keystore teststore1
> -storepass testsp1
>
> Any pointers appeciated.
> thanks
> Anamitra
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
