axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dariush Forouher <dari...@forouher.de>
Subject Digest Verification problem
Date Fri, 03 Aug 2007 21:16:49 GMT
Hello,

I am trying to create a Axis2/C + Rampart/C WS client together with a
Axis2/Java +Rampart/Java service.

I've managed to get most of the stuff to work, Signing and even
Encryption works fine.
But an odd problem is that Rampart Body signature validation seems to
fail on certain operations. Calling operations which don't have any
parameters on the client side seem to work fine (see attachment
"rampartc.working.soapmessage"), whereas calls to operations which have
at least one parameter fail when the service tries to validate the
digest (see "rampartc.not.working.soapmessage"):

This ist the output from the Axis2 webservice:

<SNIP>
WARNUNG: Verification failed for URI "#SigID-0484f390-41fb-1dc1"
03.08.2007 21:52:08 org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#SigID-0484f818-41fb-1dc1"
org.apache.ws.security.WSSecurityException: The signature verification
failed
        at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:341)
        at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:80)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
        at
[...]
</SNIP>


Looking at the axis2 client log (see "wsauth.log.bad"), I found it
suspicious that the soap body captured via wireshark doesn't match with
the one logged:

This is the output of the canonicalizer, according to the log:

<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SigID-0484f390-41fb-1dc1"><ns1:getPosixUserByName
xmlns:ns1="urn:WSAuth"></ns1:getPosixUserByName>
</soapenv:Body>

Wheras this is the actual body send over the wire:

<soapenv:Body wsu:Id="SigID-0484f390-41fb-1dc1"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ns1:getPosixUserByName
xmlns:ns1="urn:WSAuth"><ns1:username>schumi</ns1:username></ns1:getPosixUserByName></soapenv:Body></soapenv:Envelope>



(Notice the missing <ns1:username>...</...> element)

I'm using Axis2c und RampartC from SVN. The snapshot was taken on
2007-07-29. The code has not been modified by me exept a one line change
suggested in the "Generating incorrect digests?" thread on axis2c-dev
("u" -> "wsu").

I generated the client code via WSDL2C tool from the Axis2 Package (some
SVN snapshot from July). I changed some lines here and there to
workaround some problems, but I didn't touch the serializer code.

ciao
Dariush


Mime
View raw message