axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: Signature verification fails when used with Encryption
Date Fri, 10 Nov 2006 12:48:07 GMT
Hi,

Looking at the msg you sent ... the signature seems to be referring to
the cert using the subject key identifier. In this case you MUST have
the service's cert in the client's keystore and your
signaturePropertyFile has to point to that.

Also since there are two timestamp headers ... your action items will
have to be as :

Timestamp Signature Encrypt Timestamp

to be able to successfully process the message.

Thanks,
Ruchith

On 11/10/06, Sriram Vaidyanathan <Sriram.Vaidyanathan@copart.com> wrote:
>
>
>
>
> Hello,
>
>       I am using a Web service-testing tool, which is based on .NET to talk
> to a Web service in Axis2
>
>
>
>     The web service implements WS-Security using Rampart.
>
>
>
>     When I set the service side actions to " Signature Timestamp" or
> "Encrypt Timestamp" and have my .NET tool send a message with the
> corresponding security actions, I get a successful response. No problems
> thereā€¦
>
>
>
> But when I set the service side actions to "Signature Encrypt Timestamp" and
> then have the .NET tool to send a message with the same corresponding
> actions, I get a " Signature verification failed" message.
>
>
>
> rg.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed;
> nested exception is:
>
>       org.apache.ws.security.WSSecurityException: The
> signature verification failed
>
>
>
> Could it be possible that there is a bug in the .NET based testing tool
> which when using Encryption along with Signature is messing up the signed
> content.
>
> Also I see that the tool is adding two Timestamp Headers. Could that be an
> issue?
>
>
>
> Below is the request message from the .NET based testing tool that fails.
> Any help on this would be appreciated.
>
>
>
> Thanks
>
> Sriram
>
>
>
> <?xml version="1.0" encoding="utf-8"?>
>
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:tns="http://ws.test.com/test/">
>
>   <soap:Header>
>
>     <wsse:Security soap:mustUnderstand="1"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>
>       <wsu:Timestamp
> wsu:Id="Timestamp-cbc739c1-2813-4b07-8588-4b10b6193c85"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
>         <wsu:Created>2006-11-10T08:11:53Z</wsu:Created>
>
>         <wsu:Expires>2006-11-10T08:16:53Z</wsu:Expires>
>
>       </wsu:Timestamp>
>
>       <wsse:BinarySecurityToken
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="SecurityToken-f98f02e3-53cb-4e03-9f80-4685fa96ff4f">MIIDgTCCAuqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlGYWlyZmllbGQxEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzESMBAGA1UEAxMJQ29wYXJ0IElUMS0wKwYJKoZIhvcNAQkBFh53ZWJzZXJ2aWNlc2phdmF0ZWFtQGNvcGFydC5jb20wHhcNMDYwOTI5MTU1MzQ2WhcNMDcwOTI5MTU1MzQ2WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzEVMBMGA1UEAxMMQVBTIFByb2R1Y2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgoCNz31aHmXscbh3NACbtIbXmipQ4rF1s4X1fgMe4eSOlpuqa2L0P9IdfJQ7NzhDNqLpfUMlyDf0WFNplxKLTk4URWC1IaW3eOKIeJr5E8hJM5UlEqjkxstdMC5Mye/asfi5x+dV0oSLwBO5NLmz4kIJmsSo7w60gVusA5lIBeQIDAQABo4IBIDCCARwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOvkxv6oyMF4GOjwtLgfTxFfgxHxMIHBBgNVHSMEgbkwgbaAFG/XrNLKNVaMoEImPQLiQ8T/r0GloYGapIGXMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUZhaXJmaWVsZDETMBEGA1UEChMKQ29wYXJ0LEluYzEMMAoGA1UECxMDTUlTMRIwEAYDVQQDEwlDb3BhcnQgSVQxLTArBgkqhkiG9w0BCQEWHndlYnNlcnZpY2VzamF2YXRlYW1AY29wYXJ0LmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQCh3nAvrbniJsIVh5YTCdLyjp06ycnKw+tATqP4DYDV9mzikZ4NTROfWNOfeFUxj0Osp/GxVo0l63hcw+enqlYi26ClHTUn5U3209Z4ssa0neVlcMxyX3POY/Xy0a4W+/mqaIN+VK2bJkgukWB6bVgM4YnIkJduYHM4myuejJ0FoQ==</wsse:BinarySecurityToken>
>
>       <xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>
>         <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
>
>         <KeyInfo
> xmlns="http://www.w3.org/2000/09/xmldsig#">
>
>           <wsse:SecurityTokenReference>
>
>             <wsse:Reference
> URI="#SecurityToken-f98f02e3-53cb-4e03-9f80-4685fa96ff4f"
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> />
>
>           </wsse:SecurityTokenReference>
>
>         </KeyInfo>
>
>         <xenc:CipherData>
>
>
> <xenc:CipherValue>X4olpsRrvcvOxlJCDNJjDhPvu5mK25zl18d/bcfmYA9pPxDo1WtyckMU4vf0ba/Gf53UDp2FjzY5gl54d3/jduPQ1gt8W/kEVwnL16zg/ucv1M0gaChxXwd/v3bO3Dqhrs0M2wojmbBTx0yJqvqkvkK+oCx/LB6O7OfZCRDPNuI=</xenc:CipherValue>
>
>         </xenc:CipherData>
>
>         <xenc:ReferenceList>
>
>           <xenc:DataReference
> URI="#EncryptedContent-9aa6c893-1f20-4294-a6a2-a871561f4447"
> />
>
>         </xenc:ReferenceList>
>
>       </xenc:EncryptedKey>
>
>       <wsu:Timestamp
> wsu:Id="Timestamp-eb4fd688-f815-4b8f-9505-5c6a9a1bb610"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
>         <wsu:Created>2006-11-10T08:11:53Z</wsu:Created>
>
>         <wsu:Expires>2006-11-10T08:16:53Z</wsu:Expires>
>
>       </wsu:Timestamp>
>
>       <wsse:BinarySecurityToken
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="SecurityToken-17daaa18-6b8f-4744-9172-2c09a6a7ce57">MIIDgTCCAuqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlGYWlyZmllbGQxEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzESMBAGA1UEAxMJQ29wYXJ0IElUMS0wKwYJKoZIhvcNAQkBFh53ZWJzZXJ2aWNlc2phdmF0ZWFtQGNvcGFydC5jb20wHhcNMDYwOTI5MTU0ODU4WhcNMDcwOTI5MTU0ODU4WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzEVMBMGA1UEAxMMQ29wYXJ0Y2xpZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCF9tf0U9XwwqXrCgFj0wLY+i6deuLQAhFEm/Qevat0P1A2wDC+LMgYg7leUD67rUPf8+U3nB9Muy5ZyIijxxbQRItMcSengxXi6lHYEJI8gZcYCBVTe6TwhqKn19cGAtkh3kUCZNrT94D9P6Bw/s+2rgZr5/V921DfwDttDyIb3QIDAQABo4IBIDCCARwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPIbmLUmPfZsEXiSHfeD0R9RaFjNMIHBBgNVHSMEgbkwgbaAFG/XrNLKNVaMoEImPQLiQ8T/r0GloYGapIGXMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUZhaXJmaWVsZDETMBEGA1UEChMKQ29wYXJ0LEluYzEMMAoGA1UECxMDTUlTMRIwEAYDVQQDEwlDb3BhcnQgSVQxLTArBgkqhkiG9w0BCQEWHndlYnNlcnZpY2VzamF2YXRlYW1AY29wYXJ0LmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQBOS9DSGKRG569OVH+JkNdId7jAN2hkbjkzE1AFzyjA4nmtEqnPBYSpuhQLP6FFIHJywFyqxUghZfEOacJb8nMfLUg2zTdybPj8Xt8VUKmJxXwtHbvmqozOF4h1SXcW9IWbzuyVNvkoAJW3mvG6B/YZfmq+PgGovBx8XGibOVhGFw==</wsse:BinarySecurityToken>
>
>       <Signature
> xmlns="http://www.w3.org/2000/09/xmldsig#">
>
>         <SignedInfo>
>
>           <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
>
>           <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>
>           <Reference
> URI="#Id-88d9a238-9a7e-4758-9d80-b726801f1d72">
>
>             <Transforms>
>
>               <Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>
>             </Transforms>
>
>             <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>
>             <DigestValue>ll4SQ5o77vdu1xtTIwRDyk9zruE=</DigestValue>
>
>           </Reference>
>
>         </SignedInfo>
>
>
> <SignatureValue>ZXxmEyQUEGRFzfron1gbSDNUQ4n/8kDctetAqSlo58ZtJ7SOmh+pKF1RXPwh/Htn/iBeB8oQV7Xej4D58lovjdAd7LA3c/l8DFrgUZingLbw7lx3iOBxNBvPVl5U2PPPS24h+2qjPOl9/XFk8F9XpXvRbpez058cVZxVdfFRSwU=</SignatureValue>
>
>         <KeyInfo>
>
>           <wsse:SecurityTokenReference>
>
>             <wsse:KeyIdentifier
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">8huYtSY99mwReJId94PRH1FoWM0=</wsse:KeyIdentifier>
>
>           </wsse:SecurityTokenReference>
>
>         </KeyInfo>
>
>       </Signature>
>
>     </wsse:Security>
>
>   </soap:Header>
>
>   <soap:Body
> wsu:Id="Id-88d9a238-9a7e-4758-9d80-b726801f1d72"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
>     <tns:EchoRequest
> wsu:Id="Id:44074582-d86b-4e3b-a8d5-db59239b94d7"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>
>       <xenc:EncryptedData
> Id="EncryptedContent-9aa6c893-1f20-4294-a6a2-a871561f4447"
> Type="http://www.w3.org/2001/04/xmlenc#Content"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>
>         <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
>
>         <xenc:CipherData>
>
>
> <xenc:CipherValue>3pxYhINZqrFpwbCm8eS6CDDlp+KnrTP5y7E2lvj7bT0=</xenc:CipherValue>
>
>         </xenc:CipherData>
>
>       </xenc:EncryptedData>
>
>     </tns:EchoRequest>
>
>   </soap:Body>
>
> </soap:Envelope>
>
>
>
>
>
>
>
>
>
>


-- 
www.ruchith.org

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message