cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens Granseuer (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CXF-3414) Signature verification fails with custom SOAP header
Date Wed, 23 Mar 2011 13:37:06 GMT

     [ https://issues.apache.org/jira/browse/CXF-3414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jens Granseuer updated CXF-3414:
--------------------------------

    Attachment: signature-handler.zip

simple maven test project

> Signature verification fails with custom SOAP header
> ----------------------------------------------------
>
>                 Key: CXF-3414
>                 URL: https://issues.apache.org/jira/browse/CXF-3414
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3.2
>            Reporter: Jens Granseuer
>         Attachments: signature-handler.zip
>
>
> When a client sends a signed message body, and also includes a custom SOAP header in
the message, signature verification fails at the receiving end.
> {quote}
> 2011-03-23 14:33:41,159 DEBUG | verify 1 References | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | I am not requested to follow nested Manifests | signature.Manifest
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Reference", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transforms", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Request for URI http://www.w3.org/2000/09/xmldsig#sha1
| algorithms.JCEMapper
> 2011-03-23 14:33:41,159 DEBUG | I was asked to create a ResourceResolver and got 1 |
resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG |  extra resolvers to my existing 4 system-wide resolvers
| resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
| resolver.ResourceResolver
> 2011-03-23 14:33:41,159 DEBUG | enter engineResolve, look for: #id-2 | message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | exit engineResolve, result: XMLSignatureInput/Element/[soap:Body:
null] exclude null comments:false/null | message.EnvelopeIdResolver
> 2011-03-23 14:33:41,159 DEBUG | setElement("ds:Transform", "null") | utils.ElementProxy
> 2011-03-23 14:33:41,159 DEBUG | Pre-digested input: | utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 DEBUG | <soap:Body xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="id-2"><greetMe xmlns="http://apache.org/hello_world_soap_http/types"><requestType>Master</requestType></greetMe><greetMe
xmlns="http://apache.org/hello_world_soap_http/types"><requestType>Master</requestType></greetMe></soap:Body>
| utils.DigesterOutputStream
> 2011-03-23 14:33:41,159 WARN  | Verification failed for URI "#id-2" | signature.Reference
> 2011-03-23 14:33:41,159 WARN  | Expected Digest: yFxDQhgODwm09BOOEJwzrMzvfO4= | signature.Reference
> 2011-03-23 14:33:41,159 WARN  | Actual Digest: l9AeEEtC5yLW+5gbX/vJunbkhrU= | signature.Reference
> {quote}

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message