cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (CXF-5679) WS-S after upgrade fails with org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
Date Wed, 09 Apr 2014 17:38:16 GMT

     [ https://issues.apache.org/jira/browse/CXF-5679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh reassigned CXF-5679:
----------------------------------------

    Assignee: Colm O hEigeartaigh

> WS-S after upgrade fails with org.apache.ws.security.WSSecurityException: The signature
or decryption was invalid
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: CXF-5679
>                 URL: https://issues.apache.org/jira/browse/CXF-5679
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.9, 2.7.10
>            Reporter: Ján Ondrušek
>            Assignee: Colm O hEigeartaigh
>              Labels: security
>
> After upgrading CXF from version 2.7.5 to 2.7.9 or higher, we experienced this issue.
Worked well with 2.7.5 and earlier.
> Request (our business data stripped and replaced with dummy ns1):
> {code:xml}
> <soapenv:Envelope xmlns:ns1="http://example/soap"
> 	xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> 	<soapenv:Header>
> 		<wsse:Security soapenv:mustUnderstand="1"
> 			xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> 			xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> 			<ds:Signature Id="SIG-33" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> 				<ds:SignedInfo>
> 					<ds:CanonicalizationMethod
> 						Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> 						<ec:InclusiveNamespaces PrefixList="ns1 soapenv"
> 							xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
> 					</ds:CanonicalizationMethod>
> 					<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> 					<ds:Reference URI="#id-22">
> 						<ds:Transforms>
> 							<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> 								<ec:InclusiveNamespaces PrefixList="ns1"
> 									xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
> 							</ds:Transform>
> 						</ds:Transforms>
> 						<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> 						<ds:DigestValue>VF0g31FSsHWpdMN7lGVgQA1li4c=</ds:DigestValue>
> 					</ds:Reference>
> 					<ds:Reference URI="#TS-32">
> 						<ds:Transforms>
> 							<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
> 								<ec:InclusiveNamespaces PrefixList="wsse ns1 soapenv"
> 									xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" />
> 							</ds:Transform>
> 						</ds:Transforms>
> 						<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> 						<ds:DigestValue>4yW2ssYnI+QB40HBdWexy80+GNo=</ds:DigestValue>
> 					</ds:Reference>
> 				</ds:SignedInfo>
> 				<ds:SignatureValue>QGIDsbR//zUyjUD36LtkiMJsIiT1vYionG8Y0blqif2QKrMB2AHnr9KXiYy7MbcdMaTVxn6gmKGN
> 					7bRjE6MX1VVf9ZPem5SfasHYQ6wS7l/I1NGUyGw227cv1AceDPje05Wjk5vmN9G1dKvbfECJhBLA
> 					7/OBAxJI+TYmYe94cu8=</ds:SignatureValue>
> 				<ds:KeyInfo Id="KI-6788C4A756C88F8773139703929455550">
> 					<wsse:SecurityTokenReference
> 						wsu:Id="STR-6788C4A756C88F8773139703929455551">
> 						<ds:X509Data>
> 							<ds:X509IssuerSerial>
> 								<ds:X509IssuerName>CN=clientuser</ds:X509IssuerName>
> 								<ds:X509SerialNumber>1288174342</ds:X509SerialNumber>
> 							</ds:X509IssuerSerial>
> 						</ds:X509Data>
> 					</wsse:SecurityTokenReference>
> 				</ds:KeyInfo>
> 			</ds:Signature>
> 			<wsu:Timestamp wsu:Id="TS-32">
> 				<wsu:Created>2014-04-09T10:28:14.554Z</wsu:Created>
> 				<wsu:Expires>2014-04-09T10:33:14.554Z</wsu:Expires>
> 			</wsu:Timestamp>
> 		</wsse:Security>
> 	</soapenv:Header>
> 	<soapenv:Body wsu:Id="id-22"
> 		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> 		<ns1:hello></ns1:hello>
> 	</soapenv:Body>
> </soapenv:Envelope>
> {code}
> Response:
> {code:xml}
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> 	<soap:Body>
> 		<soap:Fault>
> 			<faultcode
> 				xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedCheck</faultcode>
> 			<faultstring>The signature or decryption was invalid</faultstring>
> 		</soap:Fault>
> 	</soap:Body>
> </soap:Envelope>
> {code}
> Log:
> {noformat}
> o.a.c.w.s.wss4j.WSS4JInInterceptor - org.apache.ws.security.WSSecurityException: The
signature or decryption was invalid
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:19
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:12
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.jav
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.jav
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.ja
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message