Return-Path: 
 <issues-return-29915-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 526F91028B
	for <apmail-cxf-issues-archive@www.apache.org>;
 Wed, 30 Apr 2014 21:05:24 +0000 (UTC)
Received: (qmail 46142 invoked by uid 500); 30 Apr 2014 21:05:21 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 46066 invoked by uid 500); 30 Apr 2014 21:05:20 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 45902 invoked by uid 99); 30 Apr 2014 21:05:19 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Apr 2014 21:05:19 +0000
Date: Wed, 30 Apr 2014 21:05:19 +0000 (UTC)
From: "Aki Yoshida (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: <JIRA.12707398.1397039417702.209708.1398891919589@arcas>
In-Reply-To: <JIRA.12707398.1397039417702@arcas>
References: <JIRA.12707398.1397039417702@arcas>
Subject: [jira] [Updated] (CXF-5679) WS-S after upgrade fails with
 org.apache.ws.security.WSSecurityException: The signature or decryption was
 invalid
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/CXF-5679?page=3Dcom.atlassian.=
jira.plugin.system.issuetabpanels:all-tabpanel ]

Aki Yoshida updated CXF-5679:
-----------------------------

    Attachment:     (was: ParseBodyTest.java)

> WS-S after upgrade fails with org.apache.ws.security.WSSecurityException:=
 The signature or decryption was invalid
> -------------------------------------------------------------------------=
----------------------------------------
>
>                 Key: CXF-5679
>                 URL: https://issues.apache.org/jira/browse/CXF-5679
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.7.9, 2.7.10
>            Reporter: J=C3=A1n Ondru=C5=A1ek
>            Assignee: Colm O hEigeartaigh
>              Labels: security
>         Attachments: bad-request-formatted.xml, bad-run.txt, example-test=
.diff, good-request-formatted.xml, log.txt, test-soapui-project.xml
>
>
> After upgrading CXF from version 2.7.5 to 2.7.9 or higher, we experienced=
 this issue. Worked well with 2.7.5 and earlier.
> Request (our business data stripped and replaced with dummy ns1):
> {code:xml}
> <soapenv:Envelope xmlns:ns1=3D"http://example/soap"
> =09xmlns:soapenv=3D"http://schemas.xmlsoap.org/soap/envelope/">
> =09<soapenv:Header>
> =09=09<wsse:Security soapenv:mustUnderstand=3D"1"
> =09=09=09xmlns:wsse=3D"http://docs.oasis-open.org/wss/2004/01/oasis-20040=
1-wss-wssecurity-secext-1.0.xsd"
> =09=09=09xmlns:wsu=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401=
-wss-wssecurity-utility-1.0.xsd">
> =09=09=09<ds:Signature Id=3D"SIG-33" xmlns:ds=3D"http://www.w3.org/2000/0=
9/xmldsig#">
> =09=09=09=09<ds:SignedInfo>
> =09=09=09=09=09<ds:CanonicalizationMethod
> =09=09=09=09=09=09Algorithm=3D"http://www.w3.org/2001/10/xml-exc-c14n#">
> =09=09=09=09=09=09<ec:InclusiveNamespaces PrefixList=3D"ns1 soapenv"
> =09=09=09=09=09=09=09xmlns:ec=3D"http://www.w3.org/2001/10/xml-exc-c14n#"=
 />
> =09=09=09=09=09</ds:CanonicalizationMethod>
> =09=09=09=09=09<ds:SignatureMethod Algorithm=3D"http://www.w3.org/2000/09=
/xmldsig#rsa-sha1" />
> =09=09=09=09=09<ds:Reference URI=3D"#id-22">
> =09=09=09=09=09=09<ds:Transforms>
> =09=09=09=09=09=09=09<ds:Transform Algorithm=3D"http://www.w3.org/2001/10=
/xml-exc-c14n#">
> =09=09=09=09=09=09=09=09<ec:InclusiveNamespaces PrefixList=3D"ns1"
> =09=09=09=09=09=09=09=09=09xmlns:ec=3D"http://www.w3.org/2001/10/xml-exc-=
c14n#" />
> =09=09=09=09=09=09=09</ds:Transform>
> =09=09=09=09=09=09</ds:Transforms>
> =09=09=09=09=09=09<ds:DigestMethod Algorithm=3D"http://www.w3.org/2000/09=
/xmldsig#sha1" />
> =09=09=09=09=09=09<ds:DigestValue>VF0g31FSsHWpdMN7lGVgQA1li4c=3D</ds:Dige=
stValue>
> =09=09=09=09=09</ds:Reference>
> =09=09=09=09=09<ds:Reference URI=3D"#TS-32">
> =09=09=09=09=09=09<ds:Transforms>
> =09=09=09=09=09=09=09<ds:Transform Algorithm=3D"http://www.w3.org/2001/10=
/xml-exc-c14n#">
> =09=09=09=09=09=09=09=09<ec:InclusiveNamespaces PrefixList=3D"wsse ns1 so=
apenv"
> =09=09=09=09=09=09=09=09=09xmlns:ec=3D"http://www.w3.org/2001/10/xml-exc-=
c14n#" />
> =09=09=09=09=09=09=09</ds:Transform>
> =09=09=09=09=09=09</ds:Transforms>
> =09=09=09=09=09=09<ds:DigestMethod Algorithm=3D"http://www.w3.org/2000/09=
/xmldsig#sha1" />
> =09=09=09=09=09=09<ds:DigestValue>4yW2ssYnI+QB40HBdWexy80+GNo=3D</ds:Dige=
stValue>
> =09=09=09=09=09</ds:Reference>
> =09=09=09=09</ds:SignedInfo>
> =09=09=09=09<ds:SignatureValue>QGIDsbR//zUyjUD36LtkiMJsIiT1vYionG8Y0blqif=
2QKrMB2AHnr9KXiYy7MbcdMaTVxn6gmKGN
> =09=09=09=09=097bRjE6MX1VVf9ZPem5SfasHYQ6wS7l/I1NGUyGw227cv1AceDPje05Wjk5=
vmN9G1dKvbfECJhBLA
> =09=09=09=09=097/OBAxJI+TYmYe94cu8=3D</ds:SignatureValue>
> =09=09=09=09<ds:KeyInfo Id=3D"KI-6788C4A756C88F8773139703929455550">
> =09=09=09=09=09<wsse:SecurityTokenReference
> =09=09=09=09=09=09wsu:Id=3D"STR-6788C4A756C88F8773139703929455551">
> =09=09=09=09=09=09<ds:X509Data>
> =09=09=09=09=09=09=09<ds:X509IssuerSerial>
> =09=09=09=09=09=09=09=09<ds:X509IssuerName>CN=3Dclientuser</ds:X509Issuer=
Name>
> =09=09=09=09=09=09=09=09<ds:X509SerialNumber>1288174342</ds:X509SerialNum=
ber>
> =09=09=09=09=09=09=09</ds:X509IssuerSerial>
> =09=09=09=09=09=09</ds:X509Data>
> =09=09=09=09=09</wsse:SecurityTokenReference>
> =09=09=09=09</ds:KeyInfo>
> =09=09=09</ds:Signature>
> =09=09=09<wsu:Timestamp wsu:Id=3D"TS-32">
> =09=09=09=09<wsu:Created>2014-04-09T10:28:14.554Z</wsu:Created>
> =09=09=09=09<wsu:Expires>2014-04-09T10:33:14.554Z</wsu:Expires>
> =09=09=09</wsu:Timestamp>
> =09=09</wsse:Security>
> =09</soapenv:Header>
> =09<soapenv:Body wsu:Id=3D"id-22"
> =09=09xmlns:wsu=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws=
s-wssecurity-utility-1.0.xsd">
> =09=09<ns1:hello></ns1:hello>
> =09</soapenv:Body>
> </soapenv:Envelope>
> {code}
> Response:
> {code:xml}
> <soap:Envelope xmlns:soap=3D"http://schemas.xmlsoap.org/soap/envelope/">
> =09<soap:Body>
> =09=09<soap:Fault>
> =09=09=09<faultcode
> =09=09=09=09xmlns:ns1=3D"http://docs.oasis-open.org/wss/2004/01/oasis-200=
401-wss-wssecurity-secext-1.0.xsd">ns1:FailedCheck</faultcode>
> =09=09=09<faultstring>The signature or decryption was invalid</faultstrin=
g>
> =09=09</soap:Fault>
> =09</soap:Body>
> </soap:Envelope>
> {code}
> Log:
> {noformat}
> o.a.c.w.s.wss4j.WSS4JInInterceptor - org.apache.ws.security.WSSecurityExc=
eption: The signature or decryption was invalid
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.ws.security.proces=
sor.SignatureProcessor.handleToken(SignatureProcessor.java:19
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.ws.security.WSSecu=
rityEngine.processSecurityHeader(WSSecurityEngine.java:396)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.ws.security.ws=
s4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.ws.security.ws=
s4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.phase.PhaseInt=
erceptorChain.doIntercept(PhaseInterceptorChain.java:272)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.Chai=
nInitiationObserver.onMessage(ChainInitiationObserver.java:12
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.http=
.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.serv=
let.ServletController.invokeDestination(ServletController.jav
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.serv=
let.ServletController.invoke(ServletController.java:222)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.serv=
let.ServletController.invoke(ServletController.java:153)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.serv=
let.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.serv=
let.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.jav
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.serv=
let.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:206)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at javax.servlet.http.HttpServle=
t.service(HttpServlet.java:641)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.cxf.transport.serv=
let.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.catalina.core.Appl=
icationFilterChain.internalDoFilter(ApplicationFilterChain.ja
> o.a.c.w.s.wss4j.WSS4JInInterceptor - #011at org.apache.catalina.core.Appl=
icationFilterChain.doFilter(ApplicationFilterChain.java:210)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)