cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexandre Meyer (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CXF-6652) can't sign SOAP header Signature "signature verification failed"
Date Thu, 22 Oct 2015 12:30:27 GMT
Alexandre Meyer created CXF-6652:
------------------------------------

             Summary: can't sign SOAP header Signature "signature verification failed"
                 Key: CXF-6652
                 URL: https://issues.apache.org/jira/browse/CXF-6652
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 3.1.3
            Reporter: Alexandre Meyer


When you configure Signature action:

Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,"Signature Encrypt Timestamp");
...

and SIGNATURE_PARTS

...
outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
	"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
"
	+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; "
	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action; "
	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To; "
	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo; "
	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID ");

All works fine but the Signature element does not have any reference.

Result:

<wsu:Timestamp wsu:Id="TS-1">
	<wsu:Created>2015-10-22T11:55:21.937Z</wsu:Created>
	<wsu:Expires>2015-10-22T12:00:21.937Z</wsu:Expires>
</wsu:Timestamp>
<Action ... wsu:Id="id-1">
<MessageID ... wsu:Id="id-2">
<To ... wsu:Id="id-3">
<ReplyTo ... wsu:Id="id-4">
	<Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
</ReplyTo>
....
<ds:Signature ... Id="SIG-ed19886d-2f14-4595-a815-8544867deae4">
	<ds:SignedInfo>
		<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
		<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
		<ds:Reference URI="#TS-1">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<ds:DigestValue>...</ds:DigestValue>
		</ds:Reference>
		<ds:Reference URI="#id-1">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<ds:DigestValue>...</ds:DigestValue>
		</ds:Reference>
		<ds:Reference URI="#id-2">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<ds:DigestValue>...</ds:DigestValue>
		</ds:Reference>
		<ds:Reference URI="#id-3">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<ds:DigestValue>...</ds:DigestValue>
		</ds:Reference>
		<ds:Reference URI="#id-4">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<ds:DigestValue>...</ds:DigestValue>
		</ds:Reference>
	</ds:SignedInfo>
	<ds:SignatureValue>.......</ds:SignatureValue>
	<ds:KeyInfo Id="KI-...">
		....
	</ds:KeyInfo>
</ds:Signature>

But where is the reference to "SIG-ed19886d-2f14-4595-a815-8544867deae4"?






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message