cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-6652) can't sign SOAP header Signature "signature verification failed"
Date Thu, 22 Oct 2015 14:36:27 GMT

    [ https://issues.apache.org/jira/browse/CXF-6652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14969239#comment-14969239
] 

Colm O hEigeartaigh commented on CXF-6652:
------------------------------------------


This is not a bug - WSS4J is simply doing what you are telling it to do. It sounds like you
want to add a second signature to endorse the first signature. This is possible, but not using
the WSS4JOutInterceptor approach that you are using.

If you are consuming a WCF resource you are much better using WS-SecurityPolicy instead. This
will configure security for you, all you need to do is add keystores etc.

Colm.

> can't sign SOAP header Signature "signature verification failed"
> ----------------------------------------------------------------
>
>                 Key: CXF-6652
>                 URL: https://issues.apache.org/jira/browse/CXF-6652
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 3.1.3
>            Reporter: Alexandre Meyer
>
> When you configure Signature action:
> Map<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION,"Signature Encrypt Timestamp");
> ...
> and SIGNATURE_PARTS
> ...
> outProps.put(WSHandlerConstants.SIGNATURE_PARTS,
> 	"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;
"
> 	+ "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body; "
> 	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}Action; "
> 	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}To; "
> 	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}ReplyTo; "
> 	+ "{Element}{http://schemas.xmlsoap.org/ws/2004/08/addressing}MessageID ");
> All works fine but the Signature element does not have any reference.
> Result:
> <wsu:Timestamp wsu:Id="TS-1">
> 	<wsu:Created>2015-10-22T11:55:21.937Z</wsu:Created>
> 	<wsu:Expires>2015-10-22T12:00:21.937Z</wsu:Expires>
> </wsu:Timestamp>
> <Action ... wsu:Id="id-1">
> <MessageID ... wsu:Id="id-2">
> <To ... wsu:Id="id-3">
> <ReplyTo ... wsu:Id="id-4">
> 	<Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</Address>
> </ReplyTo>
> ....
> <ds:Signature ... Id="SIG-ed19886d-2f14-4595-a815-8544867deae4">
> 	<ds:SignedInfo>
> 		<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> 		<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> 		<ds:Reference URI="#TS-1">
> 			<ds:Transforms>
> 				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> 			</ds:Transforms>
> 			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 			<ds:DigestValue>...</ds:DigestValue>
> 		</ds:Reference>
> 		<ds:Reference URI="#id-1">
> 			<ds:Transforms>
> 				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> 			</ds:Transforms>
> 			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 			<ds:DigestValue>...</ds:DigestValue>
> 		</ds:Reference>
> 		<ds:Reference URI="#id-2">
> 			<ds:Transforms>
> 				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> 			</ds:Transforms>
> 			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 			<ds:DigestValue>...</ds:DigestValue>
> 		</ds:Reference>
> 		<ds:Reference URI="#id-3">
> 			<ds:Transforms>
> 				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> 			</ds:Transforms>
> 			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 			<ds:DigestValue>...</ds:DigestValue>
> 		</ds:Reference>
> 		<ds:Reference URI="#id-4">
> 			<ds:Transforms>
> 				<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> 			</ds:Transforms>
> 			<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 			<ds:DigestValue>...</ds:DigestValue>
> 		</ds:Reference>
> 	</ds:SignedInfo>
> 	<ds:SignatureValue>.......</ds:SignatureValue>
> 	<ds:KeyInfo Id="KI-...">
> 		....
> 	</ds:KeyInfo>
> </ds:Signature>
> But where is the reference to "SIG-ed19886d-2f14-4595-a815-8544867deae4"?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message