From dev-return-13671-apmail-ws-dev-archive=ws.apache.org@ws.apache.org Mon Sep 3 13:33:09 2012 Return-Path: X-Original-To: apmail-ws-dev-archive@www.apache.org Delivered-To: apmail-ws-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 33305D8DE for ; Mon, 3 Sep 2012 13:33:09 +0000 (UTC) Received: (qmail 29421 invoked by uid 500); 3 Sep 2012 13:33:08 -0000 Delivered-To: apmail-ws-dev-archive@ws.apache.org Received: (qmail 29204 invoked by uid 500); 3 Sep 2012 13:33:08 -0000 Mailing-List: contact dev-help@ws.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ws.apache.org Delivered-To: mailing list dev@ws.apache.org Received: (qmail 29196 invoked by uid 99); 3 Sep 2012 13:33:08 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Sep 2012 13:33:08 +0000 Date: Tue, 4 Sep 2012 00:33:08 +1100 (NCT) From: "Colm O hEigeartaigh (JIRA)" To: dev@ws.apache.org Message-ID: <990368586.30384.1346679188118.JavaMail.jiratomcat@arcas> In-Reply-To: <885404224.14617.1346285767857.JavaMail.jiratomcat@arcas> Subject: [jira] [Commented] (WSS-402) Message not being signed correctly when using RSA (2048 bit ) certs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/WSS-402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13447270#comment-13447270 ] Colm O hEigeartaigh commented on WSS-402: ----------------------------------------- Could you turn on debug logging to see what exactly is causing the problem? Colm. > Message not being signed correctly when using RSA (2048 bit ) certs > ------------------------------------------------------------------- > > Key: WSS-402 > URL: https://issues.apache.org/jira/browse/WSS-402 > Project: WSS4J > Issue Type: Bug > Affects Versions: 1.5.12 > Reporter: Dan Chanez > Assignee: Colm O hEigeartaigh > > I upgraded to 1.5.12 from 1.5.11. When using RSA(1024 bit) self signed certs everything works fine. But when I use RSA (2048 bit) Verisign signed certs I get the following stack trace on the client side: > org.apache.ws.security.WSSecurityException: The signature or decryption was invalid > at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:322) > at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85) > at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311) > at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228) > at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:158) > at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:65) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220) > at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:633) > at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2064) > at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1942) > at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1867) > at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) > at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:170) > at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) > at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:595) > at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:220) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:466) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:299) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:251) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) > at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) > at $Proxy51.executeCommand(Unknown Source) > at com.transending.ws.client.web.action.WebServiceClientAction.populateWSClientResponse(WebServiceClientAction.java:152) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) > at java.lang.reflect.Method.invoke(Unknown Source) > at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269) > at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:170) > at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58) > at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67) > at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51) > at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190) > at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:304) > at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190) > at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283) > at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) > at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at log.MDCServletFilter.doFilter(MDCServletFilter.java:80) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) > at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) > at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) > at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:548) > at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) > at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) > at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) > at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) > at java.lang.Thread.run(Unknown Source) > When I reverted back to 1.5.11 using the same RSA (2048 bit) Verisign signed certs everything works fine. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org For additional commands, e-mail: dev-help@ws.apache.org