ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dobri Kitipov (JIRA)" <j...@apache.org>
Subject [jira] Created: (WSS-198) Problem when body is signed and then an XPath is encrypted
Date Thu, 11 Jun 2009 14:33:07 GMT
Problem when body is signed and then an XPath is encrypted
----------------------------------------------------------

                 Key: WSS-198
                 URL: https://issues.apache.org/jira/browse/WSS-198
             Project: WSS4J
          Issue Type: Bug
    Affects Versions: 1.5.7
            Reporter: Dobri Kitipov
            Assignee: Ruchith Udayanga Fernando


Hi everybody,
there is a problem when when a message body is signed and then an XPath expression pointing
to a body element is encrypted.
The problem is that the verification of the signature cannot pass. This is caused by the fact
that there is a difference between the signed body and the body used for signature verification.
The body used for signature verification is modified because after XPath element decryption
an ID is added to the element. This ID is used to verify the decryption, but changes the original
body. 

Exception thrown is:

[WARN] Verification failed for URI "#Id-11235685"
[WARN] Expected Digest: o0jyc1pJHEawRaLNry+cnYeCc80=
[WARN] Actual Digest: VMEF6KgvE6t3PNLlYR49LGEW+xM=
[ERROR] The signature or decryption was invalid
org.apache.axis2.AxisFault: The signature or decryption was invalid
	at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
	at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
	at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
	at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
	at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
	at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
	at com.softwareag.wsstack.deployment.server.SAGAdminServlet.doPost(SAGAdminServlet.java:30)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
	at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
	at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:527)
	at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
	at org.apache.rampart.RampartEngine.process(RampartEngine.java:151)
	at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
	... 22 more

I will try to apply a patch tomorrow.

Any comments and ideas are appreciated.

Regards,
Dobri



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message