Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signature verification failed with wss4j api (while signing soap body) #379

Open
Tomas-Kraus opened this issue Jun 2, 2022 · 0 comments
Open

signature verification failed with wss4j api (while signing soap body) #379

Tomas-Kraus opened this issue Jun 2, 2022 · 0 comments
Labels
Component: security ERR: Assignee gf4-exclude Priority: Major Type: Bug

Comments

@Tomas-Kraus
Copy link
Member

metro api does not seems to work while signing the soap body and send the request to the web service(published over metro).

client using metro api working fine when signing the soap body and it verifies the signature perfectly. But when client is using wss4j api(axis 1.1 api) or soap ui, it failed and display error that signature verification faild even works perfect with the same configuration when using metro api.

It seems that this is a compatibility issue with wss4j api(used by axis 1.1 and soap ui).

stack trace:
AxisFault
2013-01-28 20:53:29 faultCode:

{http://schemas.xmlsoap.org/soap/envelope/}

Server
2013-01-28 20:53:29 faultSubcode:
2013-01-28 20:53:29 faultString: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed
2013-01-28 20:53:29 faultActor:
2013-01-28 20:53:29 faultNode:
2013-01-28 20:53:29 faultDetail:
2013-01-28 20:53:29

{http://xml.apache.org/axis/}

stackTrace: AxisFault
2013-01-28 20:53:29 faultCode:

{http://schemas.xmlsoap.org/soap/envelope/}

Server
2013-01-28 20:53:29 faultSubcode:
2013-01-28 20:53:29 faultString: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed
2013-01-28 20:53:29 faultActor:
2013-01-28 20:53:29 faultNode:
2013-01-28 20:53:29 faultDetail:
2013-01-28 20:53:29
2013-01-28 20:53:29 com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed
2013-01-28 20:53:29 at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:260)
2013-01-28 20:53:29 at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:169)
2013-01-28 20:53:29 at org.apache.axis.encoding.DeserializationContextImpl.endElement(DeserializationContextImpl.java:1015)
2013-01-28 20:53:29 at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
2013-01-28 20:53:29 at javax.xml.parsers.SAXParser.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.axis.encoding.DeserializationContextImpl.parse(DeserializationContextImpl.java:242)
2013-01-28 20:53:29 at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:538)
2013-01-28 20:53:29 at org.apache.axis.Message.getSOAPEnvelope(Message.java:376)
2013-01-28 20:53:29 at org.apache.axis.client.Call.invokeEngine(Call.java:2583)
2013-01-28 20:53:29 at org.apache.axis.client.Call.invoke(Call.java:2553)
2013-01-28 20:53:29 at org.apache.axis.client.Call.invoke(Call.java:1753)
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsUtils.makeMessageCall(WsUtils.java:781)
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsMessageCall.webServiceCall(WsMessageCall.java:1912)
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsMessageCall.access$1(WsMessageCall.java:1757)
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsMessageCall$2.run(WsMessageCall.java:1702)
2013-01-28 20:53:29 at java.lang.Thread.run(Unknown Source)
2013-01-28 20:53:29
2013-01-28 20:53:29
2013-01-28 20:53:29 com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed
2013-01-28 20:53:29 at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:260)
2013-01-28 20:53:29 at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:169)
2013-01-28 20:53:29 at org.apache.axis.encoding.DeserializationContextImpl.endElement(DeserializationContextImpl.java:1015)
2013-01-28 20:53:29 at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
2013-01-28 20:53:29,775 ERROR [Flow Thread(101063087220135938660887100101)] flow com.adeptia.indigo.jelly.ActivityTag.runSync(ActivityTag.java:489) - testte|test|WsMessageCall|Failed|administrators|192168001253135900036090700008|101063087220135938660878000100|192168001253135900022968500003||admin|Error in execution for activity WsMessageCall:test:192168001253135900022968500003[com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed ]|localhost|
2013-01-28 20:53:29 at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
2013-01-28 20:53:29 AxisFault
2013-01-28 20:53:29 at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
2013-01-28 20:53:29 faultCode:

{http://schemas.xmlsoap.org/soap/envelope/}

Server
2013-01-28 20:53:29 at javax.xml.parsers.SAXParser.parse(Unknown Source)
2013-01-28 20:53:29 faultSubcode:
2013-01-28 20:53:29 at org.apache.axis.encoding.DeserializationContextImpl.parse(DeserializationContextImpl.java:242)
2013-01-28 20:53:29 faultString: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed
2013-01-28 20:53:29 at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:538)
2013-01-28 20:53:29 faultActor:
2013-01-28 20:53:29 at org.apache.axis.Message.getSOAPEnvelope(Message.java:376)
2013-01-28 20:53:29 faultNode:
2013-01-28 20:53:29 at org.apache.axis.client.Call.invokeEngine(Call.java:2583)
2013-01-28 20:53:29 faultDetail:
2013-01-28 20:53:29 at org.apache.axis.client.Call.invoke(Call.java:2553)
2013-01-28 20:53:29

{http://xml.apache.org/axis/}

stackTrace: AxisFault
2013-01-28 20:53:29 at org.apache.axis.client.Call.invoke(Call.java:1753)
2013-01-28 20:53:29 faultCode:

{http://schemas.xmlsoap.org/soap/envelope/}

Server
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsUtils.makeMessageCall(WsUtils.java:781)
2013-01-28 20:53:29 faultSubcode:
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsMessageCall.webServiceCall(WsMessageCall.java:1912)
2013-01-28 20:53:29 faultString: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsMessageCall.access$1(WsMessageCall.java:1757)
2013-01-28 20:53:29 faultActor:
2013-01-28 20:53:29 faultNode:
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsMessageCall$2.run(WsMessageCall.java:1702)
2013-01-28 20:53:29 faultDetail:
2013-01-28 20:53:29 at java.lang.Thread.run(Unknown Source)
2013-01-28 20:53:29 com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Signature verification failed
2013-01-28 20:53:29 at org.apache.axis.message.SOAPFaultBuilder.createFault(SOAPFaultBuilder.java:260)
2013-01-28 20:53:29 at org.apache.axis.message.SOAPFaultBuilder.endElement(SOAPFaultBuilder.java:169)
2013-01-28 20:53:29 at org.apache.axis.encoding.DeserializationContextImpl.endElement(DeserializationContextImpl.java:1015)
2013-01-28 20:53:29 at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
2013-01-28 20:53:29 at javax.xml.parsers.SAXParser.parse(Unknown Source)
2013-01-28 20:53:29 at org.apache.axis.encoding.DeserializationContextImpl.parse(DeserializationContextImpl.java:242)
2013-01-28 20:53:29 at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:538)
2013-01-28 20:53:29 at org.apache.axis.Message.getSOAPEnvelope(Message.java:376)
2013-01-28 20:53:29 at org.apache.axis.client.Call.invokeEngine(Call.java:2583)
2013-01-28 20:53:29 at org.apache.axis.client.Call.invoke(Call.java:2553)
2013-01-28 20:53:29 at org.apache.axis.client.Call.invoke(Call.java:1753)
2013-01-28 20:53:29 at com.adeptia.indigo.services.webservice.WsUtils.makeMessageCall(WsUtils.java:781)

  • request using soap ui(not working):

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
soap:Header
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-21">
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-22">
ds:Transforms
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
ds:DigestValueoyxBJzxeBDE7rIpukje/SMSGi1M=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
ds:SignatureValue
QQi/C3DrIqvuj2q5PdJ+tnZ0q9dg21AawlLq0N/tO4WiwKOc7P2RHFUc7HY2GIA07ZN+ZPIsiRdH
BK1DWGMY3um3AN1xRHqr1d/HBSq7iIdhlhOxPP5DYv4pRo1sGov3cDOY3n362R1jOLJSm2r3nMlO
IN4F7ZDsFdkr/kkFyA4=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-6436563946A2BA15B3135934748180438">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-6436563946A2BA15B3135934748180439">
ds:X509Data
ds:X509IssuerSerial
ds:X509IssuerNameC=pkcsnew,ST=pkcsnew,L=pkcsnew,O=pkcsnew,OU=pkcsnew,CN=pkcsnew</ds:X509IssuerName>
ds:X509SerialNumber1</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-22">

?
?
?

?
  • request using metro api(working):

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
SOAP-ENV:Header
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-1359347423626-800223482">
ds:SignedInfo
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-1359347423638-1043174066">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
ds:DigestValueRKScYXOHzhTQci8QTalIUGcQgd8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
ds:SignatureValueglRCiqm1F/FjeAx9IXzALl4Xkrda7IcWfwl87H2WIjRDi1tBMJdF17pNNobrDYzKCqnhXOgJOpBs
qW9zK+L1wnoKmWWn/Tf1PmdTq5G7jlZvsmx4qtiW9lRMa2Orz7fPClugXJQtejovlQfD96zDqlvE
HzPFMK+a1X9x+pPSduY=</ds:SignatureValue>
ds:KeyInfo
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1359347423637198325665">
ds:X509Data
ds:X509IssuerSerial
ds:X509IssuerNameC=pkcsnew, ST=pkcsnew, L=pkcsnew, O=pkcsnew, OU=pkcsnew, CN=pkcsnew</ds:X509IssuerName>
ds:X509SerialNumber1</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1359347423638-1043174066">

Tove
Jani
Reminder

Don't forget me this weekend! ==== Received Message End ====

Please let me know if i am doing something wrong or it is an issue. This is very critical for out product so please replay ASAP.

Thanks
Vipin Kumar

Environment

jre 6 and windows 7 64 bit

Affected Versions

[2.1]

Source: javaee/metro-wsit#1665
Author: glassfishrobot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: security ERR: Assignee gf4-exclude Priority: Major Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Tomas-Kraus