Announcement Announcement Module
Collapse
No announcement yet.
"signature verification failed" using certificate authentication and saaj 1.2 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • "signature verification failed" using certificate authentication and saaj 1.2

    All,

    I'm getting "signature verification failed" when using certificate authentication with saaj 1.2.

    The only way I've found to get around the error is to use saaj 1.3 on the client AND change my transformer factory to org.apache.xalan.xsltc.trax.TransformerFactoryImpl .

    Unfortunately, using saaj 1.3 on the client may not be an option for me.

    My best guess is that somehow the message is being modified by the transformer AFTER the signature is created.

    Any help is appreciated.
    Assorted details follow:

    Error message from the service side::
    Verification failed for URI "#id-30318493"
    Could not validate request: The signature verification failed; nested exception is org.apache.ws.security.WSSecurityException: The signature verification failed

    Both client and server are using:
    jdk : 1.5.0_15
    spring : 2.5.3
    spring ws : 1.5.0
    xerces : 1.8.1
    xalan : 1.7.0
    xmlapis : 1.3.04
    wss4j : 1.5.3
    xmlsec : 1.4.2

    Relevent server config:
    Code:
       <bean class="org.springframework.ws.server.endpoint.mapping.PayloadRootQNameEndpointMapping">
          <property name="mappings">
             <props>
                <prop key="{http://service.mycompany.com/InsultService}InsultRequest">insultEndpoint</prop>
             </props>
          </property>
    
          <property name="interceptors">
             <list>
                <ref bean="wss4jSecurityInterceptor" />
             </list>
          </property>
       </bean>
      
       <bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
          <property name="validationActions" value="Signature"/>
          <property name="validationSignatureCrypto">
             <bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
                <property name="keyStorePassword" value="keyStorePassword"/>
                <property name="keyStoreLocation" value="classpath:andy-publicstore.jks"/>
             </bean>
          </property>
       </bean>
    Relevent client config:
    Code:
       <bean id="wss4jSecureWebServiceTemplate" class="org.springframework.ws.client.core.WebServiceTemplate">
          <property name="defaultUri" value="http://localhost:8081/server/service" />
          <property name="interceptors" ref="wss4jSecurityInterceptor" />
       </bean>
      
       <bean id="wss4jSecurityInterceptor" class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
          <property name="securementActions" value="Signature"/>
          <property name="securementUsername" value="andyAlias"/>
          <property name="securementPassword" value="andyAliasPassword"/>
          <property name="securementSignatureCrypto">
             <bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
                <property name="keyStorePassword" value="keyStorePassword"/>
                <property name="keyStoreLocation" value="classpath:andy-privatestore.jks"/>
             </bean>
          </property>
       </bean>
    Request Message:
    Code:
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-24065561">
    <ds:SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <ds:Reference URI="#id-30318493">
    <ds:Transforms>
    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>cpxPDnLp/+HcelF1tCWcqnTehxo=</ds:DigestValue>
    </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>
    Lct89vkdAamvseEJ8JJVvRclL3IghdHT5bSK9OeFun/lmKI7nJ+tbKEYEmNrLuDlrNkas4R4bPNs
    fkhx8I0n9+LGktsNY5mWbQXM0uAZG09A1XvjCf5afeKXkPOuOlOFDJzYru6CbMsWrp5O3ZetmefY
    jyjhQ099Oix9j2pkHYs=
    </ds:SignatureValue>
    <ds:KeyInfo Id="KeyId-26200506">
    <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-17099451"><ds:X509Data>
    <ds:X509IssuerSerial>
    <ds:X509IssuerName>CN=andyAlias</ds:X509IssuerName>
    <ds:X509SerialNumber>1207793346</ds:X509SerialNumber>
    </ds:X509IssuerSerial>
    </ds:X509Data></wsse:SecurityTokenReference>
    </ds:KeyInfo>
    </ds:Signature></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-30318493"><ins:InsultRequest xmlns:ins="http://service.mycompany.com/InsultService">    <ins:Name>Andy</ins:Name> </ins:InsultRequest></SOAP-ENV:Body></SOAP-ENV:Envelope>
    Response:
    Code:
    <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header/>
    <SOAP-ENV:Body>
    <SOAP-ENV:Fault>
    <faultcode>SOAP-ENV:Client</faultcode>
    <faultstring xml:lang="en">The signature verification failed; nested exception is org.apache.ws.security.WSSecurityException: The signature verification failed</faultstring>
    </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
    </SOAP-ENV:Envelope>
Working...
X