This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

error while recieving a signed response

 
gaurav abbi
Ranch Hand
Posts: 108
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i'm using axis as a web service engine on my client side and getting a signed response from a web service.

But while recieving the response im gettng the following error.

Verification failed for URI "#id-13753285"
org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)
failed becoz of remote exception: org.apache.ws.security.WSSecurityException: The signature verification failed
Exception in thread "main" org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)

below are my hadler configurations and properties file



properties file
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=signverf
org.apache.ws.security.crypto.merlin.alias.password=password
org.apache.ws.security.crypto.merlin.file=certs/signverf/signverf_pubkeystore

commands i used to generate keystore:
keytool -import -alias signverf -file privCert4Sign.cer -keystore signverf_pubkeystore -storepass password

keytool -list -alias signverf -keystore signverf_pubkeystore


i tried goggling for this error,in one thread i got this is because of some issue in axis 1.4 which i'm using and if i try using axis 1.2, this will not come,
for the time i'm not able to download axis 1.2 from any of the apache mirrors ,
if some one can provide me the link,it will be really helpful.
also if anyone as faced similar issue or can see whats going wrong here, please reply.

also below is my soap response capture using tcpmon
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature Id="Signature-18290758" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="#id-13753285" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds igestValue xmlns s="http://www.w3.org/2000/09/xmldsig#">jAaM4xp/2ZOch7iqyyLynojMpV0=</ds igestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns s="http://www.w3.org/2000/09/xmldsig#">
JiOjIFgJ2qMvzJsirbjgV7AeDWfsS0Ak3xzue1nK+LXELM3tZ/h/eFyxCLZfLk+553vJbmnlU423
8NgjgngYcYa+bB6yTovZJKB66LdQEHLpmTX4WNteLrcVOBfHyZcJCKemF2XyaF4yX03XGAIdNnFV
1d8wZQcBgakPIrjJGAZtwo94bYBlL/MJedBP819Ecf/N6hEmafFxHD46Xapi+HdcDjQmCqxaol/I
bQuM3ikJJ2v+46bQNKEWavdG7lIicjUsvH3xpyzZthj26nAHV6nAOEe8tybKhKLga6KDM+3eAJNq
3s52yZTz68n7z5AijdmhMkc7ivCxELBx5TQYsw==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-20631690" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsu:Id="STRId-5317380" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDLDCCAhSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwTzEWMBQGA1UEAwwNcHJpdkNlcnQ0U2lnbjEMMAoGA1UECgwDYWJzMQswCQYDVQQGEwJVUzEaMBgGCSqGSIb3DQEJARYLeHl6QGFiYy5jb20wHhcNMDcwOTA0MDQzNzMxWhcNMDgwMzAyMDQzNzMxWjBPMRYwFAYDVQQDDA1wcml2Q2VydDRTaWduMQwwCgYDVQQKDANhYnMxCzAJBgNVBAYTAlVTMRowGAYJKoZIhvcNAQkBFgt4eXpAYWJjLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSG2UR8nMAxctBlR5YSnEVeuHNFMM7t8YQX6J8GRausKPXyDT4pIfP HRaeag62K4cUhBDYBLyUmZqYTZBHpKISgYkYsXqYHoB4gif664rZvpMKw+cTpD/3WzViOeHHWfQM5/XUatLBPXzRUB78PcM9RnCEeznKUEPoWxTfl2qsR0d4CxOVzH9dHn6JCEaQQWzntH61YCw4Qm6Kq78+sLfnv7CBrg/NYewFX9JozZk7UzlmPZWCm7pp2d4UDn1KB7nLnLFxD6aMgjAikWKAU4h15ihJxu6Appc+ggAdAV/jQiaIeAtokfe2Iw1bUh8SOOR8iUa9lK0Jf6C/N9ZTnxCcCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQCKfRu1cXkwwnNZ+0brwT4iI1q/Ti/OVMWpP15Ob7bDE5rUjwpNUJXXlqKdOh7pkk1gLTiebQrMkd0ozpbi/Xdmea1xf9diCc4IApg6K9G4KACR2sLeXcKy7d4hakYqMLeaPJwBcd3V6DGiJgfP2S8Ui8r QzDpslTBM1+YaBdUVIv1/VCFO/K5I4lkPkjGDp/qDm4lXn3Mup9HG9INgklA02hPnYHWunVZm/5MZpEn4BYks+B3VqCXSAkRVD9aAuM3Tv4atblHDs3oKTV1awoVQbKkw+Eonnc/+Mex8A5sJ/8eUnQ3UPdT77U0+WcrvwFxoFP2e0J8xHW8N8b2fIr8H</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body wsu:Id="id-13753285" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<mesa rocessData xmlns:mesa="http://www.sterlingcommerce.com/mesa" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ProcessData>
<service>Test_Web2</service>
<b2b-protocol>http</b2b-protocol>
<transport-instance-id>MESAHttpServerAdapter_HttpServerAdapter_node1</transport-instance-id>
<SyncModeBP>false</SyncModeBP>
<http-request-uri>/soap-new</http-request-uri>
<transport-session-id>Fri Aug 31 14:04:57 IST 2007:110</transport-session-id>
<incomingSOAPTransportMode>http</incomingSOAPTransportMode>
<VERIFICATION_KEY/>
<DECRYPTION_KEY/>
<SECURITY_TOKEN_NAME>ST1</SECURITY_TOKEN_NAME>
<SIGNING_CERTIFICATE>blrgislin13:10.11.23.37:114bb0fb841:12328</SIGNING_CERTIFICATE>
<SIGNING_ALGO>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SIGNING_ALGO>
<SIGNING_KEY_IDENTIFIER_TYPE>3</SIGNING_KEY_IDENTIFIER_TYPE>
<CANONICALIZATION_ALGO>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</CANONICALIZATION_ALGO>
<SIGNATURE_ENCRYPTION_ORDER>-1</SIGNATURE_ENCRYPTION_ORDER>
<SOAP_URI>/soap-new</SOAP_URI>
<SOAPEnvNSPrefix>soapenv</SOAPEnvNSPrefix>
<SOAPEnvNSURI>http://schemas.xmlsoap.org/soap/envelope/</SOAPEnvNSURI>
<messageMode>1</messageMode>
<query_type>SELECT</query_type>
<result_name>result</result_name>
<pool>mysqlPool</pool>
<row_name>row</row_name>
<sql>SELECT * FROM MBX_MAILBOX</sql>
<serviceMode>1</serviceMode>
<typeName>LightweightJDBCAdapterQuery</typeName>
<PrimaryDocument SCIObjectID="blrgislin13:10.11.23.37:114bb0fb841:19200"/>
<ADD_SOAP_ENVELOPING>false</ADD_SOAP_ENVELOPING>
<INSERT_SECURITY_HEADER>false</INSERT_SECURITY_HEADER>
</ProcessData>
</mesa rocessData>
</soapenv:Body>
</soapenv:Envelope>

sorry for this long mail, but we are really stuck and need to move forward,
looking for your help.
 
gaurav abbi
Ranch Hand
Posts: 108
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
if anybody can help or comment on this.
 
Nathan Hook
Ranch Hand
Posts: 81
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know what the problem is, but I think your URI is not quite right.

Do a search through your post with the value "#id-13753285" and you will see in your WSDL that #-id-13753285 is in a URI. My guess is these value is not correct.

Best of Luck.
 
gaurav abbi
Ranch Hand
Posts: 108
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi nathan,
i don't think thats the problem,
actuaaly i did some debugging on the response and what i found was a hash mismatch for the value sent and the one created using the algo after getting the response. i just want to make it sure if this feature works with axis 1.x(its able to handle signed response) or the other reason can be that the SOAP response is getting modified after web service generates the signature based hash.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic