aspose file tools*
The moose likes Web Services and the fly likes error while recieving a signed response Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "error while recieving a signed response" Watch "error while recieving a signed response" New topic
Author

error while recieving a signed response

gaurav abbi
Ranch Hand

Joined: Jan 05, 2007
Posts: 108
i'm using axis as a web service engine on my client side and getting a signed response from a web service.

But while recieving the response im gettng the following error.

Verification failed for URI "#id-13753285"
org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)
failed becoz of remote exception: org.apache.ws.security.WSSecurityException: The signature verification failed
Exception in thread "main" org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)

below are my hadler configurations and properties file



properties file
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=signverf
org.apache.ws.security.crypto.merlin.alias.password=password
org.apache.ws.security.crypto.merlin.file=certs/signverf/signverf_pubkeystore

commands i used to generate keystore:
keytool -import -alias signverf -file privCert4Sign.cer -keystore signverf_pubkeystore -storepass password

keytool -list -alias signverf -keystore signverf_pubkeystore


i tried goggling for this error,in one thread i got this is because of some issue in axis 1.4 which i'm using and if i try using axis 1.2, this will not come,
for the time i'm not able to download axis 1.2 from any of the apache mirrors ,
if some one can provide me the link,it will be really helpful.
also if anyone as faced similar issue or can see whats going wrong here, please reply.

also below is my soap response capture using tcpmon
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature Id="Signature-18290758" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="#id-13753285" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds igestValue xmlns s="http://www.w3.org/2000/09/xmldsig#">jAaM4xp/2ZOch7iqyyLynojMpV0=</ds igestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns s="http://www.w3.org/2000/09/xmldsig#">
JiOjIFgJ2qMvzJsirbjgV7AeDWfsS0Ak3xzue1nK+LXELM3tZ/h/eFyxCLZfLk+553vJbmnlU423
8NgjgngYcYa+bB6yTovZJKB66LdQEHLpmTX4WNteLrcVOBfHyZcJCKemF2XyaF4yX03XGAIdNnFV
1d8wZQcBgakPIrjJGAZtwo94bYBlL/MJedBP819Ecf/N6hEmafFxHD46Xapi+HdcDjQmCqxaol/I
bQuM3ikJJ2v+46bQNKEWavdG7lIicjUsvH3xpyzZthj26nAHV6nAOEe8tybKhKLga6KDM+3eAJNq
3s52yZTz68n7z5AijdmhMkc7ivCxELBx5TQYsw==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-20631690" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsu:Id="STRId-5317380" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDLDCCAhSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwTzEWMBQGA1UEAwwNcHJpdkNlcnQ0U2lnbjEMMAoGA1UECgwDYWJzMQswCQYDVQQGEwJVUzEaMBgGCSqGSIb3DQEJARYLeHl6QGFiYy5jb20wHhcNMDcwOTA0MDQzNzMxWhcNMDgwMzAyMDQzNzMxWjBPMRYwFAYDVQQDDA1wcml2Q2VydDRTaWduMQwwCgYDVQQKDANhYnMxCzAJBgNVBAYTAlVTMRowGAYJKoZIhvcNAQkBFgt4eXpAYWJjLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSG2UR8nMAxctBlR5YSnEVeuHNFMM7t8YQX6J8GRausKPXyDT4pIfP HRaeag62K4cUhBDYBLyUmZqYTZBHpKISgYkYsXqYHoB4gif664rZvpMKw+cTpD/3WzViOeHHWfQM5/XUatLBPXzRUB78PcM9RnCEeznKUEPoWxTfl2qsR0d4CxOVzH9dHn6JCEaQQWzntH61YCw4Qm6Kq78+sLfnv7CBrg/NYewFX9JozZk7UzlmPZWCm7pp2d4UDn1KB7nLnLFxD6aMgjAikWKAU4h15ihJxu6Appc+ggAdAV/jQiaIeAtokfe2Iw1bUh8SOOR8iUa9lK0Jf6C/N9ZTnxCcCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQCKfRu1cXkwwnNZ+0brwT4iI1q/Ti/OVMWpP15Ob7bDE5rUjwpNUJXXlqKdOh7pkk1gLTiebQrMkd0ozpbi/Xdmea1xf9diCc4IApg6K9G4KACR2sLeXcKy7d4hakYqMLeaPJwBcd3V6DGiJgfP2S8Ui8r QzDpslTBM1+YaBdUVIv1/VCFO/K5I4lkPkjGDp/qDm4lXn3Mup9HG9INgklA02hPnYHWunVZm/5MZpEn4BYks+B3VqCXSAkRVD9aAuM3Tv4atblHDs3oKTV1awoVQbKkw+Eonnc/+Mex8A5sJ/8eUnQ3UPdT77U0+WcrvwFxoFP2e0J8xHW8N8b2fIr8H</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body wsu:Id="id-13753285" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<mesa rocessData xmlns:mesa="http://www.sterlingcommerce.com/mesa" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ProcessData>
<service>Test_Web2</service>
<b2b-protocol>http</b2b-protocol>
<transport-instance-id>MESAHttpServerAdapter_HttpServerAdapter_node1</transport-instance-id>
<SyncModeBP>false</SyncModeBP>
<http-request-uri>/soap-new</http-request-uri>
<transport-session-id>Fri Aug 31 14:04:57 IST 2007:110</transport-session-id>
<incomingSOAPTransportMode>http</incomingSOAPTransportMode>
<VERIFICATION_KEY/>
<DECRYPTION_KEY/>
<SECURITY_TOKEN_NAME>ST1</SECURITY_TOKEN_NAME>
<SIGNING_CERTIFICATE>blrgislin13:10.11.23.37:114bb0fb841:12328</SIGNING_CERTIFICATE>
<SIGNING_ALGO>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SIGNING_ALGO>
<SIGNING_KEY_IDENTIFIER_TYPE>3</SIGNING_KEY_IDENTIFIER_TYPE>
<CANONICALIZATION_ALGO>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</CANONICALIZATION_ALGO>
<SIGNATURE_ENCRYPTION_ORDER>-1</SIGNATURE_ENCRYPTION_ORDER>
<SOAP_URI>/soap-new</SOAP_URI>
<SOAPEnvNSPrefix>soapenv</SOAPEnvNSPrefix>
<SOAPEnvNSURI>http://schemas.xmlsoap.org/soap/envelope/</SOAPEnvNSURI>
<messageMode>1</messageMode>
<query_type>SELECT</query_type>
<result_name>result</result_name>
<pool>mysqlPool</pool>
<row_name>row</row_name>
<sql>SELECT * FROM MBX_MAILBOX</sql>
<serviceMode>1</serviceMode>
<typeName>LightweightJDBCAdapterQuery</typeName>
<PrimaryDocument SCIObjectID="blrgislin13:10.11.23.37:114bb0fb841:19200"/>
<ADD_SOAP_ENVELOPING>false</ADD_SOAP_ENVELOPING>
<INSERT_SECURITY_HEADER>false</INSERT_SECURITY_HEADER>
</ProcessData>
</mesa rocessData>
</soapenv:Body>
</soapenv:Envelope>

sorry for this long mail, but we are really stuck and need to move forward,
looking for your help.


thanks,<br />gaurav abbi
gaurav abbi
Ranch Hand

Joined: Jan 05, 2007
Posts: 108
hi,
if anybody can help or comment on this.
Nathan Hook
Ranch Hand

Joined: Jan 10, 2005
Posts: 81
I don't know what the problem is, but I think your URI is not quite right.

Do a search through your post with the value "#id-13753285" and you will see in your WSDL that #-id-13753285 is in a URI. My guess is these value is not correct.

Best of Luck.
gaurav abbi
Ranch Hand

Joined: Jan 05, 2007
Posts: 108
hi nathan,
i don't think thats the problem,
actuaaly i did some debugging on the response and what i found was a hash mismatch for the value sent and the one created using the algo after getting the response. i just want to make it sure if this feature works with axis 1.x(its able to handle signed response) or the other reason can be that the SOAP response is getting modified after web service generates the signature based hash.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: error while recieving a signed response