Axis2/Rampart Signature Validation

Sun, 14 Dec 2008 16:08:22 -0800 

Hi all,

I've got the following Signature of a SOAP-Header built with Rampart:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="Signature-30721078">
        <ds:SignedInfo>
                <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
                <ds:Reference URI="#Id-6935595">
                        <ds:Transforms>
                                <ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        
<ds:DigestValue>zo9esKQnicy3e5eQidwJBZs1c4E=</ds:DigestValue>
                </ds:Reference>
                <ds:Reference URI="#Timestamp-13983828">
                        <ds:Transforms>
                                <ds:Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        
<ds:DigestValue>jGS8NoS39F6SNr9YWjSmXmeOYAA=</ds:DigestValue>
                </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>tRIOHs2UgyJLwTj2hRh4QOeoc1I=</ds:SignatureValue>
        <ds:KeyInfo Id="KeyId-27120092">
                <wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-3996874">
                        <wsse:Reference
URI="#EncKeyId-urn:uuid:EC1EA7F6B5126BB58312292966622658"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey"/>
                </wsse:SecurityTokenReference>
        </ds:KeyInfo>
</ds:Signature>

But when when the SignatureProcessor tries to verify it, I get the
following stack trace:
org.apache.axis2.AxisFault: The signature or decryption was invalid
        at 
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166)
        at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
        at 
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
        at 
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
        at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.ws.security.WSSecurityException: The signature
or decryption was invalid
        at 
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:419)
        at 
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:181)
        at org.apache.rampart.RampartEngine.process(RampartEngine.java:138)
        at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
        ... 21 more

Does anyone have an idea?

If not: How can i disable the verification of the signature with Rampart?

Thank,
Thorsten

-- 
Thorsten Deelmann

Reply via email to