[
https://issues.apache.org/jira/browse/RAMPART-309?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
B. Nossing updated RAMPART-309:
-------------------------------
Description:
Calling a signed webservice which results in a SOAP fault being returned,
results in a "org.apache.axis2.AxisFault: The signature or decryption was
invalid" due to the "Pre-digested input" being different from the actual
incoming message. (See attached logs)
Specifically the following log content seems to be of interest:
Incoming message body:
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-1661970439">
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring
xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>axis2ns13:FilingFault</faultstring>
<detail>
<axis2ns1:Receive__requestFilingFault
xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>
<ErrorMessage:foutOmschrijving
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>Uw gegevens
komen niet voor in het register van de Certificate Service Provider (CSP). Uw
identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de
infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
<ErrorMessage:foutCode
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>AUS210</ErrorMessage:foutCode>
<ErrorMessage:PI_Kenmerk
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
</axis2ns1:Receive__requestFilingFault>
</detail>
</soapenv:Fault>
</soapenv:Body>
Digested input during signature verification:
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-1661970439">
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>axis2ns13:FilingFault</faultstring>
<detail>
<axis2ns1:Receive__requestFilingFault
xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>
<ErrorMessage:foutOmschrijving
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>Uw gegevens
komen niet voor in het register van de Certificate Service Provider (CSP). Uw
identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de
infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
<ErrorMessage:foutCode
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>AUS210</ErrorMessage:foutCode>
<ErrorMessage:PI_Kenmerk
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
</axis2ns1:Receive__requestFilingFault>
</detail>
</soapenv:Fault>
</soapenv:Body>
This bug ONLY applies to the case where a SOAP fault is returned, regular
operation (not resulting in SOAP fault) is working as intended.
It seems that the DOOM conversion is adding a
"xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/""; attribute to the
"soapenv:Body" element.
It is also stripping the
"xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process"";
attribute from the "faultstring" element.
was:
Calling a signed webservice results in a "org.apache.axis2.AxisFault: The
signature or decryption was invalid" due to the "Pre-digested input" being
different from the actual incoming message. (See attached logs)
Specifically the following log content seems to be of interest:
Incoming message body:
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-1661970439">
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring
xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>axis2ns13:FilingFault</faultstring>
<detail>
<axis2ns1:Receive__requestFilingFault
xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>
<ErrorMessage:foutOmschrijving
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>Uw gegevens
komen niet voor in het register van de Certificate Service Provider (CSP). Uw
identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de
infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
<ErrorMessage:foutCode
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>AUS210</ErrorMessage:foutCode>
<ErrorMessage:PI_Kenmerk
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
</axis2ns1:Receive__requestFilingFault>
</detail>
</soapenv:Fault>
</soapenv:Body>
Digested input during signature verification:
<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-1661970439">
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>axis2ns13:FilingFault</faultstring>
<detail>
<axis2ns1:Receive__requestFilingFault
xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>
<ErrorMessage:foutOmschrijving
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>Uw gegevens
komen niet voor in het register van de Certificate Service Provider (CSP). Uw
identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de
infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
<ErrorMessage:foutCode
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>AUS210</ErrorMessage:foutCode>
<ErrorMessage:PI_Kenmerk
xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
</axis2ns1:Receive__requestFilingFault>
</detail>
</soapenv:Fault>
</soapenv:Body>
> Incorrect XML Passed to Digest Algorithm
> ----------------------------------------
>
> Key: RAMPART-309
> URL: https://issues.apache.org/jira/browse/RAMPART-309
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.5
> Environment: tomcat 6.0.24 / axis2 1.5.1 / rampart 1.5 (version 1.5
> of rampart is incorrectly flagged as unreleased? :
> http://ws.apache.org/rampart/index.html)
> Reporter: B. Nossing
> Assignee: Ruchith Udayanga Fernando
> Attachments: rampart_logs.txt
>
>
> Calling a signed webservice which results in a SOAP fault being returned,
> results in a "org.apache.axis2.AxisFault: The signature or decryption was
> invalid" due to the "Pre-digested input" being different from the actual
> incoming message. (See attached logs)
> Specifically the following log content seems to be of interest:
> Incoming message body:
> <soapenv:Body
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Id-1661970439">
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring
> xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>axis2ns13:FilingFault</faultstring>
> <detail>
> <axis2ns1:Receive__requestFilingFault
> xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>
> <ErrorMessage:foutOmschrijving
> xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>Uw gegevens
> komen niet voor in het register van de Certificate Service Provider (CSP). Uw
> identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de
> infrastructurele voorzieningen worden
> verwerkt.</ErrorMessage:foutOmschrijving>
> <ErrorMessage:foutCode
> xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>AUS210</ErrorMessage:foutCode>
> <ErrorMessage:PI_Kenmerk
> xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
> </axis2ns1:Receive__requestFilingFault>
> </detail>
> </soapenv:Fault>
> </soapenv:Body>
> Digested input during signature verification:
> <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> wsu:Id="Id-1661970439">
> <soapenv:Fault>
> <faultcode>soapenv:Server</faultcode>
> <faultstring>axis2ns13:FilingFault</faultstring>
> <detail>
> <axis2ns1:Receive__requestFilingFault
> xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process";>
> <ErrorMessage:foutOmschrijving
> xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>Uw gegevens
> komen niet voor in het register van de Certificate Service Provider (CSP). Uw
> identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de
> infrastructurele voorzieningen worden
> verwerkt.</ErrorMessage:foutOmschrijving>
> <ErrorMessage:foutCode
> xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>AUS210</ErrorMessage:foutCode>
> <ErrorMessage:PI_Kenmerk
> xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage";>BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
> </axis2ns1:Receive__requestFilingFault>
> </detail>
> </soapenv:Fault>
> </soapenv:Body>
> This bug ONLY applies to the case where a SOAP fault is returned, regular
> operation (not resulting in SOAP fault) is working as intended.
> It seems that the DOOM conversion is adding a
> "xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/""; attribute to the
> "soapenv:Body" element.
> It is also stripping the
> "xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process"";
> attribute from the "faultstring" element.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
