subject:"RE\: Signature verification fails when used with Encryption"

RE: Signature verification fails when used with Encryption

2006-11-13 Thread Sriram Vaidyanathan

67rUPf8+U3nB9Muy5ZyIijxxbQRItMcSengxXi6lHYEJI8gZcYCBVTe6TwhqKn19cGAtkh3kUCZNrT94D9P6Bw/s+2rgZr5/V921DfwDttDyIb3QIDAQABo4IBIDCCARwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPIbmLUmPfZsEXiSHfeD0R9RaFjNMIHBBgNVHSMEgbkwgbaAFG/XrNLKNVaMoEImPQLiQ8T/r0GloYGapIGXMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUZhaXJmaWVsZDETMBEGA1UEChMKQ29wYXJ0LEluYzEMMAoGA1UECxMDTUlTMRIwEAYDVQQDEwlDb3BhcnQgSVQxLTArBgkqhkiG9w0BCQEWHndlYnNlcnZpY2VzamF2YXRlYW1AY29wYXJ0LmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQBOS9DSGKRG569OVH+JkNdId7jAN2hkbjkzE1AFzyjA4nmtEqnPBYSpuhQLP6FFIHJywFyqxUghZfEOacJb8nMfLUg2zTdybPj8Xt8VUKmJxXwtHbvmqozOF4h1SXcW9IWbzuyVNvkoAJW3mvG6B/YZfmq+PgGovBx8XGibOVhGFw==
  http://www.w3.org/2000/09/xmldsig#";>

  http://www.w3.org/2001/10/xml-exc-c14n#"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; />
  http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
  

  http://www.w3.org/2001/10/xml-exc-c14n#"; />

http://www.w3.org/2000/09/xmldsig#sha1"; />
RpVtpAceBaYCQO4Nh4ThcWLsq0w=
  


AkoT+jWp8IDK6gUzb20GjpOhUlLt3I0N3kXiq6USbMTygBWa3wNIPFtg36zMtgA39EiANdLkITDvO5fHDfWBWo9DugW9qPDL+vIrgbo99H8AmUJz1lvePYNJgah4DPiOMvLOoy+wXcPKNq+lKxDAl9fYO67aXZtg1nSsFU+whIQ=

  
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
 />
  

  
  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
 
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
 
wsu:Id="SecurityToken-9fe438d4-9af3-415e-a45a-acca9894bd29">MIIDgTCCAuqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlGYWlyZmllbGQxEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzESMBAGA1UEAxMJQ29wYXJ0IElUMS0wKwYJKoZIhvcNAQkBFh53ZWJzZXJ2aWNlc2phdmF0ZWFtQGNvcGFydC5jb20wHhcNMDYwOTI5MTU1MzQ2WhcNMDcwOTI5MTU1MzQ2WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzEVMBMGA1UEAxMMQVBTIFByb2R1Y2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgoCNz31aHmXscbh3NACbtIbXmipQ4rF1s4X1fgMe4eSOlpuqa2L0P9IdfJQ7NzhDNqLpfUMlyDf0WFNplxKLTk4URWC1IaW3eOKIeJr5E8hJM5UlEqjkxstdMC5Mye/asfi5x+dV0oSLwBO5NLmz4kIJmsSo7w60gVusA5lIBeQIDAQABo4IBIDCCARwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOvkxv6oyMF4GOjwtLgfTxFfgxHxMIHBBgNVHSMEgbkwgbaAFG/XrNLKNVaMoEImPQLiQ8T/r0GloYGapIGXMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUZhaXJmaWVsZDETMBEGA1UEChMKQ29wYXJ0LEluYzEMMAoGA1UECxMDTUlTMRIwEAYDVQQDEwlDb3BhcnQgSVQxLTArBgkqhkiG9w0BCQEWHndlYnNlcnZpY2VzamF2YXRlYW1AY29wYXJ0LmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQCh3nAvrbniJsIVh5YTCdLyjp06ycnKw+tATqP4DYDV9mzikZ4NTROfWNOfeFUxj0Osp/GxVo0l63hcw+enqlYi26ClHTUn5U3209Z4ssa0neVlcMxyX3POY/Xy0a4W+/mqaIN+VK2bJkgukWB6bVgM4YnIkJduYHM4myuejJ0FoQ==
  http://www.w3.org/2001/04/xmlenc#";>
http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
http://www.w3.org/2000/09/xmldsig#";>
  
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
 />
  


  
yZxWJ0+XhlMWNl7hPZge0299Ysd+akgEbXl+hNQ75kkgWKn4p+U6S1CJAxPkWwHa9eAoKg5P8ObiVOKdMe6djK5JmlWXnEmI5K9Uh607wHXOGzagxMBbI5k9SPVZ8ZxqEyZniB63ExxFuPYd7WA1V1XRI6L6cZ05Q9DJDh4pikE=


  

  

  
  
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
      http://www.w3.org/2001/04/xmlenc#Content"; 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />

  
2BPpey3b0xyHs+7gaO3w6d4cgYQwjdPQn1fq8/AkEPU=

  

  




-Original Message-
From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Sent: Friday, November 10, 2006 4:48 AM
To: axis-user@ws.apache.org
Subject: Re: Signature verification fails when used with Encryption

Hi,

Looking at the msg you sent ... the signature seems to be referring to
the cert using the subject key identifier. In this case you MUST have
the service's cert in the client's keystore and your
signaturePropertyFile has to point to that.

Also since there are two timestamp headers ... your action items will
have to be as :

Timestamp Signature Encrypt Timestamp

to be able to successfully process the message.

Thanks,
Ruchith

On 11/10/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hello,
>
>   I am using a Web service-testing tool, which is based on .NET to talk
> to a Web service in Axis2
>
>
>
> The web service implements WS-Security using Rampart.
>
>
>
> When I set the service

Re: Signature verification fails when used with Encryption

2006-11-10 Thread Ruchith Fernando


Hi,

Looking at the msg you sent ... the signature seems to be referring to
the cert using the subject key identifier. In this case you MUST have
the service's cert in the client's keystore and your
signaturePropertyFile has to point to that.

Also since there are two timestamp headers ... your action items will
have to be as :

Timestamp Signature Encrypt Timestamp

to be able to successfully process the message.

Thanks,
Ruchith

On 11/10/06, Sriram Vaidyanathan <[EMAIL PROTECTED]> wrote:





Hello,

  I am using a Web service-testing tool, which is based on .NET to talk
to a Web service in Axis2



The web service implements WS-Security using Rampart.



When I set the service side actions to " Signature Timestamp" or
"Encrypt Timestamp" and have my .NET tool send a message with the
corresponding security actions, I get a successful response. No problems
there…



But when I set the service side actions to "Signature Encrypt Timestamp" and
then have the .NET tool to send a message with the same corresponding
actions, I get a " Signature verification failed" message.



rg.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed;
nested exception is:

  org.apache.ws.security.WSSecurityException: The
signature verification failed



Could it be possible that there is a bug in the .NET based testing tool
which when using Encryption along with Signature is messing up the signed
content.

Also I see that the tool is adding two Timestamp Headers. Could that be an
issue?



Below is the request message from the .NET based testing tool that fails.
Any help on this would be appreciated.



Thanks

Sriram





http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:tns="http://ws.test.com/test/";>

  

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>

  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>

2006-11-10T08:11:53Z

2006-11-10T08:16:53Z

  

  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-f98f02e3-53cb-4e03-9f80-4685fa96ff4f">MIIDgTCCAuqgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlGYWlyZmllbGQxEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzESMBAGA1UEAxMJQ29wYXJ0IElUMS0wKwYJKoZIhvcNAQkBFh53ZWJzZXJ2aWNlc2phdmF0ZWFtQGNvcGFydC5jb20wHhcNMDYwOTI5MTU1MzQ2WhcNMDcwOTI5MTU1MzQ2WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzEVMBMGA1UEAxMMQVBTIFByb2R1Y2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgoCNz31aHmXscbh3NACbtIbXmipQ4rF1s4X1fgMe4eSOlpuqa2L0P9IdfJQ7NzhDNqLpfUMlyDf0WFNplxKLTk4URWC1IaW3eOKIeJr5E8hJM5UlEqjkxstdMC5Mye/asfi5x+dV0oSLwBO5NLmz4kIJmsSo7w60gVusA5lIBeQIDAQABo4IBIDCCARwwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFOvkxv6oyMF4GOjwtLgfTxFfgxHxMIHBBgNVHSMEgbkwgbaAFG/XrNLKNVaMoEImPQLiQ8T/r0GloYGapIGXMIGUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQBgNVBAcTCUZhaXJmaWVsZDETMBEGA1UEChMKQ29wYXJ0LEluYzEMMAoGA1UECxMDTUlTMRIwEAYDVQQDEwlDb3BhcnQgSVQxLTArBgkqhkiG9w0BCQEWHndlYnNlcnZpY2VzamF2YXRlYW1AY29wYXJ0LmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQCh3nAvrbniJsIVh5YTCdLyjp06ycnKw+tATqP4DYDV9mzikZ4NTROfWNOfeFUxj0Osp/GxVo0l63hcw+enqlYi26ClHTUn5U3209Z4ssa0neVlcMxyX3POY/Xy0a4W+/mqaIN+VK2bJkgukWB6bVgM4YnIkJduYHM4myuejJ0FoQ==

  http://www.w3.org/2001/04/xmlenc#";>

http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />

http://www.w3.org/2000/09/xmldsig#";>

  

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
/>

  






X4olpsRrvcvOxlJCDNJjDhPvu5mK25zl18d/bcfmYA9pPxDo1WtyckMU4vf0ba/Gf53UDp2FjzY5gl54d3/jduPQ1gt8W/kEVwnL16zg/ucv1M0gaChxXwd/v3bO3Dqhrs0M2wojmbBTx0yJqvqkvkK+oCx/LB6O7OfZCRDPNuI=





  



  

  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>

2006-11-10T08:11:53Z

2006-11-10T08:16:53Z

  

  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="SecurityToken-17daaa18-6b8f-4744-9172-2c09a6a7ce57">MIIDgTCCAuqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlGYWlyZmllbGQxEzARBgNVBAoTCkNvcGFydCxJbmMxDDAKBgNVBAsTA01JUzESMBAGA1UEAxMJQ29wYXJ0IElUMS0wKwYJKoZIhvcNAQkBFh53ZWJzZXJ2aWNlc2phdmF0ZWFtQGNvcGFydC5jb20wHhcNMDYwOTI5MTU0ODU4WhcNMDcwOTI5MTU0ODU4WjBUMQ

RE: Signature verification fails when used with Encryption

Re: Signature verification fails when used with Encryption

2 matches

Site Navigation

Mail list logo

Footer information