What configuration are you using to generate the request? Try setting the following configuration property "isBSPCompliant" to "false" to see if it works - this will disable the InclusiveNamespaces stuff in CXF 2.4.7, in case this is causing the problem.
Do you have access to more detailed logging on the WCF side to see what exactly is going wrong? Colm. On Tue, May 15, 2012 at 2:16 PM, Peti Koch <petik...@gmail.com> wrote: > Hi all, > > We are using a generated Apache CXF client 2.2.6 with WSS4J 1.5.8 to send > encrypted and signed payload to a web service. > > The old request looks like this: > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header> > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > soap:mustUnderstand="1"> > <wsse:BinarySecurityToken > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > " > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > " > > wsu:Id="CertId-CF8CF283F652CEF28413370846975151">MIICrDCCAhUCAQEwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0emVybGFuZDENMAsGA1UEBxMEQmVybjEUMBIGA1UEChMLWWVsbG93d29ybGQxCzAJBgNVBAsTAmNhMRcwFQYDVQQDEw5ZZWxsb3d3b3JsZCBDQTEgMB4GCSqGSIb3DQEJARYRY2FAeWVsbG93d29ybGQuY2gwHhcNMDkxMjE1MTIzNjM2WhcNMTQxMjE5MTIzNjM2WjCBqzELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAkJFMQ0wCwYDVQQHEwRCZXJuMSAwHgYDVQQKExdTd2lzcyBQb3N0IFNvbHV0aW9ucyBBRzETMBEGA1UECxMKT3BlcmF0aW9uczEbMBkGA1UEAxQSTJR3ZW5mbGVzUGFybnRlckFHMSwwKgYJKoZIhvcNAQkBFh1pcGVjb3BlcmF0aW9uc0B5ZWxsb3d3b3JsZC5jaDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5A39bwcdfR5Oph98tM18RzSPtlciRhnuC0C0ytGHGDNkIalvz9QOZD3oIdtEIWt8SlxDm6v8uerQdL+T7dFTKHC5WScaFmREEvpGTiCWp+UnrZEBmMx4kqwBuiCx4lM3glHR68IUkq3O9UeT2g+RDd6Lc+7s+w99p5soPHUvo2cCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC/CA6l41uILhDs5lpgnpOMbjhlRF/s7y6rof7kynybatWd6U1pyP6IVVZLY3ShUP4HniODfiEM/G2krJy4ikRCpoWNqzrQyHv8nGc4jyak3T4K0MANaSgq9OOMrgf1Lqw8HorD4sz1zYVK/McPPjpJaYnZJVBCaUwic+KbLchz4g== > </wsse:BinarySecurityToken> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Id="Signature-3"> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; > /> > <ds:SignatureMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <ds:Reference URI="#id-4"> > <ds:Transforms> > <ds:Transform Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#"; /> > </ds:Transforms> > <ds:DigestMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <ds:DigestValue>fxZfi4oX3tBU97FEfLk0o2XMl3U=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > > SXhsH5MsJm3U8A+5SeCaE8z3qpAkE8PSGwgajg6PaWo6AZskvdZJXEiMdDIxz8U7+D1gGVDyh3L/ > > os6ZtVRHhPEUUcUSEUWlRAJhXuimL1VIGLBKnd+gV+cs5L8R3p5hdYFbVR77M1kEtqXe7vZTQ2FS > bUOLlZCEgyFDjHNd9wc= > </ds:SignatureValue> > <ds:KeyInfo Id="KeyId-CF8CF283F652CEF28413370846975202"> > <wsse:SecurityTokenReference > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="STRId-CF8CF283F652CEF28413370846975213"> > <wsse:Reference > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > URI="#CertId-CF8CF283F652CEF28413370846975151" > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > /> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > <wsu:Timestamp > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="Timestamp-2"> > <wsu:Created>2012-05-15T12:24:57.512Z</wsu:Created> > <wsu:Expires>2012-05-15T12:29:57.512Z</wsu:Expires> > </wsu:Timestamp> > <wsse:UsernameToken > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="UsernameToken-1"> > <wsse:Username>username</wsse:Username> > <wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">password</wsse:Password> > <wsse:Nonce > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > ">EKSdOe91H3KXx80xHwPSfA==</wsse:Nonce> > <wsu:Created>2012-05-15T12:24:57.511Z</wsu:Created> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="id-4"> > <UploadFiles xmlns="http://www.yellowworld.ch";> > <invoices> > <Invoice> > <FileType>XML</FileType> > > <TransactionID>36821497-dfe5-46f7-96c5-b329f9ce931b</TransactionID> > <Data>... > </Data> > </Invoice> > </invoices> > <BillerID>41100000000061250</BillerID> > </UploadFiles> > </soap:Body> > </soap:Envelope> > > The new request, using Apache CXF 2.4.7 and WSS4J 1.6.5 looks like this > > <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";> > <soap:Header> > <wsse:Security > xmlns:wsse=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > " > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > soap:mustUnderstand="1"> > <wsse:BinarySecurityToken > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > " > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 > " > > wsu:Id="X509-E53B87963B33CCFEBE13370833763031">MIICrDCCAhUCAQEwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAkNIMRQwEgYDVQQIEwtTd2l0emVybGFuZDENMAsGA1UEBxMEQmVybjEUMBIGA1UEChMLWWVsbG93d29ybGQxCzAJBgNVBAsTAmNhMRcwFQYDVQQDEw5ZZWxsb3d3b3JsZCBDQTEgMB4GCSqGSIb3DQEJARYRY2FAeWVsbG93d29ybGQuY2gwHhcNMDkxMjE1MTIzNjM2WhcNMTQxMjE5MTIzNjM2WjCBqzELMAkGA1UEBhMCQ0gxCzAJBgNVBAgTAkJFMQ0wCwYDVQQHEwRCZXJuMSAwHgYDVQQKExdTd2lzcyBQb3N0IFNvbHV0aW9ucyBBRzETMBEGA1UECxMKT3BlcmF0aW9uczEbMBkGA1UEAxQSTJR3ZW5mbGVzUGFybnRlckFHMSwwKgYJKoZIhvcNAQkBFh1pcGVjb3BlcmF0aW9uc0B5ZWxsb3d3b3JsZC5jaDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5A39bwcdfR5Oph98tM18RzSPtlciRhnuC0C0ytGHGDNkIalvz9QOZD3oIdtEIWt8SlxDm6v8uerQdL+T7dFTKHC5WScaFmREEvpGTiCWp+UnrZEBmMx4kqwBuiCx4lM3glHR68IUkq3O9UeT2g+RDd6Lc+7s+w99p5soPHUvo2cCAwEAATANBgkqhkiG9w0BAQUFAAOBgQC/CA6l41uILhDs5lpgnpOMbjhlRF/s7y6rof7kynybatWd6U1pyP6IVVZLY3ShUP4HniODfiEM/G2krJy4ikRCpoWNqzrQyHv8nGc4jyak3T4K0MANaSgq9OOMrgf1Lqw8HorD4sz1zYVK/McPPjpJaYnZJVBCaUwic+KbLchz4g== > </wsse:BinarySecurityToken> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Id="SIG-4"> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces xmlns:ec=" > http://www.w3.org/2001/10/xml-exc-c14n#"; > PrefixList="soap" /> > </ds:CanonicalizationMethod> > <ds:SignatureMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <ds:Reference URI="#id-3"> > <ds:Transforms> > <ds:Transform Algorithm=" > http://www.w3.org/2001/10/xml-exc-c14n#";> > <ec:InclusiveNamespaces > xmlns:ec=" > http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="" /> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <ds:DigestValue>cXfpCofTCBpD+RJQTFFHGbsu7B8=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>tX06ZLOU89n8hhyjkfUryQPhFXRC15QM+Dw18vIUsZnZKrpfii4TZFwTR+WW6+5yCaSAIMPDKiXEW+oOZ38Pfnalk4Fo4uWfwKq79mcEmfZ9rWrxA/kJP+Tv0C0/97LE0+Fofu7iEgsuNSGxJpNBWKAAy8OXRapUV9dgkXu6xkg= > </ds:SignatureValue> > <ds:KeyInfo Id="KI-E53B87963B33CCFEBE13370833763072"> > <wsse:SecurityTokenReference > wsu:Id="STR-E53B87963B33CCFEBE13370833763093"> > <wsse:Reference > URI="#X509-E53B87963B33CCFEBE13370833763031" > ValueType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > /> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > <wsu:Timestamp wsu:Id="TS-2"> > <wsu:Created>2012-05-15T12:02:55.000Z</wsu:Created> > <wsu:Expires>2012-05-15T12:07:55.000Z</wsu:Expires> > </wsu:Timestamp> > <wsse:UsernameToken wsu:Id="UsernameToken-1"> > <wsse:Username>username</wsse:Username> > <wsse:Password > Type=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText > ">password</wsse:Password> > <wsse:Nonce > EncodingType=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary > ">JaL7icBKeyXAl2SIWMx9XA==</wsse:Nonce> > <wsu:Created>2012-05-15T12:02:54.998Z</wsu:Created> > </wsse:UsernameToken> > </wsse:Security> > </soap:Header> > <soap:Body > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="id-3"> > <UploadFiles xmlns="http://www.yellowworld.ch";> > <invoices> > <Invoice> > <FileType>XML</FileType> > > <TransactionID>43526ee2-5137-4518-83df-c1d878548e5a</TransactionID> > <Data>... > </Data> > </Invoice> > </invoices> > <BillerID>41100000000061250</BillerID> > </UploadFiles> > </soap:Body> > </soap:Envelope> > > With the new request I get "The signature or decryption was invalid" from > the server: > > 14:50:40.787 main [] ERROR > c.l.p.webservice.PostfinanceAdapter#handleError:228-> Exception caught > during call to postfinance webservice: > javax.xml.ws.soap.SOAPFaultException: > Microsoft.Web.Services2.Security.SecurityFault: The signature or decryption > was invalid > at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) > at > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope > envelope) > at > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage > message) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156) > at $Proxy33.uploadFiles(Unknown Source) > at > ch.loewenfels.postfinance.webservice.PostfinanceAdapter.uploadRechnung(PostfinanceAdapter.java:69) > at > ch.loewenfels.postfinance.webservice.YellowNetRealTest.upload(YellowNetRealTest.java:42) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44) > at > org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15) > at > org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41) > at > org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20) > at > org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) > at > org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71) > at > org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49) > at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) > at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) > at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) > at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) > at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) > at org.junit.runners.ParentRunner.run(ParentRunner.java:236) > at > org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) > at > org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) > at > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) > at > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) > at > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) > at > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) > Caused by: org.apache.cxf.binding.soap.SoapFault: > Microsoft.Web.Services2.Security.SecurityFault: The signature or decryption > was invalid > at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) > at > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope > envelope) > at > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage > message) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46) > at > org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > at > org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:111) > at > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) > at > org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:795) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1634) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1501) > at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1409) > at > org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:47) > at > org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:194) > at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) > at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:649) > at > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:461) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:364) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:317) > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) > at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) > ... 27 common frames omitted > > > We are using Sun JDK 6 / Sun JDK 7 with strong JCE on Linux. > > Any help appreciated VERY much! > > Best regards, > Peti -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
