The SoapUI and Axis client requests are attached.
SoapUI request failed verification at the same place in the
org.apache.ws.security.processor.SignatureProcessor at
XMLSignature.checkSignatureValue (line 466), and this is output to the
server log
org.apache.xml.security.signature.Reference verify Verification failed for
URI "#id-3"
org.apache.xml.security.signature.Reference verify Expected Digest:
jTbkUWscHA7rpefUut9fCYmecJw=
org.apache.xml.security.signature.Reference verify Actual Digest:
F8gqUHahC48plWm1u5ko6PvFzhs=
When I step into the method at line 466, the class
is com.ibm.security.x509.X509CertImpl, which makes sense because we're
running the web service on Websphere.
I don't know what packages SoapUI is using to sign the outgoing message.
Thanks for your reply.
Neill
On Thu, Dec 6, 2012 at 4:35 AM, Colm O hEigeartaigh <[email protected]>wrote:
>
> It's hard to tell without more details. For example, what is the
> difference between the failing SOAP-UI request, and the working Axis
> request?
>
> Colm.
>
>
> On Tue, Dec 4, 2012 at 7:18 PM, Neill Laney <[email protected]> wrote:
>
>> Hello, I'm having an interoperability issue with an Axis 1.4 web service,
>> WSS4J 1.5 and SoapUI 4.5.1
>>
>> The Axis client performs signature verification with a PKI keystore with
>> no issues, however when I establish a SoapUI request the signature
>> verification fails and returns error code WSSecurityException.FAILED_CHECK
>> in com.ibm.security.x509.X509CertImpl
>>
>> The client is unable to use axis because of conflicts with their own
>> classes.
>>
>> I've removed signature verification from the client request and server
>> configuration, but I need to add it back before the service can be
>> deployed. Does anyone have any idea how to resolve this?
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; soapenv:mustUnderstand="1"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#id-3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>AKa4kBl7/Frf0kufkSfnTw478CI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
jGsY7A722zXbRb8gXQO0VeIEfpjVs/7bhy1tUA6KqJuP5exdCPWUwEZ/4gFRq7mocShtvDOiaobQ
eVP7V+sFhuD6rtIJJTArK+/r7iLNavid7OaA9JkmkVdt8gz3N2URPeN/mEnPj2uw6N26jc6GpFH1
jcSXwBx4q/eM/HZWUrU=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-62329218A9CFCDACA213548202012202">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="STRId-62329218A9CFCDACA213548202012263"><ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Criminal Data Search Client,OU=AOC Message Signing,O=Key,L=Raleigh,ST=NC,C=US</ds:X509IssuerName>
<ds:X509SerialNumber>1329147122</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Timestamp-1"><wsu:Created>2012-12-06T18:56:41.146Z</wsu:Created><wsu:Expires>2012-12-06T19:01:41.146Z</wsu:Expires></wsu:Timestamp></wsse:Security><aoc-header:AocHeader xmlns:aoc-header="http://aoc-header"; soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next"; soapenv:mustUnderstand="0"><aoc-header:ClientId>sphRLcS/e+uIpulQBSFxSSpOIwsDwK3og5TWmbw+UQr+oVYBgLkQJriT7eUxcP0mtRv5ObSAD/N4Os22fRak7DnEJClbg2FJZGLW5iSNWOPA7xIpe21xlKSv2+FhAsYqmnMUbWN5SeJwIPsLEMyYd8/Sg7ZCwv3ZWGE7Gx2rISo=</aoc-header:ClientId><aoc-header:ClientPswd>XQ674mFH6w4Bd27hB0/TokBRmHpFdBGLditsYDl3tuTPtjwxS9/hdNmDPZhcvu5cNi7RECo5B4p2JovfWL/VqhnyZQACiA1G4st75+NagoHrnrrxzFipQU24kYGzAE724ralAJ+EeD/vQojjSR60W7YFkHdU1gXk00ePBE2uOQY=</aoc-header:ClientPswd><aoc-header:UserId>A2R/YSgNN63Gr7WriPVxlOQC7j26iA/F+2iZB5dlzzJF8uSyTH62MY3QOJnORNeqB2wVjoqgidDYhaYI6ZLmnt4r2nB4zBwujLwtYtpNtgUxdHqYkIGCffF/RD8A+A+wDEu0SonGHWgH9ueY7GFu/sqiRgRqzLkggEPs+4VuPLE=</aoc-header:UserId></aoc-header:AocHeader></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="id-3"><exch:WarrantSearchRequest xmlns:exch="http://www.nccourts.org/sws-exchange"; xmlns:ns="http://niem.gov/niem/niem-core/2.0"; xmlns:sws="http://www.nccourts.org/sws-extension";><sws:InquiryRequest><sws:SWSearchRequest><sws:DriverLicenseBase><ns:IdentificationID xsi:nil="true"></ns:IdentificationID><sws:LicenseStateAnsiD20Code xsi:nil="true"></sws:LicenseStateAnsiD20Code></sws:DriverLicenseBase><sws:SSN xsi:nil="true"></sws:SSN><sws:SearchLevel>2</sws:SearchLevel><ns:PersonBirthDate>1970-01-10-05:00</ns:PersonBirthDate><sws:ExactMatch>false</sws:ExactMatch><sws:SearchName><ns:PersonGivenName>John</ns:PersonGivenName><ns:PersonMiddleName xsi:nil="true"></ns:PersonMiddleName><ns:PersonSurName>Smith</ns:PersonSurName></sws:SearchName><ns:PersonRaceCode>B</ns:PersonRaceCode><ns:PersonSexCode>U</ns:PersonSexCode></sws:SWSearchRequest></sws:InquiryRequest></exch:WarrantSearchRequest></soapenv:Body></soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";><wsu:Timestamp wsu:Id="TS-4"><wsu:Created>2012-12-06T18:50:49.607Z</wsu:Created><wsu:Expires>2012-12-06T18:55:49.607Z</wsu:Expires></wsu:Timestamp><ds:Signature Id="SIG-3" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces PrefixList="soapenv xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id-3"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces PrefixList="xsd xsi" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>jTbkUWscHA7rpefUut9fCYmecJw=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Frgi1kUBQWUrYKEakaBXSn7ePNBLHzBz/UsaCnz42XZo6wNEsF1njkCpWG3YGy/1tX5PhULxR6Gf
OahHPRpR90I1ueHCo4chSPhlQxwq7SoO3Cj7PBYqttTJ0kyAiAxG8TyzRk5vdKB1dNWBNdWau3fL
zWztqD9DHo5dM9b6GUs=</ds:SignatureValue><ds:KeyInfo Id="KI-171F2693547946A7AC13548198495995"><wsse:SecurityTokenReference wsu:Id="STR-171F2693547946A7AC13548198495996"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIICczCCAdygAwIBAgIETzks8jANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkMxEDAOBgNVBAcTB1JhbGVpZ2gxDDAKBgNVBAoTA0tleTEcMBoGA1UECxMTQU9DIE1lc3NhZ2UgU2lnbmluZzEkMCIGA1UEAxMbQ3JpbWluYWwgRGF0YSBTZWFyY2ggQ2xpZW50MB4XDTEyMDIxMzE1MzIwMloXDTM5MDYzMDE1MzIwMlowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdoMQwwCgYDVQQKEwNLZXkxHDAaBgNVBAsTE0FPQyBNZXNzYWdlIFNpZ25pbmcxJDAiBgNVBAMTG0NyaW1pbmFsIERhdGEgU2VhcmNoIENsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAknF8zd/Nule7yLXtNcDcV7Tuqxrp4XkLmd3YwRvEOVkPBWFKFxEG8Vy5NsKOGj6IxwTSxdrTTaG8EucUlXUaemNQ+2Maw6Z7oilfPtNGO3V/KxoA8yAP3LHJDtfUzlKcMSftV87+gQ1ENCY8kKcTDSlw03gMIiIPwXeGW48x7U0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAvjEvHgjvmssjc25vIx7C3AoLpEfuKTU0AD0zs/LaTQdVxJkA8G6W2VQCTnO/qmIkmRzDqsSuYgJeC228ILwJlbzI6GWQAoVEcEaDJBfaXTuk37VvJpJk7CxuR8l4m2wylqG80c8GUIlYoKKWtQIMrfAt4XTNuKl1F4b3XO2D0mw==</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security>
<aoc-header:AocHeader soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next"; soapenv:mustUnderstand="0" xmlns:aoc-header="http://aoc-header";>
<aoc-header:ClientId>Sy2AUBfvKUV29E53/EBvihLBvoRqsXP1mWjbcrD/6mcg7kxii4Hz0mtvBfeQiyGQ6w84z6vhoxZBW6GyU6VhFb51fJwbPm0WrVKK5eoHRYH1YfhngV53GkBBRBt+CxPueusMjajZhSg3Lw9r+pLsGFeOHbaRFUJpU2P+fs7tv/Q=</aoc-header:ClientId>
<aoc-header:ClientPswd>ibGgZMvbc057v9N75P8FT2ByatXT4UU4SY8iF9RehDjWB0SuSMiOuaWGjRJXa/sLeb/yk/RT362B0r8UODt0kyktsDJ29quPDKYh+58J663ERdLl1OfLA/MaK8HcsFVgMXquJ/NCqDuCsNqbF3uxgWbGSuR1tYbeTMk3gmbjrKY=</aoc-header:ClientPswd>
<aoc-header:UserId>ZAAbQjbM1Ud/qEVrfaU+cp3Fv4xWmZXO8PzqvRhEyU7dGGqqTsAJsZLdqygfcihyzkkzC4IMrCg1/i/VIQZNwi+39uRYbOrFznDVtrzqmzMr6nOWxoxq7f0/TBVTeeW4hLVS9DdA4ni17AzyFUg2oB8LX7JoBrIVLwlEAqezCw4=</aoc-header:UserId>
</aoc-header:AocHeader>
</soapenv:Header>
<soapenv:Body wsu:Id="id-3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<exch:WarrantSearchRequest xmlns:exch="http://www.nccourts.org/sws-exchange"; xmlns:ns="http://niem.gov/niem/niem-core/2.0"; xmlns:sws="http://www.nccourts.org/sws-extension";>
<sws:InquiryRequest>
<sws:SWSearchRequest>
<sws:DriverLicenseBase>
<ns:IdentificationID xsi:nil="true"/>
<sws:LicenseStateAnsiD20Code xsi:nil="true"/>
</sws:DriverLicenseBase>
<sws:SSN xsi:nil="true"/>
<sws:SearchLevel>2</sws:SearchLevel>
<ns:PersonBirthDate>1970-01-10-05:00</ns:PersonBirthDate>
<sws:ExactMatch>false</sws:ExactMatch>
<sws:SearchName>
<ns:PersonGivenName>John</ns:PersonGivenName>
<ns:PersonMiddleName xsi:nil="true"/>
<ns:PersonSurName>Smith</ns:PersonSurName>
</sws:SearchName>
<ns:PersonRaceCode>B</ns:PersonRaceCode>
<ns:PersonSexCode>U</ns:PersonSexCode>
</sws:SWSearchRequest>
</sws:InquiryRequest>
</exch:WarrantSearchRequest>
</soapenv:Body>
</soapenv:Envelope>
