Who did the "pretty printing" of the request? Who inserted the blanks, tabs, newlines? When did that happen, before or after signing?
Regards, Werner Stefan Schmidt wrote: > Hi, > > I am having problems with signatures. > > I have an Axis client with the following settings: > > <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > > <parameter name="action" value="Signature"/> <parameter > name="passwordCallbackClass" value="client.PWCallbackHandler"/> > <parameter name="user" value="alice"/> <parameter > name="signaturePropFile" value="wsstest.properties" /> > <parameter name="signatureKeyIdentifier" value="DirectReference" /> > </handler> > > And a JAX-RPC server with the following settings: > > <handler> > <handler-name>Inbound Security Handler</handler-name> > > <handler-class>org.apache.ws.security.handler.WSS4JHandler</handler-class> > <init-param> > <param-name>deployment</param-name> > <param-value>server</param-value> > </init-param> > <init-param> > <param-name>action</param-name> > <param-value>Signature</param-value> > </init-param> > <init-param> > <param-name>signaturePropFile</param-name> > <param-value>wsstest.properties</param-value> > </init-param> <init-param> > <param-name>passwordCallbackClass</param-name> > <param-value>server.PWCallbackHandler</param-value> > </init-param> > <init-param> > <param-name>flow</param-name> > <param-value>request-only</param-value> > </init-param> > <init-param> > <param-name>signatureKeyIdentifier</param-name> > <param-value>DirectReference</param-value> > </init-param> > </handler> > > When invoking the client I can see the message properly signed: > > <?xml version="1.0" encoding="UTF-8"?> > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <soapenv:Header> > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > soapenv:mustUnderstand="1"> > <wsse:BinarySecurityToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > wsu:Id="CertId-1776694">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35Yb pikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod> > > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> > > <ds:Reference URI="#id-22221245"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>G6pEtO0bnmBWJ74hyfK3gl8Kmm0=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>DhWSEzmZb0bgdfSQIPPg+EMLaYU9tWc3yJU0SJ6iJUZc9tefaIp1Ez4xW+OKrXdHDyQnhL2ZNRTUhqoK+ZK0625QEWwbg5lZkFK0ePrlWCHb0G1A0dXFYezu4vMgsEtIQtRMGbhedklFRzHZs2A/fz3m/vo8TsGA3SReRnjbbFA=</ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-5670411"> > <wsse:SecurityTokenReference > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="STRId-16988783"> > <wsse:Reference URI="#CertId-1776694" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";></wsse:Reference> > > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > </soapenv:Header> > <soapenv:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-22221245"> > <getString xmlns="http://stsmedia.wss4j.test";> > <String_1 xmlns="">SayHello</String_1> > </getString> > </soapenv:Body> > </soapenv:Envelope><?xml version="1.0" encoding="UTF-8"?> > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <soapenv:Header> > <wsse:Security > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; > soapenv:mustUnderstand="1"> > <wsse:BinarySecurityToken > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; > wsu:Id="CertId-1776694">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35Yb pikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</wsse:BinarySecurityToken> > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:CanonicalizationMethod> > > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> > > <ds:Reference URI="#id-22221245"> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > > <ds:DigestValue>G6pEtO0bnmBWJ74hyfK3gl8Kmm0=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>DhWSEzmZb0bgdfSQIPPg+EMLaYU9tWc3yJU0SJ6iJUZc9tefaIp1Ez4xW+OKrXdHDyQnhL2ZNRTUhqoK+ZK0625QEWwbg5lZkFK0ePrlWCHb0G1A0dXFYezu4vMgsEtIQtRMGbhedklFRzHZs2A/fz3m/vo8TsGA3SReRnjbbFA=</ds:SignatureValue> > > <ds:KeyInfo Id="KeyId-5670411"> > <wsse:SecurityTokenReference > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="STRId-16988783"> > <wsse:Reference URI="#CertId-1776694" > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";></wsse:Reference> > > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > </soapenv:Header> > <soapenv:Body > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > wsu:Id="id-22221245"> > <getString xmlns="http://stsmedia.wss4j.test";> > <String_1 xmlns="">SayHello</String_1> > </getString> > </soapenv:Body> > </soapenv:Envelope> > > However I am getting the following error at the server side: > > 08:24:58,371 WARN [Reference] Verification failed for URI "#id-22221245" > org.apache.ws.security.WSSecurityException: The signature verification > failed > at > org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity > Engine.java:644) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur > ityEngine.java:334) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur > ityEngine.java:259) > at > org.apache.ws.security.handler.WSS4JHandler.doReceiver(WSS4JHandler.j > ava:498) > at > org.apache.ws.security.handler.WSS4JHandler.processMessage(WSS4JHandl > er.java:198) > at > org.apache.ws.security.handler.WSS4JHandler.handleRequest(WSS4JHandle > r.java:158) > at > org.apache.axis.handlers.HandlerChainImpl.handleRequest(HandlerChainI > mpl.java:143) > at > org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:442 > ) > > Ultimately, I would like to get the following action running: > 'UsernameToken Signature Encrypt'. Could somebody please provide the > server and client side settings for that? > > Regards, Stefan Schmidt > > Ps. I have also attached the axis.log > > > ------------------------------------------------------------------------ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
