Jian, the request etc seems ok for me. Because it is a verification problem I guess it is a usual problem of some "pretty printing" after the request was signed.
If this is the real captured request then I'm pretty sure that some driver, some transport, etc modified the request after it got signed by WSS4J. Very often we see that drivers or XML serializers insert blanks, tabs, and newlines in the request before they put it on the wire. Can you crosscheck that? Regards, Werner > -----Ursprüngliche Nachricht----- > Von: Fang Jian [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 12. Oktober 2005 14:50 > An: Dittmann, Werner; [email protected] > Betreff: Re: AW: signature verification failed > > > Werner, > > At the server side, the configuration of the handler > is as follows, > > <?xml version="1.0" encoding="UTF-8"?> > <jws:handler-config > xmlns:jws="http://java.sun.com/xml/ns/javaee";> > <jws:handler-chain> > <jws:handler> > > <jws:handler-name>ChainHR</jws:handler-name> > > <jws:handler-class>com.jtv.core.ws.security.handler.WSS4JHandl > er</jws:handler-class> > <jws:init-param> > > <jws:param-name>deployment</jws:param-name> > > <jws:param-value>server</jws:param-value> > </jws:init-param> > <jws:init-param> > <jws:param-name>flow</jws:param-name> > > <jws:param-value>request-only</jws:param-value> > </jws:init-param> > <jws:init-param> > <jws:param-name>user</jws:param-name> > > <jws:param-value>alice</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>action</jws:param-name> > > <jws:param-value>Signature</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>signaturePropFile</jws:param-name> > > <jws:param-value>server.properties</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>signatureKeyIdentifier</jws:param-name> > > <jws:param-value>DirectReference</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>signatureParts</jws:param-name> > > <jws:param-value>{}{http://jtv.com}addNumbers</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>passwordCallbackClass</jws:param-name> > > <jws:param-value>com.jtv.core.ws.endpoint.example.handlerresul > t.PWCallback</jws:param-value> > </jws:init-param> > > <jws:soap-role>SecurityProvider</jws:soap-role> > </jws:handler> > </jws:handler-chain> > </jws:handler-config> > > while the configuration for the handler at the client > side is > > <?xml version="1.0" encoding="UTF-8" > standalone="yes"?> > > <bindings xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; > > wsdlLocation="http://localhost:8080/core-ws/handlerresult?wsdl"; > xmlns="http://java.sun.com/xml/ns/jaxws";> > <bindings node="wsdl:definitions"> > <package > name="com.jtv.core.ws.endpoint.example.handlerresult"/> > </bindings> > <bindings node="wsdl:definitions" > xmlns:jws="http://java.sun.com/xml/ns/javaee";> > <jws:handler-chains> > <jws:handler-chain> > <jws:handler> > > <jws:handler-name>ChainHRC</jws:handler-name> > > <jws:handler-class>com.jtv.core.ws.security.handler.WSS4JHandl > er</jws:handler-class> > <jws:init-param> > > <jws:param-name>deployment</jws:param-name> > > <jws:param-value>client</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>flow</jws:param-name> > > <jws:param-value>request-only</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>user</jws:param-name> > > <jws:param-value>alice</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>action</jws:param-name> > > <jws:param-value>Signature</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>signaturePropFile</jws:param-name> > > <jws:param-value>client.properties</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>signatureKeyIdentifier</jws:param-name> > > <jws:param-value>DirectReference</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>signatureParts</jws:param-name> > > <jws:param-value>{}{http://jtv.com}addNumbers</jws:param-value> > </jws:init-param> > <jws:init-param> > > <jws:param-name>passwordCallbackClass</jws:param-name> > > <jws:param-value>com.jtv.core.ws.endpoint.example.handlerresul > t.ClientPWCallback</jws:param-value> > </jws:init-param> > > > <jws:soap-role>SecurityProvider</jws:soap-role> > </jws:handler> > </jws:handler-chain> > </jws:handler-chains> > </bindings> > </bindings> > > The captured XML soap message from the client is as > follows, > > <?xml version="1.0" encoding="UTF-8"?> > <soapenv:Envelope > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> > <soapenv:Header> > <wsse:Security > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040 > 1-wss-wssecurity-secext-1.0.xsd" > soapenv:actor="test" > soapenv:mustUnderstand="1"> > <wsse:BinarySecurityToken > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > 401-wss-soap-message-security-1.0#Base64Binary" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3" > > wsu:Id="CertId-1776694">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgV > ComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwV > T0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOT > IzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVy > b3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAA > OBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7a > rfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbke > hJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsC > AwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW > 50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0G > A1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8we > s1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyU lP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TT> pHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQg > df5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8t > av1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FR > SthMMO35Ybpi > kGsLix3v > AsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9 > hNVwryOJTw==</wsse:BinarySecurityToken> > <ds:Signature > xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > </ds:CanonicalizationMethod> > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";> > </ds:SignatureMethod> > <ds:Reference URI="#id-15308417"> > <ds:Transforms> > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";> > </ds:DigestMethod> > > <ds:DigestValue>BKvNHaN+dKKGiRcndc9Fe9Cs/nk=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>mRm5ed5un7sMPGp6yCyMgVu0UcotIc1tAfpxxsjqEQG > tmpVoiQM5b2o2QwIt+FRDBhqO1lfYOABuJ3BxD+guHn3QlAfkmGhtngjzJpCPF > am5yuzk2wUzLeLnKY0lDnbM0WDBU+dE7H32bl8mu/G/bP92bSf6cCK4fM3gJIT > n+/M=</ds:SignatureValue> > <ds:KeyInfo Id="KeyId-31534957"> > <wsse:SecurityTokenReference > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > wsu:Id="STRId-22292701"> > <wsse:Reference > URI="#CertId-1776694" > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-x509-token-profile-1.0#X509v3"> > </wsse:Reference> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > </soapenv:Header> > <soapenv:Body> > <ns2:addNumbers xmlns:ns2="http://jtv.com"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > -wss-wssecurity-utility-1.0.xsd" > wsu:Id="id-15308417"> > <number1>10</number1> > <number2>20</number2> > </ns2:addNumbers> > </soapenv:Body> > </soapenv:Envelope> > > Based on this xml file, I created > > MockHttpServletRequest request > > then call > > wsServlet.service(request, response); > > The testing for Username token and encrypted Username > token work fine, but failed for signature testing. > > Thanks, > > Jian > > --- "Dittmann, Werner" <[EMAIL PROTECTED]> > wrote: > > > Jian, > > > > without some more info like the XML request you > > intercepted it is har to guess what the problem > > is. Can you send the request (SOAP XML)? > > > > Regards, > > Werner > > > > > -----Ursprüngliche Nachricht----- > > > Von: Fang Jian [mailto:[EMAIL PROTECTED] > > > Gesendet: Dienstag, 11. Oktober 2005 18:45 > > > An: [email protected] > > > Betreff: signature verification failed > > > > > > > > > Hi, > > > > > > I am trying to use the WSS4J handler for Jaxws 2.0 > > > security processing. I succeeded in testing User > > Name > > > Token and User Name Token Encryption. When I am > > > testing signature, some problem occurred. If I use > > > client connecting to the server, the signature > > > verfication seems successful. I intercepted the > > XML > > > Markup for the soap message sent by the client and > > > using this XML file as the input to the web > > service > > > for unit test, the signature verification failed. > > I > > > traced the the code and found the CertUri, STRId, > > > KeyInfoUri are different at the server side when > > the > > > server WSS4J handler decodes the soap message from > > the > > > xml file. What is the cause for this problem? Or > > is it > > > impossible to do unit test using the xml file for > > > signature? The xml file for unit test works fine > > for > > > User Name Token and User Name Token Encryption. > > Could > > > anyone give me some hints about it? > > > > > > Thanks in advance, > > > > > > Jian > > > > > > > > > > > > __________________________________ > > > Yahoo! Music Unlimited > > > Access over 1 million songs. Try it free. > > > http://music.yahoo.com/unlimited/ > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > __________________________________ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
