Hello,
when trying to verify the attached soap message, I get a 'signature verification
failed' error. The problem seems to be with the canonicalization method,
resp. the InclusiveNamespaces tag. Tests without InclusiveNamespaces run
fine. Is this a known issue?
Gruss, Yves
- verify 2 References
- I am not requested to follow nested Manifests
- setElement("ds:Reference", "null")
- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
- I was asked to create a ResourceResolver and got 1
- extra resolvers to my existing 4 system-wide resolvers
- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
- enter engineResolve, look for: #XWSSGID-11310269880521744768699
- Tag: wsu:Timestamp, 'null'
- Attr: wsu:Id, 'XWSSGID-11310269880521744768699'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: wsu:Created, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '2005-11-03T14:09:47Z'
- Tag: wsu:Expires, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsse,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
- Attr: xmlns:wsu,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, '2005-11-03T14:14:47Z'
- engineResolve= 115
- exit engineResolve, result: XMLSignatureInput/NodeSet/18 nodes/null
- Verification successful for URI "#XWSSGID-11310269880521744768699"
- The Reference has Type
- setElement("ds:Reference", "null")
- Request for URI http://www.w3.org/2000/09/xmldsig#sha1
- I was asked to create a ResourceResolver and got 1
- extra resolvers to my existing 4 system-wide resolvers
- check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
- enter engineResolve, look for: #XWSSGID-1131026988066-1993810997
- Tag: SOAP-ENV:Body, 'null'
- Attr: wsu:Id, 'XWSSGID-1131026988066-1993810997'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:wsu,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: tru:StockSymbol, 'null'
- Attr: xmlns, ''
- Attr: xmlns:SOAP-ENV, 'http://schemas.xmlsoap.org/soap/envelope/'
- Attr: xmlns:tru, 'http://fabrikam123.com/payloads'
- Attr: xmlns:wsu,
'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'
- Tag: #text, 'QQQ'
- engineResolve= 7
- exit engineResolve, result: XMLSignatureInput/NodeSet/11 nodes/null
- Verification successful for URI "#XWSSGID-1131026988066-1993810997"
- The Reference has Type
- setElement("ds:SignatureMethod", "null")
- Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; class
"org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
- Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
- Created SignatureDSA using SHA1withRSA
- SignatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
- jceSigAlgorithm = SHA1withRSA
- jceSigProvider = BC
- PublicKey = RSA Public Key
modulus:
ee182fa9ef13b4d216744b0fe5cc898e785a2a09c8de6a150a8e57b605c4b96e39627c524384a84ab5bc5e5c42d9488a99060fcb96d09930013651c563426a64725f6c961ffe86ad32432dcdb10dc0fd089ecc0be08974fa507e6432c7a268e510eaea5b58f1d9ae77f2f755b12ba5609259323
e53bc62306202ddabeb50f56f
public exponent: 10001
- SignatureValue = 52 15 C0 20 04 91 AD 6C 17 2C C2 F2 4C 0F 30 00 5C 24
F5 68 76 F5 2B 86 56 D6 8A B6 06 8B 3C C1 F0 09 8D 38 28 FF 6F 77 EE 4A 37
33 6B 45 4D 35 29 23 77 F0 C2 7C D6 73 19 E3 2F F6 21 16 B5 F8 97 09 C9 A0
09 6C B3 68 83 6A 02 E5 48 77 EC CA F9 40 E8 64 EC 60 8A C1 5E 66 AC 53 31
49 41 C2 3D 5C 10 7B 61 04 B0 F2 A4 FB 50 30 37 F5 04 EC 29 0D A1 CC 9E 0B
55 F9 0E 00 F6 9E A5 3D 5B 8B
org.apache.ws.security.WSSecurityException: The signature verification failed
at
org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurityEngine.java:627)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
sunrise ADSL: gratis und so sicher wie noch nie
http://www.sunrise.ch/home/proint/proint_ads-2.htm
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; SOAP-ENV:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="XWSSGID-1131026985675-1785546257">MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADBUMQswCQYDVQQGEwJJTjETMBEGA1UECBMK
U29tZS1TdGF0ZTEMMAoGA1UEChMDU1VOMQwwCgYDVQQLEwNKV1MxFDASBgNVBAMTC1Jvb3RDQSAy
MDA1MB4XDTA1MDQxMjA1MzIwN1oXDTA2MDQxMjA1MzIwN1owTzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClNvbWUtU3RhdGUxDDAKBgNVBAoTA1NVTjEMMAoGA1UECxMDSldTMQ8wDQYDVQQDEwZDbGll
bnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO4YL6nvE7TSFnRLD+XMiY54WioJyN5qFQqO
V7YFxLluOWJ8UkOEqEq1vF5cQtlIipkGD8uW0JkwATZRxWNCamRyX2yWH/6GrTJDLc2xDcD9CJ7M
C+CJdPpQfmQyx6Jo5RDq6ltY8dmud/L3VbErpWCSWTI+U7xiMGIC3avrUPVvAgMBAAGjgdkwgdYw
CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFEie+o68SdsEgAk3mgcEkyxKqWu6MHwGA1UdIwR1MHOAFEnXft+E9/6MLG8H5vj1
jWdhYuDjoVikVjBUMQswCQYDVQQGEwJJTjETMBEGA1UECBMKU29tZS1TdGF0ZTEMMAoGA1UEChMD
U1VOMQwwCgYDVQQLEwNKV1MxFDASBgNVBAMTC1Jvb3RDQSAyMDA1ggEAMA0GCSqGSIb3DQEBBAUA
A4GBAJW7cZJY/iPMkMuabqYIafNBe8F8UKy8Qz1FfyrawIwoCGx33AGE0RIhdeDJHeQvBSsxCqnj
ZZm7dlee+XUURWyhy3K4gJrJw33mLEDhsnRY6ObDP2XaBLNJT2WoiNvgIc0LSwADzGEMFVENCQLd
idXnkSOU6azYDCov4oRYGlNh</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse SOAP-ENV"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#XWSSGID-11310269880521744768699"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>B+PMlt4+zpb5+SKN59vIwp4/95Q=</ds:DigestValue></ds:Reference><ds:Reference URI="#XWSSGID-1131026988066-1993810997"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>jktiEkDoi6n+gZghWhs74mGEhO4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>UhXAIASRrWwXLMLyTA8wAFwk9Wh29SuGVtaKtgaLPMHwCY04KP9vd+5KNzNrRU01KSN38MJ81nMZ
4y/2IRa1+JcJyaAJbLNog2oC5Uh37Mr5QOhk7GCKwV5mrFMxSUHCPVwQe2EEsPKk+1AwN/UE7CkN
ocyeC1X5DgD2nqU9W4s=</ds:SignatureValue><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1131026987503-413098323">
<wsse:Reference URI="#XWSSGID-1131026985675-1785546257" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-11310269880521744768699"><wsu:Created>2005-11-03T14:09:47Z</wsu:Created><wsu:Expires>2005-11-03T14:14:47Z</wsu:Expires></wsu:Timestamp></wsse:Security></SOAP-ENV:Header><SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1131026988066-1993810997"><tru:StockSymbol xmlns:tru="http://fabrikam123.com/payloads";>QQQ</tru:StockSymbol></SOAP-ENV:Body></SOAP-ENV:Envelope>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
