The first message comes from the xmlsec library that checks the cryptography of the signature. After that check, WSS4J checks whether the user's public key can be trusted. I suspect it's the latter check that fails.
Possible causes: - The server doesn't have the CA certificate for the user's certificate. (i.e. improper user or incomplete configuration of the service). - The user's certificate has expired. ...and there could probably be other, more subtle variations; but it all comes down to checking the chain of trust. On Mon, 27 Nov 2006, p m wrote: > Hi, > I have implemented my own security Handler which extends WSS4JHandler. > I put my web-service on a IBM WAS 5.1 > When i try to verify the signature, i have this logs when i call the > WSSecurityEngine.getInstance().processSecurityHeader(doc,null,null),crypto); > > org.apache.xml.security.signature.Reference Verification successful for URI > "#id-1052770798" > > org.apache.ws.security.WSSecurityException: The signature verification > failed > at > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature( > SignatureProcessor.java:327) > at org.apache.ws.security.processor.SignatureProcessor.handleToken( > SignatureProcessor.java:79) > at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > WSSecurityEngine.java:269) > at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > WSSecurityEngine.java:191) > at org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > WSSecurityEngine.java:144) > > I don't understand what it means : the first log says that's the signature > verification is correct, but the second log says that the signature > verification fails? But why it's failed? > Can anyone help me? > Thanks > Matthieu > Guy Rixon [EMAIL PROTECTED] Institute of Astronomy Tel: +44-1223-337542 Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
