signature verification failed after adding custom header into SOAP Header

Tue, 02 Jan 2007 16:15:39 -0800 

<!-- DIV {margin:0px;}-->Hi,

I
am trying to do some test security token service system which will
receive signed RST(according to WS-Trust) request and respond with the
requested RST after after signature validation. I am not using
doAllReceiver or doAllSender handlers of WSS4J... rather i am using
similar technique(adding my own handleres that are doing the same
thing). 

I want to add my custom header(for my own purpose) in
addition to the security header into the soap header. I am signing the
body which has the RST request . If i send the signed message without
my custom header then server does not throw any exception . problem is 
if i  add the  custom  header  (<SoapAccount>)  after  the 
<security>  header  the  signature verification fails  for the
existing signature even though i did not do any sort of modification in
the body.My handler in the server side receves the exact message that i
have sent. 
If this is not enough info to identify the problem i can provide more.

If some body can help me in this regerd!!!!!

my request message is:

<?xml version="1.0" encoding="UTF-8"?>

 <soapenv:Header>
  
   
    <ds:SignedInfo>
     http://www.w3.org/2001/10/xml-exc-c14n#"/>
     http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
     <ds:Reference
 URI="#id-18929195">
      <ds:Transforms>
       http://www.w3.org/2001/10/xml-exc-c14n#"/>
      </ds:Transforms>
      http://www.w3.org/2000/09/xmldsig#sha1"/>
      <ds:DigestValue>
VyvkyB5UvaR6HGa7IOckehEFNDA=      </ds:DigestValue>
     </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>
PJ2A9Cmv8arB2ZHDAf4dIQZ1eYwd9hKlyaRPmwvE5o9ELr9IV9oa0mGtIMFA/7yzhGmBk5SRpdMd
VOpKMvQEDQ==   
 </ds:SignatureValue>
    <ds:KeyInfo Id="KeyId-26440236">
     
      <ds:X509Data>
       <ds:X509IssuerSerial>
        <ds:X509IssuerName>
CN=dims        </ds:X509IssuerName>
        <ds:X509SerialNumber>
44369778256217224370984914847992022613        </ds:X509SerialNumber>
      
 </ds:X509IssuerSerial>
      </ds:X509Data>
     </wsse:SecurityTokenReference>
    </ds:KeyInfo>
   </ds:Signature>
  </wsse:Security>
  
   <SA:NoOfHeader>
2   </SA:NoOfHeader>
   <SA:NoOfSignParts>
1   </SA:NoOfSignParts>
  </SA:SoapAccount>
 </soapenv:Header>
 
  
   <wst:TokenType>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
   
   http://testElementNs.testElementNs"/>
   <wst:Lifetime>
    <wsu:Created>
2007-01-02T22:11:08Z    </wsu:Created>
    <wsu:Expires>
2007-01-02T22:15:18Z    </wsu:Expires>
   </wst:Lifetime>
   <wst:RequestType>
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue   
   <wst:Base>
    
    
 <wsse:Username>
bob     </wsse:Username>
     
C7o5zZ/HDgodWcwSTkBPR5RE7ao=     </wsse:Password>
     <wsse:Nonce>
lJ70zgKwIreNdH2PlGK70g==     </wsse:Nonce>
     <wsu:Created>
2007-01-02T22:11:08.421Z     </wsu:Created>
    </wsse:UsernameToken>
   </wst:Base>
  </wst:RequestSecurityToken>
 </soapenv:Body>
</soapenv:Envelope>

 
This the server
 exception:

org.apache.ws.security.WSSecurityException: The signature verification failed
        at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignatur
e(SignatureProcessor.java:332)
        at org.apache.ws.security.processor.SignatureProcessor.handleToken(Signa
tureProcessor.java:79)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:279)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:201)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:154)
        at
 org.sap.sophia.test.handler.STSSignatureHandler.signatureVerifier(STS
SignatureHandler.java:184)
        at org.sap.sophia.test.handler.STSSignatureHandler.invoke(STSSignatureHa
ndler.java:94)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
y.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrateg
y.java:32)
        at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
        at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
        at
 org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454
)
        at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
        at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:69
9)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:716)
        at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBas
e.java:327)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:809)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:200)
        at
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:146)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:209)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:596)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:433)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:144)
        at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:596)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:433)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948)

        at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2358)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:133)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:596)
        at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:118)
        at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:594)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:116)
        at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:594)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:433)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:127)
        at
 org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
t.invokeNext(StandardPipeline.java:596)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:433)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:948)

        at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:15
2)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:799)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ssConnection(Http11Protocol.java:705)
        at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
:577)
        at
 org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:683)
        at java.lang.Thread.run(Thread.java:595)






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Reply via email to