Problem when body is signed and then an XPath is encrypted
----------------------------------------------------------
Key: WSS-198
URL: https://issues.apache.org/jira/browse/WSS-198
Project: WSS4J
Issue Type: Bug
Affects Versions: 1.5.7
Reporter: Dobri Kitipov
Assignee: Ruchith Udayanga Fernando
Hi everybody,
there is a problem when when a message body is signed and then an XPath
expression pointing to a body element is encrypted.
The problem is that the verification of the signature cannot pass. This is
caused by the fact that there is a difference between the signed body and the
body used for signature verification. The body used for signature verification
is modified because after XPath element decryption an ID is added to the
element. This ID is used to verify the decryption, but changes the original
body.
Exception thrown is:
[WARN] Verification failed for URI "#Id-11235685"
[WARN] Expected Digest: o0jyc1pJHEawRaLNry+cnYeCc80=
[WARN] Actual Digest: VMEF6KgvE6t3PNLlYR49LGEW+xM=
[ERROR] The signature or decryption was invalid
org.apache.axis2.AxisFault: The signature or decryption was invalid
at
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
at
com.softwareag.wsstack.deployment.server.SAGAdminServlet.doPost(SAGAdminServlet.java:30)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:527)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:151)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 22 more
I will try to apply a patch tomorrow.
Any comments and ideas are appreciated.
Regards,
Dobri
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
