[
https://issues.apache.org/jira/browse/WSS-198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12719976#action_12719976
]
Dobri Kitipov edited comment on WSS-198 at 6/16/09 1:32 AM:
------------------------------------------------------------
Hi Colm,
thank you fir the fast answer.
My fast check with wss4j-1.5.8-SNAPSHOT.jar throws another exception:
com.mycompany.client.api.WSClientException: org.apache.axis2.AxisFault: Missing
encryption result for id : http://com:name
at
com.mycompany.client.impl.WSStaxClientImpl.sendReceive(WSStaxClientImpl.java:150)
at
com.mycompany.security.samples.SampleSecurityClient.invokeWebService(SampleSecurityClient.java:96)
at
com.mycompany.security.samples.SampleSecurityClient.main(SampleSecurityClient.java:35)
Caused by: org.apache.axis2.AxisFault: Missing encryption result for id :
http://com:name
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:523)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
at
com.mycompany.client.impl.WSStaxClientImpl.sendReceive(WSStaxClientImpl.java:146)
... 2 more
I am not sure that I have checked it correctly. Do I need to update and other
jars?
I will try to find some time to debug it.
Regards,
Dobri
was (Author: dobri):
Hi Colm,
thank you fir the fast answer.
My fast check with throws another exception:
com.mycompany.client.api.WSClientException: org.apache.axis2.AxisFault: Missing
encryption result for id : http://com:name
at
com.mycompany.client.impl.WSStaxClientImpl.sendReceive(WSStaxClientImpl.java:150)
at
com.mycompany.security.samples.SampleSecurityClient.invokeWebService(SampleSecurityClient.java:96)
at
com.mycompany.security.samples.SampleSecurityClient.main(SampleSecurityClient.java:35)
Caused by: org.apache.axis2.AxisFault: Missing encryption result for id :
http://com:name
at
org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:523)
at
org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:548)
at
com.mycompany.client.impl.WSStaxClientImpl.sendReceive(WSStaxClientImpl.java:146)
... 2 more
> Problem when body is signed and then an XPath is encrypted
> ----------------------------------------------------------
>
> Key: WSS-198
> URL: https://issues.apache.org/jira/browse/WSS-198
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.7
> Reporter: Dobri Kitipov
> Assignee: Colm O hEigeartaigh
> Fix For: 1.5.8
>
> Attachments: send_to_server_side_before_encryption.xml,
> signed_doc_after_decryption.xml
>
>
> Hi everybody,
> there is a problem when when a message body is signed and then an XPath
> expression pointing to a body element is encrypted.
> The problem is that the verification of the signature cannot pass. This is
> caused by the fact that there is a difference between the signed body and the
> body used for signature verification. The body used for signature
> verification is modified because after XPath element decryption an ID is
> added to the element. This ID is used to verify the decryption, but changes
> the original body.
> I am doing the tests with :
> Rampart from the trunk with WSS4J 1.5.7.
> Exception thrown is:
> [WARN] Verification failed for URI "#Id-11235685"
> [WARN] Expected Digest: o0jyc1pJHEawRaLNry+cnYeCc80=
> [WARN] Actual Digest: VMEF6KgvE6t3PNLlYR49LGEW+xM=
> [ERROR] The signature or decryption was invalid
> org.apache.axis2.AxisFault: The signature or decryption was invalid
> at
> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:172)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:317)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:133)
> at
> com.mycompany.deployment.server.SAGAdminServlet.doPost(SAGAdminServlet.java:30)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
> at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.ws.security.WSSecurityException: The signature or
> decryption was invalid
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:527)
> at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:151)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
> ... 22 more
> I will try to apply a patch tomorrow.
> Any comments and ideas are appreciated.
> Regards,
> Dobri
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
