i'm using axis as a web service engine on my client side and getting a signed response from a web service.
But while recieving the response im gettng the following error.
Verification failed for URI "#id-13753285"
org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)
failed becoz of remote exception: org.apache.ws.security.WSSecurityException: The signature verification failed
Exception in
thread "main" org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)
below are my hadler configurations and properties file
properties file
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=signverf
org.apache.ws.security.crypto.merlin.alias.password=password
org.apache.ws.security.crypto.merlin.file=certs/signverf/signverf_pubkeystore
commands i used to generate keystore:
keytool -import -alias signverf -file privCert4Sign.cer -keystore signverf_pubkeystore -storepass password
keytool -list -alias signverf -keystore signverf_pubkeystore
i tried goggling for this error,in one thread i got this is because of some issue in axis 1.4 which i'm using and if i try using axis 1.2, this will not come,
for the time i'm not able to download axis 1.2 from any of the apache mirrors
,
if some one can provide me the link,it will be really helpful.
also if anyone as faced similar issue or can see whats going wrong here, please reply.
also below is my
soap response capture using tcpmon
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature Id="Signature-18290758" xmlns
s="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo xmlns
s="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns
s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns
s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="#id-13753285" xmlns
s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms xmlns
s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns
s="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds
igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns
s="http://www.w3.org/2000/09/xmldsig#"/>
<ds
igestValue xmlns
s="http://www.w3.org/2000/09/xmldsig#">jAaM4xp/2ZOch7iqyyLynojMpV0=</ds
igestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns
s="http://www.w3.org/2000/09/xmldsig#">
JiOjIFgJ2qMvzJsirbjgV7AeDWfsS0Ak3xzue1nK+LXELM3tZ/h/eFyxCLZfLk+553vJbmnlU423
8NgjgngYcYa+bB6yTovZJKB66LdQEHLpmTX4WNteLrcVOBfHyZcJCKemF2XyaF4yX03XGAIdNnFV
1d8wZQcBgakPIrjJGAZtwo94bYBlL/MJedBP819Ecf/N6hEmafFxHD46Xapi+HdcDjQmCqxaol/I
bQuM3ikJJ2v+46bQNKEWavdG7lIicjUsvH3xpyzZthj26nAHV6nAOEe8tybKhKLga6KDM+3eAJNq
3s52yZTz68n7z5AijdmhMkc7ivCxELBx5TQYsw==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-20631690" xmlns
s="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsu:Id="STRId-5317380" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDLDCCAhSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwTzEWMBQGA1UEAwwNcHJpdkNlcnQ0U2lnbjEMMAoGA1UECgwDYWJzMQswCQYDVQQGEwJVUzEaMBgGCSqGSIb3DQEJARYLeHl6QGFiYy5jb20wHhcNMDcwOTA0MDQzNzMxWhcNMDgwMzAyMDQzNzMxWjBPMRYwFAYDVQQDDA1wcml2Q2VydDRTaWduMQwwCgYDVQQKDANhYnMxCzAJBgNVBAYTAlVTMRowGAYJKoZIhvcNAQkBFgt4eXpAYWJjLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSG2UR8nMAxctBlR5YSnEVeuHNFMM7t8YQX6J8GRausKPXyDT4pIfP HRaeag62K4cUhBDYBLyUmZqYTZBHpKISgYkYsXqYHoB4gif664rZvpMKw+cTpD/3WzViOeHHWfQM5/XUatLBPXzRUB78PcM9RnCEeznKUEPoWxTfl2qsR0d4CxOVzH9dHn6JCEaQQWzntH61YCw4Qm6Kq78+sLfnv7CBrg/NYewFX9JozZk7UzlmPZWCm7pp2d4UDn1KB7nLnLFxD6aMgjAikWKAU4h15ihJxu6Appc+ggAdAV/jQiaIeAtokfe2Iw1bUh8SOOR8iUa9lK0Jf6C/N9ZTnxCcCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQCKfRu1cXkwwnNZ+0brwT4iI1q/Ti/OVMWpP15Ob7bDE5rUjwpNUJXXlqKdOh7pkk1gLTiebQrMkd0ozpbi/Xdmea1xf9diCc4IApg6K9G4KACR2sLeXcKy7d4hakYqMLeaPJwBcd3V6DGiJgfP2S8Ui8r QzDpslTBM1+YaBdUVIv1/VCFO/K5I4lkPkjGDp/qDm4lXn3Mup9HG9INgklA02hPnYHWunVZm/5MZpEn4BYks+B3VqCXSAkRVD9aAuM3Tv4atblHDs3oKTV1awoVQbKkw+Eonnc/+Mex8A5sJ/8eUnQ3UPdT77U0+WcrvwFxoFP2e0J8xHW8N8b2fIr8H</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body wsu:Id="id-13753285" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<mesa
rocessData xmlns:mesa="http://www.sterlingcommerce.com/mesa" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ProcessData>
<service>Test_Web2</service>
<b2b-protocol>http</b2b-protocol>
<transport-instance-id>MESAHttpServerAdapter_HttpServerAdapter_node1</transport-instance-id>
<SyncModeBP>false</SyncModeBP>
<http-request-uri>/soap-new</http-request-uri>
<transport-session-id>Fri Aug 31 14:04:57 IST 2007:110</transport-session-id>
<incomingSOAPTransportMode>http</incomingSOAPTransportMode>
<VERIFICATION_KEY/>
<DECRYPTION_KEY/>
<SECURITY_TOKEN_NAME>ST1</SECURITY_TOKEN_NAME>
<SIGNING_CERTIFICATE>blrgislin13:10.11.23.37:114bb0fb841:12328</SIGNING_CERTIFICATE>
<SIGNING_ALGO>
http://www.w3.org/2000/09/xmldsig#rsa-sha1</SIGNING_ALGO>
<SIGNING_KEY_IDENTIFIER_TYPE>3</SIGNING_KEY_IDENTIFIER_TYPE>
<CANONICALIZATION_ALGO>
http://www.w3.org/TR/2001/REC-xml-c14n-20010315</CANONICALIZATION_ALGO>
<SIGNATURE_ENCRYPTION_ORDER>-1</SIGNATURE_ENCRYPTION_ORDER>
<SOAP_URI>/soap-new</SOAP_URI>
<SOAPEnvNSPrefix>soapenv</SOAPEnvNSPrefix>
<SOAPEnvNSURI>
http://schemas.xmlsoap.org/soap/envelope/</SOAPEnvNSURI>
<messageMode>1</messageMode>
<query_type>SELECT</query_type>
<result_name>result</result_name>
<pool>mysqlPool</pool>
<row_name>row</row_name>
<sql>SELECT * FROM MBX_MAILBOX</sql>
<serviceMode>1</serviceMode>
<typeName>LightweightJDBCAdapterQuery</typeName>
<PrimaryDocument SCIObjectID="blrgislin13:10.11.23.37:114bb0fb841:19200"/>
<ADD_SOAP_ENVELOPING>false</ADD_SOAP_ENVELOPING>
<INSERT_SECURITY_HEADER>false</INSERT_SECURITY_HEADER>
</ProcessData>
</mesa
rocessData>
</soapenv:Body>
</soapenv:Envelope>
sorry for this long mail, but we are really stuck and need to move forward,
looking for your help.