• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

error while recieving a signed response

 
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i'm using axis as a web service engine on my client side and getting a signed response from a web service.

But while recieving the response im gettng the following error.

Verification failed for URI "#id-13753285"
org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)
failed becoz of remote exception: org.apache.ws.security.WSSecurityException: The signature verification failed
Exception in thread "main" org.apache.ws.security.WSSecurityException: The signature verification failed
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:332)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:79)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:279)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:201)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:159)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.sterlingcommerce.www.mesa.GISBindingStub.executeLightweightJDBCAdapterQuery(GISBindingStub.java:210)
at client.MyClient.makeRequest(MyClient.java:105)
at client.MyClient.main(MyClient.java:134)

below are my hadler configurations and properties file



properties file
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=password
org.apache.ws.security.crypto.merlin.keystore.alias=signverf
org.apache.ws.security.crypto.merlin.alias.password=password
org.apache.ws.security.crypto.merlin.file=certs/signverf/signverf_pubkeystore

commands i used to generate keystore:
keytool -import -alias signverf -file privCert4Sign.cer -keystore signverf_pubkeystore -storepass password

keytool -list -alias signverf -keystore signverf_pubkeystore


i tried goggling for this error,in one thread i got this is because of some issue in axis 1.4 which i'm using and if i try using axis 1.2, this will not come,
for the time i'm not able to download axis 1.2 from any of the apache mirrors ,
if some one can provide me the link,it will be really helpful.
also if anyone as faced similar issue or can see whats going wrong here, please reply.

also below is my soap response capture using tcpmon
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature Id="Signature-18290758" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="#id-13753285" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms xmlns s="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds igestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns s="http://www.w3.org/2000/09/xmldsig#"/>
<ds igestValue xmlns s="http://www.w3.org/2000/09/xmldsig#">jAaM4xp/2ZOch7iqyyLynojMpV0=</ds igestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns s="http://www.w3.org/2000/09/xmldsig#">
JiOjIFgJ2qMvzJsirbjgV7AeDWfsS0Ak3xzue1nK+LXELM3tZ/h/eFyxCLZfLk+553vJbmnlU423
8NgjgngYcYa+bB6yTovZJKB66LdQEHLpmTX4WNteLrcVOBfHyZcJCKemF2XyaF4yX03XGAIdNnFV
1d8wZQcBgakPIrjJGAZtwo94bYBlL/MJedBP819Ecf/N6hEmafFxHD46Xapi+HdcDjQmCqxaol/I
bQuM3ikJJ2v+46bQNKEWavdG7lIicjUsvH3xpyzZthj26nAHV6nAOEe8tybKhKLga6KDM+3eAJNq
3s52yZTz68n7z5AijdmhMkc7ivCxELBx5TQYsw==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-20631690" xmlns s="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsu:Id="STRId-5317380" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDLDCCAhSgAwIBAgICBNIwDQYJKoZIhvcNAQEFBQAwTzEWMBQGA1UEAwwNcHJpdkNlcnQ0U2lnbjEMMAoGA1UECgwDYWJzMQswCQYDVQQGEwJVUzEaMBgGCSqGSIb3DQEJARYLeHl6QGFiYy5jb20wHhcNMDcwOTA0MDQzNzMxWhcNMDgwMzAyMDQzNzMxWjBPMRYwFAYDVQQDDA1wcml2Q2VydDRTaWduMQwwCgYDVQQKDANhYnMxCzAJBgNVBAYTAlVTMRowGAYJKoZIhvcNAQkBFgt4eXpAYWJjLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSG2UR8nMAxctBlR5YSnEVeuHNFMM7t8YQX6J8GRausKPXyDT4pIfP HRaeag62K4cUhBDYBLyUmZqYTZBHpKISgYkYsXqYHoB4gif664rZvpMKw+cTpD/3WzViOeHHWfQM5/XUatLBPXzRUB78PcM9RnCEeznKUEPoWxTfl2qsR0d4CxOVzH9dHn6JCEaQQWzntH61YCw4Qm6Kq78+sLfnv7CBrg/NYewFX9JozZk7UzlmPZWCm7pp2d4UDn1KB7nLnLFxD6aMgjAikWKAU4h15ihJxu6Appc+ggAdAV/jQiaIeAtokfe2Iw1bUh8SOOR8iUa9lK0Jf6C/N9ZTnxCcCAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEBBQUAA4IBAQCKfRu1cXkwwnNZ+0brwT4iI1q/Ti/OVMWpP15Ob7bDE5rUjwpNUJXXlqKdOh7pkk1gLTiebQrMkd0ozpbi/Xdmea1xf9diCc4IApg6K9G4KACR2sLeXcKy7d4hakYqMLeaPJwBcd3V6DGiJgfP2S8Ui8r QzDpslTBM1+YaBdUVIv1/VCFO/K5I4lkPkjGDp/qDm4lXn3Mup9HG9INgklA02hPnYHWunVZm/5MZpEn4BYks+B3VqCXSAkRVD9aAuM3Tv4atblHDs3oKTV1awoVQbKkw+Eonnc/+Mex8A5sJ/8eUnQ3UPdT77U0+WcrvwFxoFP2e0J8xHW8N8b2fIr8H</wsse:KeyIdentifier></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature></wsse:Security></soapenv:Header>
<soapenv:Body wsu:Id="id-13753285" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<mesa rocessData xmlns:mesa="http://www.sterlingcommerce.com/mesa" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ProcessData>
<service>Test_Web2</service>
<b2b-protocol>http</b2b-protocol>
<transport-instance-id>MESAHttpServerAdapter_HttpServerAdapter_node1</transport-instance-id>
<SyncModeBP>false</SyncModeBP>
<http-request-uri>/soap-new</http-request-uri>
<transport-session-id>Fri Aug 31 14:04:57 IST 2007:110</transport-session-id>
<incomingSOAPTransportMode>http</incomingSOAPTransportMode>
<VERIFICATION_KEY/>
<DECRYPTION_KEY/>
<SECURITY_TOKEN_NAME>ST1</SECURITY_TOKEN_NAME>
<SIGNING_CERTIFICATE>blrgislin13:10.11.23.37:114bb0fb841:12328</SIGNING_CERTIFICATE>
<SIGNING_ALGO>http://www.w3.org/2000/09/xmldsig#rsa-sha1</SIGNING_ALGO>;
<SIGNING_KEY_IDENTIFIER_TYPE>3</SIGNING_KEY_IDENTIFIER_TYPE>
<CANONICALIZATION_ALGO>http://www.w3.org/TR/2001/REC-xml-c14n-20010315</CANONICALIZATION_ALGO>;
<SIGNATURE_ENCRYPTION_ORDER>-1</SIGNATURE_ENCRYPTION_ORDER>
<SOAP_URI>/soap-new</SOAP_URI>
<SOAPEnvNSPrefix>soapenv</SOAPEnvNSPrefix>
<SOAPEnvNSURI>http://schemas.xmlsoap.org/soap/envelope/</SOAPEnvNSURI>;
<messageMode>1</messageMode>
<query_type>SELECT</query_type>
<result_name>result</result_name>
<pool>mysqlPool</pool>
<row_name>row</row_name>
<sql>SELECT * FROM MBX_MAILBOX</sql>
<serviceMode>1</serviceMode>
<typeName>LightweightJDBCAdapterQuery</typeName>
<PrimaryDocument SCIObjectID="blrgislin13:10.11.23.37:114bb0fb841:19200"/>
<ADD_SOAP_ENVELOPING>false</ADD_SOAP_ENVELOPING>
<INSERT_SECURITY_HEADER>false</INSERT_SECURITY_HEADER>
</ProcessData>
</mesa rocessData>
</soapenv:Body>
</soapenv:Envelope>

sorry for this long mail, but we are really stuck and need to move forward,
looking for your help.
 
gaurav abbi
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
if anybody can help or comment on this.
 
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't know what the problem is, but I think your URI is not quite right.

Do a search through your post with the value "#id-13753285" and you will see in your WSDL that #-id-13753285 is in a URI. My guess is these value is not correct.

Best of Luck.
 
gaurav abbi
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi nathan,
i don't think thats the problem,
actuaaly i did some debugging on the response and what i found was a hash mismatch for the value sent and the one created using the algo after getting the response. i just want to make it sure if this feature works with axis 1.x(its able to handle signed response) or the other reason can be that the SOAP response is getting modified after web service generates the signature based hash.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic