[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: [jira] Resolved: (WSS-178) signature verification failure of signed
From: "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date: 2009-04-30 9:31:30
Message-ID: 99329617.1241083890736.JavaMail.jira () brutus
[Download RAW message or body]
[ https://issues.apache.org/jira/browse/WSS-178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]
Colm O hEigeartaigh resolved WSS-178.
-------------------------------------
Resolution: Fixed
> signature verification failure of signed saml token due to The Reference for URI \
> (bst-saml-uri) has no XMLSignatureInput
> ------------------------------------------------------------------------------------------------------------------------
>
> Key: WSS-178
> URL: https://issues.apache.org/jira/browse/WSS-178
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.7
> Environment: Windows XP + tomcat 6x + axis 1.4 + wss4j 1.5.6
> Reporter: Nitin Handa
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: 1.5.8, 1.6
>
> Attachments: wss4j.log
>
>
> While doing interop testing with owsm, I am hitting a wss4j bug which is hindering \
> me in completing testing. OWSM is sending saml token signed with signed & encrypted \
> body. SAML token is referred from BST using KeyIdentifier, saml token in signed. At \
> wss4j end, signature verification is failing as wss4j WsDoAllReceiver is not able \
> to find out reference of saml token. <?xml version = '1.0' encoding = 'UTF-8'?>
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" \
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body>
> <soapenv:Fault>
> <faultcode>soapenv:Server.generalException</faultcode>
> <faultstring>WSDoAllReceiver: security processing failed; nested exception is:
> org.apache.ws.security.WSSecurityException: The signature or decryption was \
> invalid; nested exception is:
> org.apache.xml.security.signature.XMLSignatureException: The Reference for URI \
> #STR-SAML-t5dWJC9BpFXwp4OjA86KMw22 has no XMLSignatureInput Original Exception was \
> org.apache.xml.security.signature.MissingResourceFailureException: The Reference \
> for URI #STR-SAML-t5dWJC9BpFXwp4OjA86KMw22 has no XMLSignatureInput Original \
> Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: \
> No message with ID "WS Security Exception" found in resource bundle \
> "org/apache/xml/security/resource/xmlsecurity". Original Exception was a \
> org.apache.ws.security.WSSecurityException and message An error was discovered \
> processing the <wsse:Security> header (Reference URI is null) Original Exception \
> was org.apache.xml.security.signature.ReferenceNotInitializedException: No message \
> with ID "WS Security Exception" found in resource bundle \
> "org/apache/xml/security/resource/xmlsecurity". Original Exception was a \
> org.apache.ws.security.WSSecurityException and message An error was discovered \
> processing the <wsse:Security> header (Reference URI is null) Original Exception \
> was org.apache.xml.security.signature.XMLSignatureException: No message with ID "WS \
> Security Exception" found in resource bundle \
> "org/apache/xml/security/resource/xmlsecurity". Original Exception was a \
> org.apache.ws.security.WSSecurityException and message An error was discovered \
> processing the <wsse:Security> header (Reference URI is null) Original Exception \
> was org.apache.xml.security.transforms.TransformationException: No message with ID \
> "WS Security Exception" found in resource bundle \
> "org/apache/xml/security/resource/xmlsecurity". Original Exception was a \
> org.apache.ws.security.WSSecurityException and message An error was discovered \
> processing the <wsse:Security> header (Reference URI is null) Original Exception \
> was org.apache.xml.security.c14n.CanonicalizationException: No message with ID "WS \
> Security Exception" found in resource bundle \
> "org/apache/xml/security/resource/xmlsecurity". Original Exception was a \
> org.apache.ws.security.WSSecurityException and message An error was discovered \
> processing the <wsse:Security> header (Reference URI is null) Original Exception \
> was org.apache.ws.security.WSSecurityException: An error was discovered processing \
> the <wsse:Security> header (Reference URI is null)</faultstring> <detail>
> <ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">nihanda-pc</ns1:hostname>
> </detail>
> </soapenv:Fault>
> </soapenv:Body>
> </soapenv:Envelope>
> SOAP Message that is received by wss4j is (i.e. sent from owsm):-
> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" \
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" \
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" \
> xmlns:ns0="http://stock.samples" \
> xmlns:ns1="http://127.0.0.1:8080/axis/services/urn:xmltoday-delayed-quotes"><env:Header><wsse:Security \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> env:mustUnderstand="1"><wsse:BinarySecurityToken \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" \
> wsu:Id="BST-Upx5ivaWcOwLOBmjTbOkDg22" \
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit \
> y-1.0.xsd">MIICXTCCAcagAwIBAgIESfBXtTANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzETMBEGA \
> 1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxMOUmVkd29vZCBTaG9yZXMxEzARBgNVBAoTCk9yYWNsZSBJbmMxD \
> jAMBgNVBAsTBVNvYVFhMREwDwYDVQQDEwh3ZWJsb2dpYzAeFw0wOTA0MjMxMTU3NDFaFw0wOTA3MjIxMTU3N \
> DFaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHEw5SZWR3b29kIFNob3Jlc \
> zETMBEGA1UEChMKT3JhY2xlIEluYzEOMAwGA1UECxMFU29hUWExETAPBgNVBAMTCHdlYmxvZ2ljMIGfMA0GC \
> SqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYApBX9X5rkfJhbYrRKfoXZn0ndi8B+DPY598yaoHAuQweEWNbFJ+h \
> koUgx9loTrvyNdoczPOu+ktjmzI4wR7LUGDUO1iKVZom9Cpzl+NT3CIGL4I2GU31fxuQkrfx6Qba8dLNtOVG \
> qk1fBSDPV9Y1rMbfGljwe/TGA1lVh+HiQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEdRfHCehtVMMF/LdA8rJ \
> Mm9lnofA8Z4sRamdxnRjVzIz4owWKBvslAHlR6FG3/3Ue+iuoQALSNHaeRrPOb/plWyU+yNZZjJ3q9qrPqrQ \
> SmBZjomwRsjZskOjnm+9eelfpxqm5+/8im3Pgzb3insPQq+N6BcQP9uiPv3fL/BDuIL</wsse:BinarySecurityToken><xenc:EncryptedKey \
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod \
> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><dsig:DigestMethod \
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" \
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><dsig:KeyInfo \
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> URI="#BST-Upx5ivaWcOwLOBmjTbOkDg22"/></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue \
> xmlns:xmime="http://www.w3.org/2005/05/xmlmime" \
> xmime:contentType="application/octet-stream">XTrrhXY7BdieWf1Q72nGVx7DkuTjf0sSW9ls76snQTBHS19i7dAh3d3IRM5APCGnuVy7FgiqUIiG
> Zjcfgf+yBC0pRpFOTAJicqYiSjviHIICWSJhNTaJNmUNeMfpiM+q2T0uOoFNh5GmI3/Z0pbdt9oy
> s4I7cYhqHHdBVNo8e9I=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference \
> URI="#_10E1CqVVROnD2w8SWvT5ew22"/></xenc:ReferenceList></xenc:EncryptedKey><dsig:Signature \
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod \
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod \
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference \
> URI="#Timestamp-O11YJRXoOgF1kGei120b6w22"><dsig:Transforms><dsig:Transform \
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod \
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BKxsCSZfUq1RWr6Y9PU8Rr/Vs/g=</dsig:DigestValue></dsig:Reference><dsig:Reference \
> URI="#STR-SAML-t5dWJC9BpFXwp4OjA86KMw22"><dsig:Transforms><dsig:Transform \
> Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"><wsse:TransformationParameters \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><dsig:CanonicalizationMethod \
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></wsse:TransformationParameters></dsig:Transform></dsig:Transforms><dsig:DigestMethod \
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>faishbjLkuXbNz9Jx9Nxo8Monk4=</dsig:DigestValue></dsig:Reference><dsig:Reference \
> URI="#Body-LnMti7MrAJ3hLRqqWoN0Mg22"><dsig:Transforms><dsig:Transform \
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod \
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>/X73mkutNvEF10 \
> D8lIDutYGoisA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureV \
> alue>YKNB+6O3FJjWCj2fqDkvfVJXlJkRo0XcoMO5PHqyoCdKCs81cmKXlcUcg8cn+rwwMg29ysfkPg+Wgv2 \
> d3CwyA7Fhd+6kC1099ZqEtB/ptnIR/RxoZL+2RXVholPz+Z7niGQM38YZlmdsoqgEyzbDH0u71GWYL6HFUfRAAcZRfb4=</dsig:SignatureValue><dsig:KeyInfo \
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" \
> Id="KeyInfo-vJF2TIW0vRU50vjXKuQuuw22"><wsse:SecurityTokenReference \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> URI="#BST-aiNal7jotn6Hmf9xN2JQhA22" \
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profil \
> e-1.0#X509v3"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><wsse:SecurityTokenReference \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> wsu:Id="STR-SAML-t5dWJC9BpFXwp4OjA86KMw22" \
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:KeyIdentifier \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAsser \
> tionID">SAML-Q1uTD1fnXqIpGqOFv7BMXQ22</wsse:KeyIdentifier></wsse:SecurityTokenReference><wsu:Timestamp \
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
> wsu:Id="Timestamp-O11YJRXoOgF1kGei120b6w22"><wsu:Created \
> ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-26T16:37:19Z</wsu:Created><wsu:Expires \
> ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-26T16:42:19Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" \
> wsu:Id="BST-aiNal7jotn6Hmf9xN2JQhA22" \
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit \
> y-1.0.xsd">MIICXTCCAcagAwIBAgIESfBXtTANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzETMBEGA \
> 1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxMOUmVkd29vZCBTaG9yZXMxEzARBgNVBAoTCk9yYWNsZSBJbmMxD \
> jAMBgNVBAsTBVNvYVFhMREwDwYDVQQDEwh3ZWJsb2dpYzAeFw0wOTA0MjMxMTU3NDFaFw0wOTA3MjIxMTU3N \
> DFaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHEw5SZWR3b29kIFNob3Jlc \
> zETMBEGA1UEChMKT3JhY2xlIEluYzEOMAwGA1UECxMFU29hUWExETAPBgNVBAMTCHdlYmxvZ2ljMIGfMA0GC \
> SqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYApBX9X5rkfJhbYrRKfoXZn0ndi8B+DPY598yaoHAuQweEWNbFJ+h \
> koUgx9loTrvyNdoczPOu+ktjmzI4wR7LUGDUO1iKVZom9Cpzl+NT3CIGL4I2GU31fxuQkrfx6Qba8dLNtOVG \
> qk1fBSDPV9Y1rMbfGljwe/TGA1lVh+HiQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEdRfHCehtVMMF/LdA8rJ \
> Mm9lnofA8Z4sRamdxnRjVzIz4owWKBvslAHlR6FG3/3Ue+iuoQALSNHaeRrPOb/plWyU+yNZZjJ3q9qrPqrQ \
> SmBZjomwRsjZskOjnm+9eelfpxqm5+/8im3Pgzb3insPQq+N6BcQP9uiPv3fL/BDuIL</wsse:BinarySecurityToken><saml:Assertion \
> MajorVersion="1" MinorVersion="1" \
> xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" \
> AssertionID="SAML-Q1uTD1fnXqIpGqOFv7BMXQ22" IssueInstant="2009-04-26T16:37:19Z" \
> Issuer="www.oracle.com"><saml:Conditions NotBefore="2009-04-26T16:37:19Z" \
> NotOnOrAfter="2009-04-26T16:42:19Z"/><saml:AuthenticationStatement \
> AuthenticationInstant="2009-04-26T16:37:19Z" \
> AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml:Subject><saml:NameIdentifier \
> Format="UNSPECIFIED">wss4j</saml:NameIdentifier><saml:SubjectConfirmation><saml:Conf \
> irmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMetho \
> d></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement></saml:Assertion></wsse:Security></env:Header><env:Body \
> wsu:Id="Body-LnMti7MrAJ3hLRqqWoN0Mg22" \
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedData \
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" \
> Type="http://www.w3.org/2001/04/xmlenc#Content" \
> Id="_10E1CqVVROnD2w8SWvT5ew22"><xenc:EncryptionMethod \
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><xenc:CipherData><xenc:CipherValue \
> xmlns:xmime="http://www.w3.org/2005/05/xmlmime" \
> xmime:contentType="application/octet-stream">19sJqHGIJkmZDXTwkBs0uZLQQghPZwQBp/zGnGsveJfoZTtgSX0rdw0MbCOO4eaWnAQkM6p3SSEi
> ugtmvtLqPA5Q3rGWOEifij+WBnZ0tmTeunN6aEUJ7EdplJHv65URyBcfjGPHFLaWt5bRaJefeccf
> 2sX45d7pZSKzAjC8+Or3o8QpH1sWpc0XPdM18KIwHNigsZhbnTqiftTsPjuDz+GiRVtB1+niMAz5
> SkK86dtki1ThwnWEbMZBmlVC7fJrTT+knjH7FfdLBG5I7K/Wd9R2Tc5IngJ0Ru2GXD/a8kz4m2j8
> y/5RemSNl1uXch+8LAZCzx8aF4JuJbp2rSK9/0aQMer0kPF1cCju1GSBmiV6aV1rSwUK1GA2uSa/
> 5wp3vWZXvEb58jHr+ib/bfSbFxpzQMAKzKF44eJfG6NPnfQ0znBAa7gl7dfNzoE7OqzcL/kuIQH7
> rAHALuVZ17/Up5roTjpVA7YE8CBK2DSD4c0sbfkM3MGzCFx+NCK//nuyPVaQEgcNq/W5WpjUFg+B
> C9Gvc5NDchMG2BADKMoS5N8MRRdkGkk6KbH1e+rirT8HQsqFvPwyHDOHNfBdCiaLJsMb1lkFxcFa
> 3f/C35RcxWK6QtwH7LLtmNMJS8Ryf/ijBcFnx/ous+jGKVx7IriNrCuz/pS4XS1RCaDCGHcH6v4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic