TechQA.

The signature or decryption was invalid when verifying with cxf

6.8k views Asked by At

I am following cxf sample to verify the signature, unfortunately I got following error " org.apache.wss4j.common.ext.WSSecurityException: The signature or decryption was invalid"

I've tried many days and don't find any solution.

spring configuration:

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:int="http://www.springframework.org/schema/integration"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:jaxrs="http://cxf.apache.org/jaxrs"

xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/integration http://www.springframework.org/schema/integration/spring-integration-3.0.xsd
    http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd">

<import resource="classpath*:META-INF/cxf/cxf.xml" />
<!-- <import resource="classpath*:META-INF/cxf/cxf-extension-soap.xml" /> -->
<!-- <import resource="classpath*:META-INF/cxf/cxf-servlet.xml" /> -->


<jaxws:endpoint id="billingWs"
    implementor="com.npp.ws.soap.BillingWS" address="/BillingWs">
    <jaxws:features>
        <bean class="org.apache.cxf.feature.LoggingFeature" />
    </jaxws:features>
    <jaxws:inInterceptors>
        <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                <map>
                    <entry key="action" value="Signature Timestamp" />
                    <entry key="signaturePropFile" value="server_sign.properties" />
                    <entry key="passwordCallbackClass" value="server.ServerPasswordCallback" />
                </map>
            </constructor-arg>
        </bean>
        <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker" />
    </jaxws:inInterceptors>

</jaxws:endpoint>

pom

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework.samples.service.service</groupId>
<artifactId>cxftest</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>

<properties>

    <!-- Generic properties -->
    <java.version>1.6</java.version>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <servlet.version>2.5</servlet.version>
    <!-- Spring -->
    <spring-framework.version>3.2.3.RELEASE</spring-framework.version>
    <logback.version>1.0.13</logback.version>
    <slf4j.version>1.7.5</slf4j.version>
    <cxf.version>3.1.1</cxf.version>
</properties>
<dependencies>
    <!-- Logging with SLF4J & LogBack -->
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>slf4j-api</artifactId>
        <version>${slf4j.version}</version>
        <scope>compile</scope>
    </dependency>
    <dependency>
        <groupId>ch.qos.logback</groupId>
        <artifactId>logback-classic</artifactId>
        <version>${logback.version}</version>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-web</artifactId>
        <version>${spring-framework.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-frontend-jaxws</artifactId>
        <version>${cxf.version}</version>
    </dependency>
    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-transports-http</artifactId>
        <version>${cxf.version}</version>
    </dependency>

    <dependency>
        <groupId>org.apache.cxf</groupId>
        <artifactId>cxf-rt-ws-security</artifactId>
        <version>${cxf.version}</version>
    </dependency>

</dependencies>

and the saop request

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
    <wsse:Security soap:mustUnderstand="1"
        xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <ds:Signature Id="Signature-377" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
                <ds:Reference URI="#id-378">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <ds:DigestValue>1ZFZORXkYPbowBDc3Lg+Netl2hU=</ds:DigestValue>
                </ds:Reference>
                <ds:Reference URI="#Timestamp-376">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <ds:DigestValue>bMO8RXVgtRWyxyoxyY1IwHKY3Z8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>QbizkdCQosjgfy2HUhX7LqxsIEQiDAGgamNfZTGFHPvqyynJ1Tm9iA==</ds:SignatureValue>
            <ds:KeyInfo Id="KeyId-F19E25F47A63BAEC351364893623867377">
                <wsse:SecurityTokenReference
                    wsu:Id="STRId-F19E25F47A63BAEC351364893623867378"
                    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
                    <ds:X509Data>
                        <ds:X509IssuerSerial>
                            <ds:X509IssuerName>CN=localhost,OU=Eng,O=G,L=Boulder,ST=CO,C=US</ds:X509IssuerName>
                            <ds:X509SerialNumber>1317155816</ds:X509SerialNumber>
                        </ds:X509IssuerSerial>
                    </ds:X509Data>
                </wsse:SecurityTokenReference>
            </ds:KeyInfo>
        </ds:Signature>
        <wsu:Timestamp wsu:Id="Timestamp-376"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2013-04-02T09:07:03.867Z</wsu:Created>
            <wsu:Expires>2013-04-02T09:17:03.867Z</wsu:Expires>
        </wsu:Timestamp>
    </wsse:Security>
</soap:Header>
<soap:Body wsu:Id="id-378"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <ns1:Echo xmlns:ns1="http://www.test.com/billing">
        <parameters>
            <Version>3</Version>
            <CorrelationId>b9da054b2f0c493e9633fc527de7055a</CorrelationId>
            <Message>Hello user.</Message>
        </parameters>
    </ns1:Echo>
</soap:Body>

spring soap cxf wss4j
Original Q&A
2

There are 2 answers

0
Colm O hEigeartaigh On

Enable debug logging - it will tell you exactly where signature validation failed.

0
reinier On

I suggest you to enable debugging with 

System.setProperty("javax.net.debug","ssl");

... or in your call to the vm with -Djavax.net.debug=ssl

That way you will see the exact point where the signature failed

Related Questions in SPRING

Related Questions in SOAP

Related Questions in CXF

Related Questions in WSS4J

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions