[jboss-user] [JBossWS] - Signature is invalid

jgilbert do-not-reply at jboss.com
Fri Nov 3 15:30:06 EST 2006 

I am getting the following exception on the server side when trying to encrypt individual elements:

  | org.jboss.ws.wsse.FailedCheckException: Signature is invalid.
  |         at org.jboss.ws.wsse.SignatureVerificationOperation.process(SignatureVerificationOperation.java:59)
  |         at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:123)
  |         at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:185)
  |         at org.jboss.ws.wsse.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:143)
  |         at org.jboss.ws.wsse.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:68)
  |         at org.jboss.ws.wsse.WSSecurityHandlerInbound.handleRequest(WSSecurityHandlerInbound.java:42)
  | 


I am following this example from the wiki with a few differences:
http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurityComplexExample

- i am declaring rules globally instead of at the operation level
- i want to sign the complete message
- i want to encrypt individual elements

when i sign and encrypt everything then it all works. when i just encrypt individual elements without signing then it all works.

any ideas?

jboss-wsse-client.xml

  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |   xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  |    <config>
  |      <sign type="x509v3" alias="wsse"/>
  |      <encrypt type="x509v3" alias="wsse">
  |         <targets>
  |            <target type="qname" contentOnly="true">{http://service.security.pay.net/jaws}creditCardNumber</target>
  |         </targets>
  |      </encrypt>    
  |      <requires>
  |        <signature/>
  |        <encryption>
  |           <targets>
  |              <target type="qname">{http://service.security.pay.net/jaws}creditCardNumber</target>
  |           </targets>
  |        </encryption>
  |      </requires>
  |    </config>
  | </jboss-ws-security>


jboss-wsse-server.xml

  | <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |   xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  |   <key-store-file>META-INF/wsse.keystore</key-store-file>
  |   <key-store-password>jbossws</key-store-password>
  |   <trust-store-file>META-INF/wsse.truststore</trust-store-file>
  |   <trust-store-password>jbossws</trust-store-password>
  |   <config>
  |     <sign type="x509v3" alias="wsse"/>
  |     <encrypt type="x509v3" alias="wsse">
  |        <targets>
  |           <target type="qname" contentOnly="true">{http://service.security.pay.net/jaws}creditCardNumber</target>
  |        </targets>
  |     </encrypt>    
  |     <requires>
  |       <signature/>
  |       <encryption>
  |          <targets>
  |             <target type="qname">{http://service.security.pay.net/jaws}creditCardNumber</target>
  |          </targets>
  |       </encryption>
  |     </requires>
  |   </config>
  | </jboss-ws-security>


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983095#3983095

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983095

More information about the jboss-user mailing list