0 Replies Latest reply on Nov 3, 2006 3:30 PM by jgilbert

    Signature is invalid

    jgilbert
    jgilbert Nov 3, 2006 3:30 PM

      I am getting the following exception on the server side when trying to encrypt individual elements:

      org.jboss.ws.wsse.FailedCheckException: Signature is invalid.
 at org.jboss.ws.wsse.SignatureVerificationOperation.process(SignatureVerificationOperation.java:59)
 at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:123)
 at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:185)
 at org.jboss.ws.wsse.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:143)
 at org.jboss.ws.wsse.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:68)
 at org.jboss.ws.wsse.WSSecurityHandlerInbound.handleRequest(WSSecurityHandlerInbound.java:42)



      I am following this example from the wiki with a few differences:
      http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurityComplexExample

      - i am declaring rules globally instead of at the operation level
      - i want to sign the complete message
      - i want to encrypt individual elements

      when i sign and encrypt everything then it all works. when i just encrypt individual elements without signing then it all works.

      any ideas?

      jboss-wsse-client.xml 
      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
 <config>
 <sign type="x509v3" alias="wsse"/>
 <encrypt type="x509v3" alias="wsse">
 <targets>
 <target type="qname" contentOnly="true">{http://service.security.pay.net/jaws}creditCardNumber</target>
 </targets>
 </encrypt>
 <requires>
 <signature/>
 <encryption>
 <targets>
 <target type="qname">{http://service.security.pay.net/jaws}creditCardNumber</target>
 </targets>
 </encryption>
 </requires>
 </config>
</jboss-ws-security>



      jboss-wsse-server.xml 
      <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
 <key-store-file>META-INF/wsse.keystore</key-store-file>
 <key-store-password>jbossws</key-store-password>
 <trust-store-file>META-INF/wsse.truststore</trust-store-file>
 <trust-store-password>jbossws</trust-store-password>
 <config>
 <sign type="x509v3" alias="wsse"/>
 <encrypt type="x509v3" alias="wsse">
 <targets>
 <target type="qname" contentOnly="true">{http://service.security.pay.net/jaws}creditCardNumber</target>
 </targets>
 </encrypt>
 <requires>
 <signature/>
 <encryption>
 <targets>
 <target type="qname">{http://service.security.pay.net/jaws}creditCardNumber</target>
 </targets>
 </encryption>
 </requires>
 </config>
</jboss-ws-security>



      • 964 Views
      • Tags: