Signature is invalid
jgilbert Nov 3, 2006 3:30 PMI am getting the following exception on the server side when trying to encrypt individual elements:
org.jboss.ws.wsse.FailedCheckException: Signature is invalid. at org.jboss.ws.wsse.SignatureVerificationOperation.process(SignatureVerificationOperation.java:59) at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:123) at org.jboss.ws.wsse.SecurityDecoder.decode(SecurityDecoder.java:185) at org.jboss.ws.wsse.WSSecurityDispatcher.handleInbound(WSSecurityDispatcher.java:143) at org.jboss.ws.wsse.WSSecurityHandler.handleInboundSecurity(WSSecurityHandler.java:68) at org.jboss.ws.wsse.WSSecurityHandlerInbound.handleRequest(WSSecurityHandlerInbound.java:42)
I am following this example from the wiki with a few differences:
http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurityComplexExample
- i am declaring rules globally instead of at the operation level
- i want to sign the complete message
- i want to encrypt individual elements
when i sign and encrypt everything then it all works. when i just encrypt individual elements without signing then it all works.
any ideas?
jboss-wsse-client.xml
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <config> <sign type="x509v3" alias="wsse"/> <encrypt type="x509v3" alias="wsse"> <targets> <target type="qname" contentOnly="true">{http://service.security.pay.net/jaws}creditCardNumber</target> </targets> </encrypt> <requires> <signature/> <encryption> <targets> <target type="qname">{http://service.security.pay.net/jaws}creditCardNumber</target> </targets> </encryption> </requires> </config> </jboss-ws-security>
jboss-wsse-server.xml
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> <key-store-file>META-INF/wsse.keystore</key-store-file> <key-store-password>jbossws</key-store-password> <trust-store-file>META-INF/wsse.truststore</trust-store-file> <trust-store-password>jbossws</trust-store-password> <config> <sign type="x509v3" alias="wsse"/> <encrypt type="x509v3" alias="wsse"> <targets> <target type="qname" contentOnly="true">{http://service.security.pay.net/jaws}creditCardNumber</target> </targets> </encrypt> <requires> <signature/> <encryption> <targets> <target type="qname">{http://service.security.pay.net/jaws}creditCardNumber</target> </targets> </encryption> </requires> </config> </jboss-ws-security>