Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-2854

Carriage return (\r) in String argument to service method causes "SoapFault: The signature or decryption was invalid"

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: 2.1.4
    • Fix Version/s: Invalid
    • Component/s: WS-* Components
    • Labels:
      None
    • Environment:

      Windows XP Professional SP3
      JDK 1.6.0_13

    • Estimated Complexity:
      Unknown

      Description

      When using a WSS4JOutInterceptor on the proxy client and WSS4JInInterceptor on the service with the action WSHandlerConstants.SIGNATURE, the call to the service terminates in a SoapFault for an invalid signature if a String containing a carriage return (\r) is passed as an argument to the service. Strings not containing a carriage return result in a successful response.

      A short (fewer than 100 total lines) demonstration of the bug can be provided; a stack trace is at the end of this description.

      Thank you.

      Stack Trace:
      org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
      at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:438)
      at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
      at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
      at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:160)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:67)
      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
      at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
      at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:295)
      at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:258)
      at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
      at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
      at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
      at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
      at org.mortbay.jetty.Server.handle(Server.java:324)
      at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
      at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
      at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
      at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
      at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
      at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
      at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

        Attachments

        1. CXF-Carriage-Return-Issue-Demo-2.zip
          8.96 MB
          Web Development Guys
        2. CXF-Carriage-Return-Issue-Demo.zip
          4 kB
          Web Development Guys

          Activity

            People

            • Assignee:
              dkulp Daniel Kulp
              Reporter:
              web.development.guys Web Development Guys
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: