Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-2854

Carriage return (\r) in String argument to service method causes "SoapFault: The signature or decryption was invalid"

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • 2.1.4
    • Invalid
    • WS-* Components
    • None

    • Windows XP Professional SP3
      JDK 1.6.0_13

    • Unknown

    Description

      When using a WSS4JOutInterceptor on the proxy client and WSS4JInInterceptor on the service with the action WSHandlerConstants.SIGNATURE, the call to the service terminates in a SoapFault for an invalid signature if a String containing a carriage return (\r) is passed as an argument to the service. Strings not containing a carriage return result in a successful response.

      A short (fewer than 100 total lines) demonstration of the bug can be provided; a stack trace is at the end of this description.

      Thank you.

      Stack Trace:
      org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
      at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:438)
      at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
      at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
      at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:160)
      at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:67)
      at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:226)
      at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
      at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:295)
      at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:258)
      at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
      at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
      at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
      at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
      at org.mortbay.jetty.Server.handle(Server.java:324)
      at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
      at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842)
      at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
      at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:205)
      at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
      at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
      at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

      Attachments

        1. CXF-Carriage-Return-Issue-Demo.zip
          4 kB
          Web Development Guys
        2. CXF-Carriage-Return-Issue-Demo-2.zip
          8.96 MB
          Web Development Guys

        Activity

          People

            dkulp Daniel Kulp
            web.development.guys Web Development Guys
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: