Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.6.2, 2.5.6, 2.7
-
None
-
Advanced
Description
This is based on the discussion in http://cxf.547215.n5.nabble.com/TransportBinding-and-SignatureConfirmation-td5715655.html.
Signature Confirmation does not work on the client side, when the web service is secured by TransportBinding with EndorsingSupportingToken.
The response from the server contains a Signature Confirmation element, and the response fails with the error:
Received a SignatureConfirmation element, but there are no stored signature values
Debugging through the CXF code, here's what is happening:
- After configuring the client, the WSS11Builder calls setRequireSignatureConfirmation(true) based on the policy (<sp:RequireSignatureConfirmation/>).
- In the constructor of AbstractBindingBuilder, it initializes the signatures array property with an empty array, and puts it in the message as follows:
message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures)
- In the TransportBindingHandler.handleEndorsingToken (line 300), it calls addSig, which eventually calls the doSignature. However, the signature is never added to the signatures array. (SymmetricBindingHandler and AsymmetricBindingHandler do a signatures.add)
- As a result when the service response comes to the WSS4JInInterceptor, it calls checkSignatureConfirmation in WSHandler, which retrieves the savedSignatures using
List<byte[]> savedSignatures =
(List<byte[]>) getProperty(reqData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
- This array is empty, since the signature was never added by TransportBindingHandler. Therefore it throws the above exception.