Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-309

Incorrect XML Passed to Digest Algorithm

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5
    • Fix Version/s: 1.5.1
    • Component/s: rampart-core
    • Labels:
      None
    • Environment:
      tomcat 6.0.24 / axis2 1.5.1 / rampart 1.5 (version 1.5 of rampart is incorrectly flagged as unreleased? : http://ws.apache.org/rampart/index.html)

      Description

      Calling a signed webservice which results in a SOAP fault being returned, results in a "org.apache.axis2.AxisFault: The signature or decryption was invalid" due to the "Pre-digested input" being different from the actual incoming message. (See attached logs)

      Specifically the following log content seems to be of interest:

      Incoming message body:

      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1661970439">
      <soapenv:Fault>
      <faultcode>soapenv:Server</faultcode>
      <faultstring xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">axis2ns13:FilingFault</faultstring>
      <detail>
      <axis2ns1:Receive__requestFilingFault xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">
      <ErrorMessage:foutOmschrijving xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">Uw gegevens komen niet voor in het register van de Certificate Service Provider (CSP). Uw identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
      <ErrorMessage:foutCode xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">AUS210</ErrorMessage:foutCode>
      <ErrorMessage:PI_Kenmerk xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
      </axis2ns1:Receive__requestFilingFault>
      </detail>
      </soapenv:Fault>
      </soapenv:Body>

      Digested input during signature verification:

      <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1661970439">
      <soapenv:Fault>
      <faultcode>soapenv:Server</faultcode>
      <faultstring>axis2ns13:FilingFault</faultstring>
      <detail>
      <axis2ns1:Receive__requestFilingFault xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">
      <ErrorMessage:foutOmschrijving xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">Uw gegevens komen niet voor in het register van de Certificate Service Provider (CSP). Uw identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
      <ErrorMessage:foutCode xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">AUS210</ErrorMessage:foutCode>
      <ErrorMessage:PI_Kenmerk xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
      </axis2ns1:Receive__requestFilingFault>
      </detail>
      </soapenv:Fault>
      </soapenv:Body>

      This bug ONLY applies to the case where a SOAP fault is returned, regular operation (not resulting in SOAP fault) is working as intended.

      It seems that the DOOM conversion is adding a "xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"" attribute to the "soapenv:Body" element.
      It is also stripping the "xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process"" attribute from the "faultstring" element.

        Attachments

        1. rampart_logs.txt
          15 kB
          B. Nossing

          Activity

            People

            • Assignee:
              samisa Don Samisa Abeysinghe
              Reporter:
              hexx B. Nossing
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: