[RAMPART-309] Incorrect XML Passed to Digest Algorithm - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5
Fix Version/s: 1.5.1
Component/s: rampart-core
Labels:
None
Environment:
tomcat 6.0.24 / axis2 1.5.1 / rampart 1.5 (version 1.5 of rampart is incorrectly flagged as unreleased? : http://ws.apache.org/rampart/index.html)

Description

Calling a signed webservice which results in a SOAP fault being returned, results in a "org.apache.axis2.AxisFault: The signature or decryption was invalid" due to the "Pre-digested input" being different from the actual incoming message. (See attached logs)

Specifically the following log content seems to be of interest:

Incoming message body:

<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1661970439">
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">axis2ns13:FilingFault</faultstring>
<detail>
<axis2ns1:Receive__requestFilingFault xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">
<ErrorMessage:foutOmschrijving xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">Uw gegevens komen niet voor in het register van de Certificate Service Provider (CSP). Uw identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
<ErrorMessage:foutCode xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">AUS210</ErrorMessage:foutCode>
<ErrorMessage:PI_Kenmerk xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
</axis2ns1:Receive__requestFilingFault>
</detail>
</soapenv:Fault>
</soapenv:Body>

Digested input during signature verification:

<soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1661970439">
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>axis2ns13:FilingFault</faultstring>
<detail>
<axis2ns1:Receive__requestFilingFault xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">
<ErrorMessage:foutOmschrijving xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">Uw gegevens komen niet voor in het register van de Certificate Service Provider (CSP). Uw identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
<ErrorMessage:foutCode xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">AUS210</ErrorMessage:foutCode>
<ErrorMessage:PI_Kenmerk xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
</axis2ns1:Receive__requestFilingFault>
</detail>
</soapenv:Fault>
</soapenv:Body>

This bug ONLY applies to the case where a SOAP fault is returned, regular operation (not resulting in SOAP fault) is working as intended.

It seems that the DOOM conversion is adding a "xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"" attribute to the "soapenv:Body" element.
It is also stripping the "xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process"" attribute from the "faultstring" element.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

rampart_logs.txt
20/Sep/10 14:04
15 kB
B. Nossing

Activity

People

Assignee:: Don Samisa Abeysinghe

Reporter:: B. Nossing

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 20/Sep/10 14:01

Updated:: 21/Dec/10 23:07

Resolved:: 21/Dec/10 23:07