Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
1.5.7
-
None
-
Windows XP + tomcat 6x + axis 1.4 + wss4j 1.5.6
Description
While doing interop testing with owsm, I am hitting a wss4j bug which is hindering me in completing testing.
OWSM is sending saml token signed with signed & encrypted body. SAML token is referred from BST using KeyIdentifier, saml token in signed.
At wss4j end, signature verification is failing as wss4j WsDoAllReceiver is not able to find out reference of saml token.
<?xml version = '1.0' encoding = 'UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server.generalException</faultcode>
<faultstring>WSDoAllReceiver: security processing failed; nested exception is:
org.apache.ws.security.WSSecurityException: The signature or decryption was invalid; nested exception is:
org.apache.xml.security.signature.XMLSignatureException: The Reference for URI #STR-SAML-t5dWJC9BpFXwp4OjA86KMw22 has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #STR-SAML-t5dWJC9BpFXwp4OjA86KMw22 has no XMLSignatureInput
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: No message with ID "WS Security Exception" found in resource bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception was a org.apache.ws.security.WSSecurityException and message An error was discovered processing the <wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: No message with ID "WS Security Exception" found in resource bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception was a org.apache.ws.security.WSSecurityException and message An error was discovered processing the <wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.signature.XMLSignatureException: No message with ID "WS Security Exception" found in resource bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception was a org.apache.ws.security.WSSecurityException and message An error was discovered processing the <wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.transforms.TransformationException: No message with ID "WS Security Exception" found in resource bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception was a org.apache.ws.security.WSSecurityException and message An error was discovered processing the <wsse:Security> header (Reference URI is null)
Original Exception was org.apache.xml.security.c14n.CanonicalizationException: No message with ID "WS Security Exception" found in resource bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception was a org.apache.ws.security.WSSecurityException and message An error was discovered processing the <wsse:Security> header (Reference URI is null)
Original Exception was org.apache.ws.security.WSSecurityException: An error was discovered processing the <wsse:Security> header (Reference URI is null)</faultstring>
<detail>
<ns1:hostname xmlns:ns1="http://xml.apache.org/axis/">nihanda-pc</ns1:hostname>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
SOAP Message that is received by wss4j is (i.e. sent from owsm):-
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://stock.samples" xmlns:ns1="http://127.0.0.1:8080/axis/services/urn:xmltoday-delayed-quotes"><env:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-Upx5ivaWcOwLOBmjTbOkDg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICXTCCAcagAwIBAgIESfBXtTANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxMOUmVkd29vZCBTaG9yZXMxEzARBgNVBAoTCk9yYWNsZSBJbmMxDjAMBgNVBAsTBVNvYVFhMREwDwYDVQQDEwh3ZWJsb2dpYzAeFw0wOTA0MjMxMTU3NDFaFw0wOTA3MjIxMTU3NDFaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHEw5SZWR3b29kIFNob3JlczETMBEGA1UEChMKT3JhY2xlIEluYzEOMAwGA1UECxMFU29hUWExETAPBgNVBAMTCHdlYmxvZ2ljMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYApBX9X5rkfJhbYrRKfoXZn0ndi8B+DPY598yaoHAuQweEWNbFJ+hkoUgx9loTrvyNdoczPOu+ktjmzI4wR7LUGDUO1iKVZom9Cpzl+NT3CIGL4I2GU31fxuQkrfx6Qba8dLNtOVGqk1fBSDPV9Y1rMbfGljwe/TGA1lVh+HiQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEdRfHCehtVMMF/LdA8rJMm9lnofA8Z4sRamdxnRjVzIz4owWKBvslAHlR6FG3/3Ue+iuoQALSNHaeRrPOb/plWyU+yNZZjJ3q9qrPqrQSmBZjomwRsjZskOjnm+9eelfpxqm5+/8im3Pgzb3insPQq+N6BcQP9uiPv3fL/BDuIL</wsse:BinarySecurityToken><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/></xenc:EncryptionMethod><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#BST-Upx5ivaWcOwLOBmjTbOkDg22"/></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue xmlns:xmime="http://www.w3.org/2005/05/xmlmime" xmime:contentType="application/octet-stream">XTrrhXY7BdieWf1Q72nGVx7DkuTjf0sSW9ls76snQTBHS19i7dAh3d3IRM5APCGnuVy7FgiqUIiG
Zjcfgf+yBC0pRpFOTAJicqYiSjviHIICWSJhNTaJNmUNeMfpiM+q2T0uOoFNh5GmI3/Z0pbdt9oy
s4I7cYhqHHdBVNo8e9I=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#_10E1CqVVROnD2w8SWvT5ew22"/></xenc:ReferenceList></xenc:EncryptedKey><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#Timestamp-O11YJRXoOgF1kGei120b6w22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BKxsCSZfUq1RWr6Y9PU8Rr/Vs/g=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#STR-SAML-t5dWJC9BpFXwp4OjA86KMw22"><dsig:Transforms><dsig:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"><wsse:TransformationParameters xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></wsse:TransformationParameters></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>faishbjLkuXbNz9Jx9Nxo8Monk4=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#Body-LnMti7MrAJ3hLRqqWoN0Mg22"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>/X73mkutNvEF10D8lIDutYGoisA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>YKNB+6O3FJjWCj2fqDkvfVJXlJkRo0XcoMO5PHqyoCdKCs81cmKXlcUcg8cn+rwwMg29ysfkPg+Wgv2d3CwyA7Fhd+6kC1099ZqEtB/ptnIR/RxoZL+2RXVholPz+Z7niGQM38YZlmdsoqgEyzbDH0u71GWYL6HFUfRAAcZRfb4=</dsig:SignatureValue><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="KeyInfo-vJF2TIW0vRU50vjXKuQuuw22"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" URI="#BST-aiNal7jotn6Hmf9xN2JQhA22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></dsig:KeyInfo></dsig:Signature><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" wsu:Id="STR-SAML-t5dWJC9BpFXwp4OjA86KMw22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:KeyIdentifier xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">SAML-Q1uTD1fnXqIpGqOFv7BMXQ22</wsse:KeyIdentifier></wsse:SecurityTokenReference><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-O11YJRXoOgF1kGei120b6w22"><wsu:Created ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-26T16:37:19Z</wsu:Created><wsu:Expires ValueType="http://www.w3.org/2001/XMLSchema/dateTime">2009-04-26T16:42:19Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-aiNal7jotn6Hmf9xN2JQhA22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIICXTCCAcagAwIBAgIESfBXtTANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEXMBUGA1UEBxMOUmVkd29vZCBTaG9yZXMxEzARBgNVBAoTCk9yYWNsZSBJbmMxDjAMBgNVBAsTBVNvYVFhMREwDwYDVQQDEwh3ZWJsb2dpYzAeFw0wOTA0MjMxMTU3NDFaFw0wOTA3MjIxMTU3NDFaMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHEw5SZWR3b29kIFNob3JlczETMBEGA1UEChMKT3JhY2xlIEluYzEOMAwGA1UECxMFU29hUWExETAPBgNVBAMTCHdlYmxvZ2ljMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKYApBX9X5rkfJhbYrRKfoXZn0ndi8B+DPY598yaoHAuQweEWNbFJ+hkoUgx9loTrvyNdoczPOu+ktjmzI4wR7LUGDUO1iKVZom9Cpzl+NT3CIGL4I2GU31fxuQkrfx6Qba8dLNtOVGqk1fBSDPV9Y1rMbfGljwe/TGA1lVh+HiQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAEdRfHCehtVMMF/LdA8rJMm9lnofA8Z4sRamdxnRjVzIz4owWKBvslAHlR6FG3/3Ue+iuoQALSNHaeRrPOb/plWyU+yNZZjJ3q9qrPqrQSmBZjomwRsjZskOjnm+9eelfpxqm5+/8im3Pgzb3insPQq+N6BcQP9uiPv3fL/BDuIL</wsse:BinarySecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="SAML-Q1uTD1fnXqIpGqOFv7BMXQ22" IssueInstant="2009-04-26T16:37:19Z" Issuer="www.oracle.com"><saml:Conditions NotBefore="2009-04-26T16:37:19Z" NotOnOrAfter="2009-04-26T16:42:19Z"/><saml:AuthenticationStatement AuthenticationInstant="2009-04-26T16:37:19Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml:Subject><saml:NameIdentifier Format="UNSPECIFIED">wss4j</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement></saml:Assertion></wsse:Security></env:Header><env:Body wsu:Id="Body-LnMti7MrAJ3hLRqqWoN0Mg22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_10E1CqVVROnD2w8SWvT5ew22"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><xenc:CipherData><xenc:CipherValue xmlns:xmime="http://www.w3.org/2005/05/xmlmime" xmime:contentType="application/octet-stream">19sJqHGIJkmZDXTwkBs0uZLQQghPZwQBp/zGnGsveJfoZTtgSX0rdw0MbCOO4eaWnAQkM6p3SSEi
ugtmvtLqPA5Q3rGWOEifij+WBnZ0tmTeunN6aEUJ7EdplJHv65URyBcfjGPHFLaWt5bRaJefeccf
2sX45d7pZSKzAjC8+Or3o8QpH1sWpc0XPdM18KIwHNigsZhbnTqiftTsPjuDz+GiRVtB1+niMAz5
SkK86dtki1ThwnWEbMZBmlVC7fJrTT+knjH7FfdLBG5I7K/Wd9R2Tc5IngJ0Ru2GXD/a8kz4m2j8
y/5RemSNl1uXch+8LAZCzx8aF4JuJbp2rSK9/0aQMer0kPF1cCju1GSBmiV6aV1rSwUK1GA2uSa/
5wp3vWZXvEb58jHr+ib/bfSbFxpzQMAKzKF44eJfG6NPnfQ0znBAa7gl7dfNzoE7OqzcL/kuIQH7
rAHALuVZ17/Up5roTjpVA7YE8CBK2DSD4c0sbfkM3MGzCFx+NCK//nuyPVaQEgcNq/W5WpjUFg+B
C9Gvc5NDchMG2BADKMoS5N8MRRdkGkk6KbH1e+rirT8HQsqFvPwyHDOHNfBdCiaLJsMb1lkFxcFa
3f/C35RcxWK6QtwH7LLtmNMJS8Ryf/ijBcFnx/ous+jGKVx7IriNrCuz/pS4XS1RCaDCGHcH6v4=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></env:Body></env:Envelope>