org.apache.cxf.binding.soap.SoapFault: The message has expired

cxf-dev | wangjlc | 2 years ago
  1. 0

    In a soap-message where body is encrypted and signed, we get a signature verification fault because of differently calculated digest. The decrypted body is (anonyminized) like this: <urn:GetDataRequest xmlns="" xmlns:cont="http://www.company1.no/jade/xsd/v1.3/contexttypes" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">123456789</urn:GetDataRequest> When it's canonicalized using Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" it is like this: <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body-767cf61e-3cc1-45dc-b677-04720471d3b0"> <urn:GetDataRequest xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns="">123456789</urn:GetDataRequest> </soapenv:Body> This give a different signature from what we got from sender. If we remove the namespace deifinition xmlns="", and create a digest, it is equal with what we get from sender. From my understanding of http://www.w3.org/TR/xml-exc-c14n/ it is the sender that is correct. I have tested a local patch where I did two changes on 2.0.3 source for org.apache.xml.security.c14n.implementations.Canonicalizer20010315Excl.java line 184: String NName = attribute.getLocalName(); changed to String NName = attribute.getLocalName() == null ? "" : attribute.getLocalName(); line 187: if (!XMLNS_URI.equals(attribute.getNamespaceURI())) { changed to: if (!XMLNS_URI.equals(attribute.getNamespaceURI()) && !(XMLNS.equals(attribute.getName()) && "".equals(NName) && "".equals(NNodeValue))) { This fixed the problem for me, but don't know which regressions I might have introduced, or if really this new behaviour is the correct.

    Apache's JIRA Issue Tracker | 2 years ago | Atle Tokle
    org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
  2. Speed up your debug routine!

    Automated exception search integrated into your IDE

  3. 0

    Exception har misvisende feiltekst

    GitHub | 1 year ago | aberner
    no.difi.sdp.client.domain.exceptions.SendException: An unhandled exception occured while performing request
  4. 0

    Exception har misvisende feiltekst

    GitHub | 1 year ago | aberner
    no.difi.sdp.client.domain.exceptions.SendException: An unhandled exception occured while performing request

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.wss4j.common.ext.WSSecurityException

      The message has expired

      at org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken()
    2. Apache WSS4J DOM WS-Security
      WSSecurityEngine.processSecurityHeader
      1. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:172)
      2. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:69)
      3. org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427)
      3 frames
    3. Apache CXF Runtime WS Security
      WSS4JInInterceptor.handleMessage
      1. org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:257)
      2. org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:93)
      2 frames
    4. Apache CXF Core
      ChainInitiationObserver.onMessage
      1. org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
      2. org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
      2 frames
    5. Apache CXF Runtime HTTP Transport
      AbstractHTTPDestination.invoke
      1. org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:243)
      1 frame
    6. Apache CXF Runtime HTTP Jetty Transport
      JettyHTTPHandler.handle
      1. org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:261)
      2. org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:70)
      2 frames
    7. Jetty
      AsyncHttpConnection.handle
      1. org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1088)
      2. org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1024)
      3. org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      4. org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
      5. org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      6. org.eclipse.jetty.server.Server.handle(Server.java:370)
      7. org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:494)
      8. org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:982)
      9. org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1043)
      10. org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
      11. org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
      12. org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      12 frames
    8. GWT dev
      SelectChannelEndPoint$1.run
      1. org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:696)
      2. org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:53)
      2 frames
    9. Jetty
      QueuedThreadPool$3.run
      1. org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
      2. org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
      2 frames
    10. Java RT
      Thread.run
      1. java.lang.Thread.run(Thread.java:738)
      1 frame