org.apache.cxf.binding.soap.SoapFault: The message has expired

cxf-dev | wangjlc | 2 years ago
Click on the to mark the solution that helps you, Samebug will learn from it.
As a community member, you’ll be rewarded for you help.
  1. 0

    In a soap-message where body is encrypted and signed, we get a signature verification fault because of differently calculated digest. The decrypted body is (anonyminized) like this: <urn:GetDataRequest xmlns="" xmlns:cont="" xmlns:soapenv="" xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns:wsu="">123456789</urn:GetDataRequest> When it's canonicalized using Transform Algorithm="" it is like this: <soapenv:Body xmlns:soapenv="" xmlns:wsu="" wsu:Id="Body-767cf61e-3cc1-45dc-b677-04720471d3b0"> <urn:GetDataRequest xmlns:urn="urn:no:company2:area:domain:melding:DataMessage-1.0" xmlns="">123456789</urn:GetDataRequest> </soapenv:Body> This give a different signature from what we got from sender. If we remove the namespace deifinition xmlns="", and create a digest, it is equal with what we get from sender. From my understanding of it is the sender that is correct. I have tested a local patch where I did two changes on 2.0.3 source for line 184: String NName = attribute.getLocalName(); changed to String NName = attribute.getLocalName() == null ? "" : attribute.getLocalName(); line 187: if (!XMLNS_URI.equals(attribute.getNamespaceURI())) { changed to: if (!XMLNS_URI.equals(attribute.getNamespaceURI()) && !(XMLNS.equals(attribute.getName()) && "".equals(NName) && "".equals(NNodeValue))) { This fixed the problem for me, but don't know which regressions I might have introduced, or if really this new behaviour is the correct.

    Apache's JIRA Issue Tracker | 2 years ago | Atle Tokle
    org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
  2. Speed up your debug routine!

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. org.apache.wss4j.common.ext.WSSecurityException

      The message has expired

      at org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken()
    2. Apache WSS4J DOM WS-Security
      1. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleUsernameToken(
      2. org.apache.wss4j.dom.processor.UsernameTokenProcessor.handleToken(
      3. org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(
      3 frames
    3. Apache CXF Runtime WS Security
      2 frames
    4. Apache CXF Core
      1. org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(
      2. org.apache.cxf.transport.ChainInitiationObserver.onMessage(
      2 frames
    5. Apache CXF Runtime HTTP Transport
      1. org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(
      1 frame
    6. Apache CXF Runtime HTTP Jetty Transport
      1. org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(
      2. org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(
      2 frames
    7. Jetty
      1. org.eclipse.jetty.server.handler.ContextHandler.doHandle(
      2. org.eclipse.jetty.server.handler.ContextHandler.doScope(
      3. org.eclipse.jetty.server.handler.ScopedHandler.handle(
      4. org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(
      5. org.eclipse.jetty.server.handler.HandlerWrapper.handle(
      6. org.eclipse.jetty.server.Server.handle(
      7. org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(
      8. org.eclipse.jetty.server.AbstractHttpConnection.content(
      9. org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(
      10. org.eclipse.jetty.http.HttpParser.parseNext(
      11. org.eclipse.jetty.http.HttpParser.parseAvailable(
      12. org.eclipse.jetty.server.AsyncHttpConnection.handle(
      12 frames
    8. GWT dev
      2 frames
    9. Jetty
      1. org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(
      2. org.eclipse.jetty.util.thread.QueuedThreadPool$
      2 frames
    10. Java RT
      1 frame