Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-309

Incorrect XML Passed to Digest Algorithm

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.5
    • 1.5.1
    • rampart-core
    • None
    • tomcat 6.0.24 / axis2 1.5.1 / rampart 1.5 (version 1.5 of rampart is incorrectly flagged as unreleased? : http://ws.apache.org/rampart/index.html)

    Description

      Calling a signed webservice which results in a SOAP fault being returned, results in a "org.apache.axis2.AxisFault: The signature or decryption was invalid" due to the "Pre-digested input" being different from the actual incoming message. (See attached logs)

      Specifically the following log content seems to be of interest:

      Incoming message body:

      <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1661970439">
      <soapenv:Fault>
      <faultcode>soapenv:Server</faultcode>
      <faultstring xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">axis2ns13:FilingFault</faultstring>
      <detail>
      <axis2ns1:Receive__requestFilingFault xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">
      <ErrorMessage:foutOmschrijving xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">Uw gegevens komen niet voor in het register van de Certificate Service Provider (CSP). Uw identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
      <ErrorMessage:foutCode xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">AUS210</ErrorMessage:foutCode>
      <ErrorMessage:PI_Kenmerk xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
      </axis2ns1:Receive__requestFilingFault>
      </detail>
      </soapenv:Fault>
      </soapenv:Body>

      Digested input during signature verification:

      <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-1661970439">
      <soapenv:Fault>
      <faultcode>soapenv:Server</faultcode>
      <faultstring>axis2ns13:FilingFault</faultstring>
      <detail>
      <axis2ns1:Receive__requestFilingFault xmlns:axis2ns1="http://servicelibrary.sbr-nl.nl/FilingProcess/Process">
      <ErrorMessage:foutOmschrijving xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">Uw gegevens komen niet voor in het register van de Certificate Service Provider (CSP). Uw identiteit kan niet worden vastgesteld.Het verzoek kan hierdoor niet door de infrastructurele voorzieningen worden verwerkt.</ErrorMessage:foutOmschrijving>
      <ErrorMessage:foutCode xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">AUS210</ErrorMessage:foutCode>
      <ErrorMessage:PI_Kenmerk xmlns:ErrorMessage="http://servicelibrary.sbr-nl.nl/errormessage">BTT-100920-0000002</ErrorMessage:PI_Kenmerk>
      </axis2ns1:Receive__requestFilingFault>
      </detail>
      </soapenv:Fault>
      </soapenv:Body>

      This bug ONLY applies to the case where a SOAP fault is returned, regular operation (not resulting in SOAP fault) is working as intended.

      It seems that the DOOM conversion is adding a "xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"" attribute to the "soapenv:Body" element.
      It is also stripping the "xmlns:axis2ns13="http://servicelibrary.sbr-nl.nl/FilingProcess/Process"" attribute from the "faultstring" element.

      Attachments

        1. rampart_logs.txt
          15 kB
          B. Nossing

        Activity

          People

            samisa Don Samisa Abeysinghe
            hexx B. Nossing
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: