WS-Security digital signature validation

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

WS-Security digital signature validation

Sam Amarteifio

We are currently using the WSS4J (version 1.5.3) with Axis 1.4 for our WS-Security digital signature validation.

 

We use the WSSecurityEngine.ProcessSecurityHeader method to validate the signature in the security header.

 

The issue we are experiencing here is that the signature validation is successful for one form of security header (Header A. see below) and fails for another form of security header (Header B. see below). You will notice a difference in the construct of the ‘<wsse:Security’> and ‘<ds:Signature>’ elements in respect of their namespace definitions.

 

Please could someone enlighten us if we are doing something wrong or do we need to upgrade to a particular version of the WSS4J WS-Security library, please note we are bound at the moment to Axis 1.4.

 

Regards,
Sam

 

 

Header A.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

                                <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                                                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#id-38">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>vIxJAh8EITqs1uZPiC1yrt4H2DU=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>zcaDiNn0om913HKIryt1+S4EPWXHIKH8bsQTdGDKlUepfv5yMJTLPA9PNecyAAMDF3GuT096lR5WjB2IJQClOoCobbabofvjr7GbfHV8XQLRPiykGKd8+IuiKEKHqyxClUi5strXIOw5ppFnEHkfib2h2YJQzjSptmke7PsAixgh5mDkDranYHNUE3+zdRFeLyC0ZFCeyMD45+tkdnr6koV1di5Z+dJggo4EbWIUv20OUdPblZaw6B82uMondZ/iK/Em8qniMz3FPf583vySkBlb+kLecDPrB/DidYtyDnuFicxsD2pdJ9KsPApXr5dpsnoBITiw8ZubVFbE3uZl1g==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-18fe8f24-d993-1004-81fe-8f8827f68a2b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>604358</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body wsu:Id="id-38" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                ......

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 

Header B.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsa="http://www.w3.org/2005/08/addressing"

                                 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

                                 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                                <wsse:Security SOAP-ENV:mustUnderstand="1">

                                                <ds:Signature>

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#MainBody">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>20WF+Eg2mHpaHbvKWVasYdNoFsw=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>J4ItDIaW2ak6R1UwdQEHMpQHpdjZVVqsx5mxTUjVoFwRNBPpbIua54mdaIZnJJpl06AdZ1i04Kl4yx4xkvd+IzDEWvAISu0CeCQDgmB+R2BfcHwtVtqBi04lGNyIdPZJVv2y9Y5VUywgtWvOLuwydXKVpy9uA5j47LDfEuI0YbrK6+I8d6bfD+aO0I6q7+yHU6iZOUchv920r3eVMGjNfihMag80qRBPzScIWnH3kWp2iOCCJi8Q/O5nTwUI8DwW7EJXvMPVPouDzzbxYekQuOEG+GdumXKcfmeOqCDd9cqflbyUbTOpB5fFVu2qmqVOsVStNzGNn15vH8SHuibXvA==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-fb589ba8-d9bb-1004-8f49-10246a7582f9">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>62129071348004622724048880787045315607</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body Id="MainBody" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                ........

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: WS-Security digital signature validation

Colm O hEigeartaigh-2
It's impossible to say what the problem is without access to the signature validation logs. Turn on DEBUG logging and it should tell you what the problem is. All of WSS4J 1.5.x is deprecated and no longer supported by the way.

Colm.

On Thu, Feb 25, 2016 at 12:12 PM, Sam Amarteifio <[hidden email]> wrote:

We are currently using the WSS4J (version 1.5.3) with Axis 1.4 for our WS-Security digital signature validation.

 

We use the WSSecurityEngine.ProcessSecurityHeader method to validate the signature in the security header.

 

The issue we are experiencing here is that the signature validation is successful for one form of security header (Header A. see below) and fails for another form of security header (Header B. see below). You will notice a difference in the construct of the ‘<wsse:Security’> and ‘<ds:Signature>’ elements in respect of their namespace definitions.

 

Please could someone enlighten us if we are doing something wrong or do we need to upgrade to a particular version of the WSS4J WS-Security library, please note we are bound at the moment to Axis 1.4.

 

Regards,
Sam

 

 

Header A.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

                                <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                                                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#id-38">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>vIxJAh8EITqs1uZPiC1yrt4H2DU=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>zcaDiNn0om913HKIryt1+S4EPWXHIKH8bsQTdGDKlUepfv5yMJTLPA9PNecyAAMDF3GuT096lR5WjB2IJQClOoCobbabofvjr7GbfHV8XQLRPiykGKd8+IuiKEKHqyxClUi5strXIOw5ppFnEHkfib2h2YJQzjSptmke7PsAixgh5mDkDranYHNUE3+zdRFeLyC0ZFCeyMD45+tkdnr6koV1di5Z+dJggo4EbWIUv20OUdPblZaw6B82uMondZ/iK/Em8qniMz3FPf583vySkBlb+kLecDPrB/DidYtyDnuFicxsD2pdJ9KsPApXr5dpsnoBITiw8ZubVFbE3uZl1g==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-18fe8f24-d993-1004-81fe-8f8827f68a2b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>604358</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body wsu:Id="id-38" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                ......

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 

Header B.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsa="http://www.w3.org/2005/08/addressing"

                                 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

                                 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                                <wsse:Security SOAP-ENV:mustUnderstand="1">

                                                <ds:Signature>

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#MainBody">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>20WF+Eg2mHpaHbvKWVasYdNoFsw=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>J4ItDIaW2ak6R1UwdQEHMpQHpdjZVVqsx5mxTUjVoFwRNBPpbIua54mdaIZnJJpl06AdZ1i04Kl4yx4xkvd+IzDEWvAISu0CeCQDgmB+R2BfcHwtVtqBi04lGNyIdPZJVv2y9Y5VUywgtWvOLuwydXKVpy9uA5j47LDfEuI0YbrK6+I8d6bfD+aO0I6q7+yHU6iZOUchv920r3eVMGjNfihMag80qRBPzScIWnH3kWp2iOCCJi8Q/O5nTwUI8DwW7EJXvMPVPouDzzbxYekQuOEG+GdumXKcfmeOqCDd9cqflbyUbTOpB5fFVu2qmqVOsVStNzGNn15vH8SHuibXvA==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-fb589ba8-d9bb-1004-8f49-10246a7582f9">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>62129071348004622724048880787045315607</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body Id="MainBody" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                ........

                </soapenv:Body>

</soapenv:Envelope>

 

 

 




--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

RE: WS-Security digital signature validation

Eaton, Jason

Thanks for the replies.

 

I did solve the issue. Firstly I wasn’t creating the document with Axis. This was causing parsing errors during validation. I added the following code as the example does and this solve that issue.

 

AxisClient tmpEngine = new AxisClient(new NullProvider());
MessageContext msgContext =
new MessageContext(tmpEngine);

Message msg =
new Message(new ByteArrayInputStream(xmlDocument.getBytes()));
msg.setMessageContext(msgContext);

SOAPEnvelope unsignedEnvelope = msg.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();

 

Secondly I was trying to provide one keystore to hold two entities but that cannot work when  both entries contain a private key. I split the keystore into sender and receiver and then passed them both on the right method of validate headers.

 

Lastly I was creating a new key for each keystore (sign and decrypt), but the public key used to encrypt the temporary key needs to be the same on the decryption keystore (duh).

 

Thanks again.

 

From: Colm O hEigeartaigh [mailto:[hidden email]]
Sent: Thursday, February 25, 2016 6:06 AM
To: [hidden email]
Subject: Re: WS-Security digital signature validation

 

It's impossible to say what the problem is without access to the signature validation logs. Turn on DEBUG logging and it should tell you what the problem is. All of WSS4J 1.5.x is deprecated and no longer supported by the way.

Colm.

 

On Thu, Feb 25, 2016 at 12:12 PM, Sam Amarteifio <[hidden email]> wrote:

We are currently using the WSS4J (version 1.5.3) with Axis 1.4 for our WS-Security digital signature validation.

 

We use the WSSecurityEngine.ProcessSecurityHeader method to validate the signature in the security header.

 

The issue we are experiencing here is that the signature validation is successful for one form of security header (Header A. see below) and fails for another form of security header (Header B. see below). You will notice a difference in the construct of the ‘<wsse:Security’> and ‘<ds:Signature>’ elements in respect of their namespace definitions.

 

Please could someone enlighten us if we are doing something wrong or do we need to upgrade to a particular version of the WSS4J WS-Security library, please note we are bound at the moment to Axis 1.4.

 

Regards,
Sam

 

 

Header A.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

                                <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                                                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#id-38">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>vIxJAh8EITqs1uZPiC1yrt4H2DU=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>zcaDiNn0om913HKIryt1+S4EPWXHIKH8bsQTdGDKlUepfv5yMJTLPA9PNecyAAMDF3GuT096lR5WjB2IJQClOoCobbabofvjr7GbfHV8XQLRPiykGKd8+IuiKEKHqyxClUi5strXIOw5ppFnEHkfib2h2YJQzjSptmke7PsAixgh5mDkDranYHNUE3+zdRFeLyC0ZFCeyMD45+tkdnr6koV1di5Z+dJggo4EbWIUv20OUdPblZaw6B82uMondZ/iK/Em8qniMz3FPf583vySkBlb+kLecDPrB/DidYtyDnuFicxsD2pdJ9KsPApXr5dpsnoBITiw8ZubVFbE3uZl1g==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-18fe8f24-d993-1004-81fe-8f8827f68a2b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>604358</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body wsu:Id="id-38" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                ......

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 

Header B.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsa="http://www.w3.org/2005/08/addressing"

                                 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

                                 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                                <wsse:Security SOAP-ENV:mustUnderstand="1">

                                                <ds:Signature>

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#MainBody">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>20WF+Eg2mHpaHbvKWVasYdNoFsw=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>J4ItDIaW2ak6R1UwdQEHMpQHpdjZVVqsx5mxTUjVoFwRNBPpbIua54mdaIZnJJpl06AdZ1i04Kl4yx4xkvd+IzDEWvAISu0CeCQDgmB+R2BfcHwtVtqBi04lGNyIdPZJVv2y9Y5VUywgtWvOLuwydXKVpy9uA5j47LDfEuI0YbrK6+I8d6bfD+aO0I6q7+yHU6iZOUchv920r3eVMGjNfihMag80qRBPzScIWnH3kWp2iOCCJi8Q/O5nTwUI8DwW7EJXvMPVPouDzzbxYekQuOEG+GdumXKcfmeOqCDd9cqflbyUbTOpB5fFVu2qmqVOsVStNzGNn15vH8SHuibXvA==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-fb589ba8-d9bb-1004-8f49-10246a7582f9">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>62129071348004622724048880787045315607</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body Id="MainBody" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                ........

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 



--

Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Reply | Threaded
Open this post in threaded view
|

Re: WS-Security digital signature validation

Sam Amarteifio
In reply to this post by Colm O hEigeartaigh-2

 

Colm,

 

Thanks for taking the time to respond to my earlier query.

 

We are aware the WSS4J 1.5.x is deprecated, we were hoping to address this issue with our current version then embark on a project to move to WSS4J1.6.x or 2.x.x.

 

However, I did take your advice and turned on DEBUG logging for the following:

 

log4j.logger.org.apache.wss4j.message.WSSignEnvelope=DEBUG
log4j.logger.org.apache.wss4j.WSSecurityEngine=DEBUG
log4j.logger.org.apache.wss4j.common.crypto.Merlin=DEBUG
log4j.logger.org.apache.xml.security.signature.XMLSignature=DEBUG

 

I then run through a message where the signature validation succeeds (See Signature Validation Log - A below) and then a message where the signature validation fails (See Signature Validation Log - B below).

 

I have looked through both logs and can’t really work out why ‘Signature Validation Log – B’ is failing apart the fact that it logs the failure.
I was hoping you might be able to point us in the right direction after having a look at the logs.

 

Regards,
Sam

 

Signature Validation Log – A

59819104 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - enter processSecurityHeader()

59819107 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - Processing WS-Security header for '' actor.

59819153 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)

59819159 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)

59819160 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)

59819160 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)

59819162 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)

59819163 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)

59819166 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode)

59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N)

59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments)

59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11)

59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)

59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive)

59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)

59819169 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath)

59819170 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)

59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT)

59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

59819174 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Init() called

59819176 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA)

59819176 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA

59819177 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)

59819177 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1

59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)

59819179 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1

59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)

59819179 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5

59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)

59819179 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160

59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)

59819180 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256

59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)

59819180 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384

59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)

59819181 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512

59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)

59819182 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1

59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)

59819182 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5

59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)

59819182 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160

59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)

59819183 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256

59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)

59819183 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384

59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)

59819183 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512

59819190 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space

59819191 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system

59819191 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs

59819192 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents

59819194 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys

59819195 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys

59819195 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates

59819196 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages

59819196 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers

59819197 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages

59819198 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages

59819198 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind prefixes:

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ds to http://www.w3.org/2000/09/xmldsig#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind experimental to http://www.xmlsecurity.org/experimental#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - XX_init                             70 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_prng                           0 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_parsing                        14 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_i18n                 2 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_c14n             17 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_jcemapper        4 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyInfo          3 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyResolver      5 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_prefixes         1 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_resourceresolver 4 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_sigalgos         11 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_transforms       8 ms

59819225 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider BC was added at position: 2

59819226 [http-8443-1] DEBUG org.apache.ws.security.util.Loader  - org.apache.security.juice.provider.JuiCEProviderOpenSSL

java.lang.ClassNotFoundException: org.apache.security.juice.provider.JuiCEProviderOpenSSL

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)

                at org.apache.ws.security.util.Loader.loadClass(Loader.java:185)

                at org.apache.ws.security.WSSConfig.loadProvider(WSSConfig.java:605)

                at org.apache.ws.security.WSSConfig.addJceProvider(WSSConfig.java:662)

                at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:306)

                at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:324)

                at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:333)

                at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:342)

                at org.apache.ws.security.WSSecurityEngine.getWssConfig(WSSecurityEngine.java:157)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)

                at com.perspective.onMessage.core.Utils.WSSecurityModule.processMessage(WSSecurityModule.java:226)

                at com.perspective.onMessage.core.messaging.SrvRequestMessageLogHandler.invoke(SrvRequestMessageLogHandler.java:214)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)

                at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)

                at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)

                at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

                at java.lang.Thread.run(Thread.java:662)

59819227 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider JuiCE could not be added: org.apache.security.juice.provider.JuiCEProviderOpenSSL

59819228 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Found signature element

59819228 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Verify XML Signature

59819230 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Signature", "null")

59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:SignedInfo", "null")

59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:SignatureMethod", "null")

59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:KeyInfo", "null")

59819237 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:X509IssuerSerial", "")

59819238 [http-8443-1] DEBUG org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial  - X509SerialNumber text: 1444382451

59819245 [http-8443-1] INFO  org.apache.ws.security.message.token.SecurityTokenReference  - X509IssuerSerial alias: tomcat-sv

59819246 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - SignatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1

59819246 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"

59819246 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper  - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1

59819246 [http-8443-1] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA  - Created SignatureRSA using SHA1withRSA

59819261 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigAlgorithm    = SHA1withRSA

59819261 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigProvider     = BC

59819261 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - PublicKey = Sun RSA public key, 1024 bits

  modulus: 93610425150689383187201231124099789927987329382418136869121800093428304612151708202031700417081425402958876437802098226652838894600449242632685787409432429554105152649905032574840908271409839981907623327461685416578720622552749877795736234403019908673813687072762834183958546842472520215196850762325388296303

  public exponent: 65537

59819268 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - Canonicalized SignedInfo:

59819268 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

 

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>

<ds:Reference URI="#id-1640824304">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>

<ds:DigestValue>Alh9rNHcaF+nzOfiFRwKC5dnOLI=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

59819274 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  - verify 1 References

59819274 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  - I am not requested to follow nested Manifests

59819276 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Reference", "null")

59819276 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Transforms", "null")

59819277 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper  - Request for URI http://www.w3.org/2000/09/xmldsig#sha1

59819278 [http-8443-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver  - I was asked to create a ResourceResolver and got 1

59819278 [http-8443-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver  -  extra resolvers to my existing 4 system-wide resolvers

59819278 [http-8443-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver  - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver

59819278 [http-8443-1] DEBUG org.apache.ws.security.message.EnvelopeIdResolver  - enter engineResolve, look for: #id-1640824304

59819283 [http-8443-1] DEBUG org.apache.ws.security.message.EnvelopeIdResolver  - exit engineResolve, result: XMLSignatureInput/Element/[soapenv:Body: null] exclude null comments:false/null

59819283 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Transform", "null")

59819284 [http-8443-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream  - Pre-digested input:

59819285 [http-8443-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream  - <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1640824304"><ns1:PostRq xmlns:ns1="http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0"><ns1:Sender><ns1:PartyId>urn:duns:912345678</ns1:PartyId><ns1:PartyRoleCd>Reinsurer</ns1:PartyRoleCd></ns1:Sender><ns1:Receiver><ns1:PartyId>urn:duns:123456789</ns1:PartyId><ns1:PartyRoleCd>Broker</ns1:PartyRoleCd></ns1:Receiver><ns1:Application><ns1:ApplicationCd>AML</ns1:ApplicationCd><ns1:SchemaVersion>http://www.acord.org/schema/data/draft/ReusableDataComponents/1</ns1:SchemaVersion></ns1:Application><ns1:TimeStamp>2016-02-26T09:28:05Z</ns1:TimeStamp><ns1:MsgItem><ns1:MsgId>3d3dcd60-dc6b-11e5-8d07-de2796627f3b</ns1:MsgId><ns1:MsgTypeCd>RiskBoundReportProcess</ns1:MsgTypeCd></ns1:MsgItem><ns1:SecurityProfileCd>Basic</ns1:SecurityProfileCd><ns1:WorkFolder><ns1:MsgFile><ns1:FileId>cid:7F1C53A91C91DAC48E088DB79E1014A2</ns1:FileId><ns1:FileFormatCd>text/xml</ns1:FileFormatCd></ns1:MsgFile></ns1:WorkFolder></ns1:PostRq></soapenv:Body>

59819285 [http-8443-1] DEBUG org.apache.xml.security.signature.Reference  - Verification successful for URI "#id-1640824304"

59819285 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  - The Reference has Type

59819285 [http-8443-1] DEBUG org.apache.ws.security.TIME  - Verify: total= 57, prepare-cert= 18, verify= 39

59819285 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Transform", "null")

59819287 [http-8443-1] DEBUG org.apache.ws.security.TIME  - processHeader: total 180, prepare 1, handle 179

 

 

 

 

Signature Validation Log – B

75811797 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - enter processSecurityHeader()

75811802 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - Processing WS-Security header for '' actor.

75811858 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)

75811859 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)

75811860 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)

75811860 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)

75811862 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)

75811862 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)

75811865 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode)

75811866 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N)

75811867 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments)

75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11)

75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)

75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive)

75811869 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)

75811870 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath)

75811870 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)

75811871 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT)

75811872 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

75811872 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

75811875 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Init() called

75811877 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA)

75811877 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA

75811878 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)

75811878 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1

75811879 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)

75811880 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1

75811880 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)

75811880 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5

75811880 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)

75811880 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160

75811881 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)

75811881 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256

75811881 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)

75811881 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384

75811882 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)

75811882 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512

75811883 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)

75811883 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1

75811883 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)

75811883 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5

75811884 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)

75811884 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160

75811884 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)

75811884 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256

75811885 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)

75811885 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384

75811885 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)

75811885 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512

75811893 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space

75811895 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system

75811895 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs

75811896 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents

75811898 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys

75811899 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys

75811900 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates

75811900 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages

75811901 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers

75811902 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages

75811903 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind prefixes:

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ds to http://www.w3.org/2000/09/xmldsig#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind experimental to http://www.xmlsecurity.org/experimental#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - XX_init                             73 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_prng                           0 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_parsing                        11 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_i18n                 3 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_c14n             12 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_jcemapper        4 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyInfo          8 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyResolver      7 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_prefixes         0 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_resourceresolver 5 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_sigalgos         13 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_transforms       10 ms

75811934 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider BC was added at position: 2

75811936 [http-8443-1] DEBUG org.apache.ws.security.util.Loader  - org.apache.security.juice.provider.JuiCEProviderOpenSSL

java.lang.ClassNotFoundException: org.apache.security.juice.provider.JuiCEProviderOpenSSL

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)

                at org.apache.ws.security.util.Loader.loadClass(Loader.java:185)

                at org.apache.ws.security.WSSConfig.loadProvider(WSSConfig.java:605)

                at org.apache.ws.security.WSSConfig.addJceProvider(WSSConfig.java:662)

                at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:306)

                at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:324)

                at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:333)

                at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:342)

                at org.apache.ws.security.WSSecurityEngine.getWssConfig(WSSecurityEngine.java:157)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)

                at com.perspective.onMessage.core.Utils.WSSecurityModule.processMessage(WSSecurityModule.java:226)

                at com.perspective.onMessage.core.messaging.SrvRequestMessageLogHandler.invoke(SrvRequestMessageLogHandler.java:214)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)

                at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)

                at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)

                at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

                at java.lang.Thread.run(Thread.java:662)

75811937 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider JuiCE could not be added: org.apache.security.juice.provider.JuiCEProviderOpenSSL

75811938 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Found signature element

75811938 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Verify XML Signature

75811940 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:Signature", "null")

75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:SignedInfo", "null")

75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:SignatureMethod", "null")

75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:KeyInfo", "null")

75811947 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:X509IssuerSerial", "")

75811949 [http-8443-1] DEBUG org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial  - X509SerialNumber text: 604358

75811958 [http-8443-1] INFO  org.apache.ws.security.message.token.SecurityTokenReference  - X509IssuerSerial alias: lloyds-exch

75811959 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - SignatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1

75811959 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"

75811959 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper  - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1

75811959 [http-8443-1] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA  - Created SignatureRSA using SHA1withRSA

75811976 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigAlgorithm    = SHA1withRSA

75811976 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigProvider     = BC

75811977 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - PublicKey = Sun RSA public key, 2048 bits

  modulus: 26430731384825362242696808077633199711202753670797332780727536659131960813652566992350509167921393013813366003748544038538461902188890311123165826467140044341011862766176978150742269203625151938990165544929787829837938988000820998332488145317091742337954792664993194742301362562495035781177387750692860723060672603654968039388568042893668467974917933369415902977464977413736394694476283767728239077206845772427531671068443654802074780748359829021441038851112407179903997173832621234910670461653199651463640776709030791759891654422491840524696846497795438748682591298012408472585017460957223048794672235177868443588973

  public exponent: 65537

75811984 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - Canonicalized SignedInfo:

75811984 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - <ns2:SignedInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ns2:CanonicalizationMethod><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ns2:SignatureMethod><ns2:Reference URI="#Id-005f3bba-d023-1004-8580-6239465f8fb3"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ns2:Transform></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ns2:DigestMethod><ns2:DigestValue>+wCLGGkbQHYmNneaAf+/+k2QXdM=</ns2:DigestValue></ns2:Reference></ns2:SignedInfo>

75811990 [http-8443-1] WARN  org.apache.xml.security.signature.XMLSignature  - Signature verification failed.

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.i18n.ProjectResourceBundle  - org.apache.axis.i18n.resource::handleGetObject(empty00)

 

 

 

-----Original Message-----
From: "Colm O hEigeartaigh" <[hidden email]>
Sent: Thursday, 25 February, 2016 14:05
To: [hidden email]
Subject: Re: WS-Security digital signature validation

It's impossible to say what the problem is without access to the signature validation logs. Turn on DEBUG logging and it should tell you what the problem is. All of WSS4J 1.5.x is deprecated and no longer supported by the way.

Colm.

On Thu, Feb 25, 2016 at 12:12 PM, Sam Amarteifio <[hidden email]> wrote:

We are currently using the WSS4J (version 1.5.3) with Axis 1.4 for our WS-Security digital signature validation.

 

We use the WSSecurityEngine.ProcessSecurityHeader method to validate the signature in the security header.

 

The issue we are experiencing here is that the signature validation is successful for one form of security header (Header A. see below) and fails for another form of security header (Header B. see below). You will notice a difference in the construct of the ‘<wsse:Security’> and ‘<ds:Signature>’ elements in respect of their namespace definitions.

 

Please could someone enlighten us if we are doing something wrong or do we need to upgrade to a particular version of the WSS4J WS-Security library, please note we are bound at the moment to Axis 1.4.

 

Regards,
Sam

 

 

Header A.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

                                <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                                                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#id-38">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>vIxJAh8EITqs1uZPiC1yrt4H2DU=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>zcaDiNn0om913HKIryt1+S4EPWXHIKH8bsQTdGDKlUepfv5yMJTLPA9PNecyAAMDF3GuT096lR5WjB2IJQClOoCobbabofvjr7GbfHV8XQLRPiykGKd8+IuiKEKHqyxClUi5strXIOw5ppFnEHkfib2h2YJQzjSptmke7PsAixgh5mDkDranYHNUE3+zdRFeLyC0ZFCeyMD45+tkdnr6koV1di5Z+dJggo4EbWIUv20OUdPblZaw6B82uMondZ/iK/Em8qniMz3FPf583vySkBlb+kLecDPrB/DidYtyDnuFicxsD2pdJ9KsPApXr5dpsnoBITiw8ZubVFbE3uZl1g==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-18fe8f24-d993-1004-81fe-8f8827f68a2b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>604358</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body wsu:Id="id-38" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                ......

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 

Header B.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsa="http://www.w3.org/2005/08/addressing"

                                 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

                                 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                                <wsse:Security SOAP-ENV:mustUnderstand="1">

                                                <ds:Signature>

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#MainBody">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>20WF+Eg2mHpaHbvKWVasYdNoFsw=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>J4ItDIaW2ak6R1UwdQEHMpQHpdjZVVqsx5mxTUjVoFwRNBPpbIua54mdaIZnJJpl06AdZ1i04Kl4yx4xkvd+IzDEWvAISu0CeCQDgmB+R2BfcHwtVtqBi04lGNyIdPZJVv2y9Y5VUywgtWvOLuwydXKVpy9uA5j47LDfEuI0YbrK6+I8d6bfD+aO0I6q7+yHU6iZOUchv920r3eVMGjNfihMag80qRBPzScIWnH3kWp2iOCCJi8Q/O5nTwUI8DwW7EJXvMPVPouDzzbxYekQuOEG+GdumXKcfmeOqCDd9cqflbyUbTOpB5fFVu2qmqVOsVStNzGNn15vH8SHuibXvA==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-fb589ba8-d9bb-1004-8f49-10246a7582f9">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>62129071348004622724048880787045315607</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body Id="MainBody" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                ........

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: WS-Security digital signature validation

Colm O hEigeartaigh-2
I'm afraid I don't see anything obvious there. With more recent versions of WSS4J, it tells you where the signature validation error occurred, so it's easier to track down what the problem is. You could try updating to a more recent version of WSS4J 1.5.x to see if it tells you more?

Colm.

On Tue, Mar 1, 2016 at 3:56 PM, Sam Amarteifio <[hidden email]> wrote:

 

Colm,

 

Thanks for taking the time to respond to my earlier query.

 

We are aware the WSS4J 1.5.x is deprecated, we were hoping to address this issue with our current version then embark on a project to move to WSS4J1.6.x or 2.x.x.

 

However, I did take your advice and turned on DEBUG logging for the following:

 

log4j.logger.org.apache.wss4j.message.WSSignEnvelope=DEBUG
log4j.logger.org.apache.wss4j.WSSecurityEngine=DEBUG
log4j.logger.org.apache.wss4j.common.crypto.Merlin=DEBUG
log4j.logger.org.apache.xml.security.signature.XMLSignature=DEBUG

 

I then run through a message where the signature validation succeeds (See Signature Validation Log - A below) and then a message where the signature validation fails (See Signature Validation Log - B below).

 

I have looked through both logs and can’t really work out why ‘Signature Validation Log – B’ is failing apart the fact that it logs the failure.
I was hoping you might be able to point us in the right direction after having a look at the logs.

 

Regards,
Sam

 

Signature Validation Log – A

59819104 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - enter processSecurityHeader()

59819107 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - Processing WS-Security header for '' actor.

59819153 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)

59819159 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)

59819160 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)

59819160 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)

59819162 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)

59819163 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)

59819166 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode)

59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N)

59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments)

59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11)

59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)

59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive)

59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)

59819169 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath)

59819170 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)

59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT)

59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

59819174 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Init() called

59819176 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA)

59819176 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA

59819177 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)

59819177 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1

59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)

59819179 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1

59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)

59819179 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5

59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)

59819179 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160

59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)

59819180 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256

59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)

59819180 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384

59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)

59819181 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512

59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)

59819182 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1

59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)

59819182 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5

59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)

59819182 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160

59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)

59819183 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256

59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)

59819183 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384

59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)

59819183 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512

59819190 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space

59819191 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system

59819191 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs

59819192 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents

59819194 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys

59819195 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys

59819195 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates

59819196 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages

59819196 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers

59819197 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages

59819198 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages

59819198 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind prefixes:

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ds to http://www.w3.org/2000/09/xmldsig#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind experimental to http://www.xmlsecurity.org/experimental#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n#

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - XX_init                             70 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_prng                           0 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_parsing                        14 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_i18n                 2 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_c14n             17 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_jcemapper        4 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyInfo          3 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyResolver      5 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_prefixes         1 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_resourceresolver 4 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_sigalgos         11 ms

59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_transforms       8 ms

59819225 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider BC was added at position: 2

59819226 [http-8443-1] DEBUG org.apache.ws.security.util.Loader  - org.apache.security.juice.provider.JuiCEProviderOpenSSL

java.lang.ClassNotFoundException: org.apache.security.juice.provider.JuiCEProviderOpenSSL

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)

                at org.apache.ws.security.util.Loader.loadClass(Loader.java:185)

                at org.apache.ws.security.WSSConfig.loadProvider(WSSConfig.java:605)

                at org.apache.ws.security.WSSConfig.addJceProvider(WSSConfig.java:662)

                at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:306)

                at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:324)

                at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:333)

                at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:342)

                at org.apache.ws.security.WSSecurityEngine.getWssConfig(WSSecurityEngine.java:157)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)

                at com.perspective.onMessage.core.Utils.WSSecurityModule.processMessage(WSSecurityModule.java:226)

                at com.perspective.onMessage.core.messaging.SrvRequestMessageLogHandler.invoke(SrvRequestMessageLogHandler.java:214)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)

                at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)

                at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)

                at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

                at java.lang.Thread.run(Thread.java:662)

59819227 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider JuiCE could not be added: org.apache.security.juice.provider.JuiCEProviderOpenSSL

59819228 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Found signature element

59819228 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Verify XML Signature

59819230 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Signature", "null")

59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:SignedInfo", "null")

59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:SignatureMethod", "null")

59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:KeyInfo", "null")

59819237 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:X509IssuerSerial", "")

59819238 [http-8443-1] DEBUG org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial  - X509SerialNumber text: 1444382451

59819245 [http-8443-1] INFO  org.apache.ws.security.message.token.SecurityTokenReference  - X509IssuerSerial alias: tomcat-sv

59819246 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - SignatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1

59819246 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"

59819246 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper  - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1

59819246 [http-8443-1] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA  - Created SignatureRSA using SHA1withRSA

59819261 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigAlgorithm    = SHA1withRSA

59819261 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigProvider     = BC

59819261 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - PublicKey = Sun RSA public key, 1024 bits

  modulus: 93610425150689383187201231124099789927987329382418136869121800093428304612151708202031700417081425402958876437802098226652838894600449242632685787409432429554105152649905032574840908271409839981907623327461685416578720622552749877795736234403019908673813687072762834183958546842472520215196850762325388296303

  public exponent: 65537

59819268 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - Canonicalized SignedInfo:

59819268 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

 

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>

<ds:Reference URI="#id-1640824304">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>

<ds:DigestValue>Alh9rNHcaF+nzOfiFRwKC5dnOLI=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

59819274 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  - verify 1 References

59819274 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  - I am not requested to follow nested Manifests

59819276 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Reference", "null")

59819276 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Transforms", "null")

59819277 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper  - Request for URI http://www.w3.org/2000/09/xmldsig#sha1

59819278 [http-8443-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver  - I was asked to create a ResourceResolver and got 1

59819278 [http-8443-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver  -  extra resolvers to my existing 4 system-wide resolvers

59819278 [http-8443-1] DEBUG org.apache.xml.security.utils.resolver.ResourceResolver  - check resolvability by class org.apache.ws.security.message.EnvelopeIdResolver

59819278 [http-8443-1] DEBUG org.apache.ws.security.message.EnvelopeIdResolver  - enter engineResolve, look for: #id-1640824304

59819283 [http-8443-1] DEBUG org.apache.ws.security.message.EnvelopeIdResolver  - exit engineResolve, result: XMLSignatureInput/Element/[soapenv:Body: null] exclude null comments:false/null

59819283 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Transform", "null")

59819284 [http-8443-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream  - Pre-digested input:

59819285 [http-8443-1] DEBUG org.apache.xml.security.utils.DigesterOutputStream  - <soapenv:Body xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1640824304"><ns1:PostRq xmlns:ns1="http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0"><ns1:Sender><ns1:PartyId>urn:duns:912345678</ns1:PartyId><ns1:PartyRoleCd>Reinsurer</ns1:PartyRoleCd></ns1:Sender><ns1:Receiver><ns1:PartyId>urn:duns:123456789</ns1:PartyId><ns1:PartyRoleCd>Broker</ns1:PartyRoleCd></ns1:Receiver><ns1:Application><ns1:ApplicationCd>AML</ns1:ApplicationCd><ns1:SchemaVersion>http://www.acord.org/schema/data/draft/ReusableDataComponents/1</ns1:SchemaVersion></ns1:Application><ns1:TimeStamp>2016-02-26T09:28:05Z</ns1:TimeStamp><ns1:MsgItem><ns1:MsgId>3d3dcd60-dc6b-11e5-8d07-de2796627f3b</ns1:MsgId><ns1:MsgTypeCd>RiskBoundReportProcess</ns1:MsgTypeCd></ns1:MsgItem><ns1:SecurityProfileCd>Basic</ns1:SecurityProfileCd><ns1:WorkFolder><ns1:MsgFile><ns1:FileId>cid:7F1C53A91C91DAC48E088DB79E1014A2</ns1:FileId><ns1:FileFormatCd>text/xml</ns1:FileFormatCd></ns1:MsgFile></ns1:WorkFolder></ns1:PostRq></soapenv:Body>

59819285 [http-8443-1] DEBUG org.apache.xml.security.signature.Reference  - Verification successful for URI "#id-1640824304"

59819285 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  - The Reference has Type

59819285 [http-8443-1] DEBUG org.apache.ws.security.TIME  - Verify: total= 57, prepare-cert= 18, verify= 39

59819285 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ds:Transform", "null")

59819287 [http-8443-1] DEBUG org.apache.ws.security.TIME  - processHeader: total 180, prepare 1, handle 179

 

 

 

 

Signature Validation Log – B

75811797 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - enter processSecurityHeader()

75811802 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  - Processing WS-Security header for '' actor.

75811858 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)

75811859 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)

75811860 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)

75811860 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)

75811862 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)

75811862 [http-8443-1] DEBUG org.apache.xml.security.Init  - Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)

75811865 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#base64, org.apache.xml.security.transforms.implementations.TransformBase64Decode)

75811866 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315, org.apache.xml.security.transforms.implementations.TransformC14N)

75811867 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NWithComments)

75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11, org.apache.xml.security.transforms.implementations.TransformC14N11)

75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments, org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)

75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#, org.apache.xml.security.transforms.implementations.TransformC14NExclusive)

75811869 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments, org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)

75811870 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116, org.apache.xml.security.transforms.implementations.TransformXPath)

75811870 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature, org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)

75811871 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116, org.apache.xml.security.transforms.implementations.TransformXSLT)

75811872 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/04/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

75811872 [http-8443-1] DEBUG org.apache.xml.security.Init  - Transform.register(http://www.w3.org/2002/06/xmldsig-filter2, org.apache.xml.security.transforms.implementations.TransformXPath2Filter)

75811875 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Init() called

75811877 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureDSA)

75811877 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#dsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureDSA

75811878 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)

75811878 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#rsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1

75811879 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)

75811880 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2000/09/xmldsig#hmac-sha1 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1

75811880 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)

75811880 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-md5 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5

75811880 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)

75811880 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160

75811881 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)

75811881 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256

75811881 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha384, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)

75811881 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384

75811882 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-sha512, org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)

75811882 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512

75811883 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1, org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)

75811883 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1

75811883 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-md5, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)

75811883 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-md5 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5

75811884 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)

75811884 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160

75811884 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha256, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)

75811884 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256

75811885 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha384, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)

75811885 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha384 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384

75811885 [http-8443-1] DEBUG org.apache.xml.security.Init  - SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#hmac-sha512, org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)

75811885 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register http://www.w3.org/2001/04/xmldsig-more#hmac-sha512 org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512

75811893 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP: A simple resolver for requests to HTTP space

75811895 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem: A simple resolver for requests to the local file system

75811895 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A simple resolver for requests of same-document URIs

75811896 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A simple resolver for requests of XPointer fragents

75811898 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver: Can extract RSA public keys

75811899 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver: Can extract DSA public keys

75811900 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver: Can extract public keys from X509 certificates

75811900 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver: Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate from the storages

75811901 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver: Resolves keys and certificates using ResourceResolvers

75811902 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver: Uses an X509 SubjectName to retrieve a certificate from the storages

75811903 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register Resolver: org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver: Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the storages

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind prefixes:

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ds to http://www.w3.org/2000/09/xmldsig#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xenc to http://www.w3.org/2001/04/xmlenc#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind experimental to http://www.xmlsecurity.org/experimental#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind ec to http://www.w3.org/2001/10/xml-exc-c14n#

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to bind xx to http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - XX_init                             73 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_prng                           0 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_parsing                        11 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_i18n                 3 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_c14n             12 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_jcemapper        4 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyInfo          8 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_keyResolver      7 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_prefixes         0 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_resourceresolver 5 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_sigalgos         13 ms

75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -   XX_configure_reg_transforms       10 ms

75811934 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider BC was added at position: 2

75811936 [http-8443-1] DEBUG org.apache.ws.security.util.Loader  - org.apache.security.juice.provider.JuiCEProviderOpenSSL

java.lang.ClassNotFoundException: org.apache.security.juice.provider.JuiCEProviderOpenSSL

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)

                at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)

                at org.apache.ws.security.util.Loader.loadClass(Loader.java:185)

                at org.apache.ws.security.WSSConfig.loadProvider(WSSConfig.java:605)

                at org.apache.ws.security.WSSConfig.addJceProvider(WSSConfig.java:662)

                at org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:306)

                at org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:324)

                at org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:333)

                at org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:342)

                at org.apache.ws.security.WSSecurityEngine.getWssConfig(WSSecurityEngine.java:157)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)

                at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)

                at com.perspective.onMessage.core.Utils.WSSecurityModule.processMessage(WSSecurityModule.java:226)

                at com.perspective.onMessage.core.messaging.SrvRequestMessageLogHandler.invoke(SrvRequestMessageLogHandler.java:214)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)

                at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)

                at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)

                at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)

                at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)

                at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)

                at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

                at java.lang.Thread.run(Thread.java:662)

75811937 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The provider JuiCE could not be added: org.apache.security.juice.provider.JuiCEProviderOpenSSL

75811938 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Found signature element

75811938 [http-8443-1] DEBUG org.apache.ws.security.processor.SignatureProcessor  - Verify XML Signature

75811940 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:Signature", "null")

75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:SignedInfo", "null")

75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:SignatureMethod", "null")

75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:KeyInfo", "null")

75811947 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  - setElement("ns2:X509IssuerSerial", "")

75811949 [http-8443-1] DEBUG org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial  - X509SerialNumber text: 604358

75811958 [http-8443-1] INFO  org.apache.ws.security.message.token.SecurityTokenReference  - X509IssuerSerial alias: lloyds-exch

75811959 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - SignatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1

75811959 [http-8443-1] DEBUG org.apache.xml.security.algorithms.SignatureAlgorithm  - Create URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"

75811959 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper  - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1

75811959 [http-8443-1] DEBUG org.apache.xml.security.algorithms.implementations.SignatureBaseRSA  - Created SignatureRSA using SHA1withRSA

75811976 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigAlgorithm    = SHA1withRSA

75811976 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - jceSigProvider     = BC

75811977 [http-8443-1] DEBUG org.apache.xml.security.signature.XMLSignature  - PublicKey = Sun RSA public key, 2048 bits

  modulus: 26430731384825362242696808077633199711202753670797332780727536659131960813652566992350509167921393013813366003748544038538461902188890311123165826467140044341011862766176978150742269203625151938990165544929787829837938988000820998332488145317091742337954792664993194742301362562495035781177387750692860723060672603654968039388568042893668467974917933369415902977464977413736394694476283767728239077206845772427531671068443654802074780748359829021441038851112407179903997173832621234910670461653199651463640776709030791759891654422491840524696846497795438748682591298012408472585017460957223048794672235177868443588973

  public exponent: 65537

75811984 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - Canonicalized SignedInfo:

75811984 [http-8443-1] DEBUG org.apache.xml.security.utils.SignerOutputStream  - <ns2:SignedInfo xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"><ns2:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ns2:CanonicalizationMethod><ns2:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ns2:SignatureMethod><ns2:Reference URI="#Id-005f3bba-d023-1004-8580-6239465f8fb3"><ns2:Transforms><ns2:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ns2:Transform></ns2:Transforms><ns2:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ns2:DigestMethod><ns2:DigestValue>+wCLGGkbQHYmNneaAf+/+k2QXdM=</ns2:DigestValue></ns2:Reference></ns2:SignedInfo>

75811990 [http-8443-1] WARN  org.apache.xml.security.signature.XMLSignature  - Signature verification failed.

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)

75811998 [http-8443-1] DEBUG org.apache.axis.i18n.ProjectResourceBundle  - org.apache.axis.i18n.resource::handleGetObject(empty00)

 

 

 

-----Original Message-----
From: "Colm O hEigeartaigh" <[hidden email]>
Sent: Thursday, 25 February, 2016 14:05
To: [hidden email]
Subject: Re: WS-Security digital signature validation

It's impossible to say what the problem is without access to the signature validation logs. Turn on DEBUG logging and it should tell you what the problem is. All of WSS4J 1.5.x is deprecated and no longer supported by the way.

Colm.

On Thu, Feb 25, 2016 at 12:12 PM, Sam Amarteifio <[hidden email]> wrote:

We are currently using the WSS4J (version 1.5.3) with Axis 1.4 for our WS-Security digital signature validation.

 

We use the WSSecurityEngine.ProcessSecurityHeader method to validate the signature in the security header.

 

The issue we are experiencing here is that the signature validation is successful for one form of security header (Header A. see below) and fails for another form of security header (Header B. see below). You will notice a difference in the construct of the ‘<wsse:Security’> and ‘<ds:Signature>’ elements in respect of their namespace definitions.

 

Please could someone enlighten us if we are doing something wrong or do we need to upgrade to a particular version of the WSS4J WS-Security library, please note we are bound at the moment to Axis 1.4.

 

Regards,
Sam

 

 

Header A.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

                                <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                                                <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#id-38">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>vIxJAh8EITqs1uZPiC1yrt4H2DU=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>zcaDiNn0om913HKIryt1+S4EPWXHIKH8bsQTdGDKlUepfv5yMJTLPA9PNecyAAMDF3GuT096lR5WjB2IJQClOoCobbabofvjr7GbfHV8XQLRPiykGKd8+IuiKEKHqyxClUi5strXIOw5ppFnEHkfib2h2YJQzjSptmke7PsAixgh5mDkDranYHNUE3+zdRFeLyC0ZFCeyMD45+tkdnr6koV1di5Z+dJggo4EbWIUv20OUdPblZaw6B82uMondZ/iK/Em8qniMz3FPf583vySkBlb+kLecDPrB/DidYtyDnuFicxsD2pdJ9KsPApXr5dpsnoBITiw8ZubVFbE3uZl1g==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-18fe8f24-d993-1004-81fe-8f8827f68a2b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>604358</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body wsu:Id="id-38" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                                ......

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 

Header B.

 

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

                <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsa="http://www.w3.org/2005/08/addressing"

                                 xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"

                                 xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                                <wsse:Security SOAP-ENV:mustUnderstand="1">

                                                <ds:Signature>

                                                                <ds:SignedInfo>

                                                                                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

                                                                                <ds:Reference URI="#MainBody">

                                                                                                <ds:Transforms>

                                                                                                                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

                                                                                                </ds:Transforms>

                                                                                                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

                                                                                                <ds:DigestValue>20WF+Eg2mHpaHbvKWVasYdNoFsw=</ds:DigestValue>

                                                                                </ds:Reference>

                                                                </ds:SignedInfo>

                                                                <ds:SignatureValue>J4ItDIaW2ak6R1UwdQEHMpQHpdjZVVqsx5mxTUjVoFwRNBPpbIua54mdaIZnJJpl06AdZ1i04Kl4yx4xkvd+IzDEWvAISu0CeCQDgmB+R2BfcHwtVtqBi04lGNyIdPZJVv2y9Y5VUywgtWvOLuwydXKVpy9uA5j47LDfEuI0YbrK6+I8d6bfD+aO0I6q7+yHU6iZOUchv920r3eVMGjNfihMag80qRBPzScIWnH3kWp2iOCCJi8Q/O5nTwUI8DwW7EJXvMPVPouDzzbxYekQuOEG+GdumXKcfmeOqCDd9cqflbyUbTOpB5fFVu2qmqVOsVStNzGNn15vH8SHuibXvA==</ds:SignatureValue>

                                                                <ds:KeyInfo>

                                                                                <wsse:SecurityTokenReference wsu:Id="Id-fb589ba8-d9bb-1004-8f49-10246a7582f9">

                                                                                                <ds:X509Data>

                                                                                                                <ds:X509IssuerSerial>

                                                                                                                                <ds:X509IssuerName>CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>

                                                                                                                                <ds:X509SerialNumber>62129071348004622724048880787045315607</ds:X509SerialNumber>

                                                                                                                </ds:X509IssuerSerial>

                                                                                                </ds:X509Data>

                                                                                </wsse:SecurityTokenReference>

                                                                </ds:KeyInfo>

                                                </ds:Signature>

                                </wsse:Security>

                </SOAP-ENV:Header>

                <soapenv:Body Id="MainBody" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

                ........

                </soapenv:Body>

</soapenv:Envelope>

 

 

 

 



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: WS-Security digital signature validation

Sam Amarteifio
Colm,

Thanks for looking at this, just thought I will give you an update based on the input from you last email.

As I pointed out in a previous email, because we are currently using Axis 1.4, we are constrained by the version of WSS4J we could upgrade to.

We did however upgrade as per your suggestion below to the latest version possible for our current set-up, which was to use WSS4J version 1.5.12.

Unfortunately, the debug logging details was similar to the previous version we were using (i.e. did not give us any more detail as to why this was failing).    


Regards,
Sam
 
-----Original Message-----
From: "Colm O hEigeartaigh" <[hidden email]>
Sent: Tuesday, 1 March, 2016 16:48
To: "Sam Amarteifio" <[hidden email]>
Cc: [hidden email]
Subject: Re: WS-Security digital signature validation

I'm afraid I don't see anything obvious there. With more recent versions of
WSS4J, it tells you where the signature validation error occurred, so it's
easier to track down what the problem is. You could try updating to a more
recent version of WSS4J 1.5.x to see if it tells you more?

Colm.

On Tue, Mar 1, 2016 at 3:56 PM, Sam Amarteifio <
[hidden email]> wrote:

>
>
> Colm,
>
>
>
> Thanks for taking the time to respond to my earlier query.
>
>
>
> We are aware the WSS4J 1.5.x is deprecated, we were hoping to address this
> issue with our current version then embark on a project to move to
> WSS4J1.6.x or 2.x.x.
>
>
>
> However, I did take your advice and turned on DEBUG logging for the
> following:
>
>
>
> log4j.logger.org.apache.wss4j.message.WSSignEnvelope=DEBUG
> log4j.logger.org.apache.wss4j.WSSecurityEngine=DEBUG
> log4j.logger.org.apache.wss4j.common.crypto.Merlin=DEBUG
> log4j.logger.org.apache.xml.security.signature.XMLSignature=DEBUG
>
>
>
> I then run through a message where the signature validation succeeds (See
> Signature Validation Log - A below) and then a message where the signature
> validation fails (See Signature Validation Log - B below).
>
>
>
> I have looked through both logs and can’t really work out why ‘Signature
> Validation Log – B’ is failing apart the fact that it logs the failure.
> I was hoping you might be able to point us in the right direction after
> having a look at the logs.
>
>
>
> Regards,
> Sam
>
>
>
> *Signature Validation Log – A*
>
> 59819104 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  -
> enter processSecurityHeader()
>
> 59819107 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  -
> Processing WS-Security header for '' actor.
>
> 59819153 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)
>
> 59819159 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)
>
> 59819160 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)
>
> 59819160 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)
>
> 59819162 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11,
> org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)
>
> 59819163 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments,
> org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)
>
> 59819166 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2000/09/xmldsig#base64,
> org.apache.xml.security.transforms.implementations.TransformBase64Decode)
>
> 59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315,
> org.apache.xml.security.transforms.implementations.TransformC14N)
>
> 59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments,
> org.apache.xml.security.transforms.implementations.TransformC14NWithComments)
>
> 59819167 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2006/12/xml-c14n11,
> org.apache.xml.security.transforms.implementations.TransformC14N11)
>
> 59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments,
> org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)
>
> 59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#,
> org.apache.xml.security.transforms.implementations.TransformC14NExclusive)
>
> 59819168 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments,
> org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)
>
> 59819169 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116,
> org.apache.xml.security.transforms.implementations.TransformXPath)
>
> 59819170 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature,
> org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)
>
> 59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116,
> org.apache.xml.security.transforms.implementations.TransformXSLT)
>
> 59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2002/04/xmldsig-filter2,
> org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
>
> 59819171 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2002/06/xmldsig-filter2,
> org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
>
> 59819174 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Init() called
>
> 59819176 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1,
> org.apache.xml.security.algorithms.implementations.SignatureDSA)
>
> 59819176 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2000/09/xmldsig#dsa-sha1
> org.apache.xml.security.algorithms.implementations.SignatureDSA
>
> 59819177 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)
>
> 59819177 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2000/09/xmldsig#rsa-sha1
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1
>
> 59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)
>
> 59819179 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2000/09/xmldsig#hmac-sha1
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1
>
> 59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)
>
> 59819179 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-md5
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5
>
> 59819179 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)
>
> 59819179 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160
>
> 59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)
>
> 59819180 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256
>
> 59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha384,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)
>
> 59819180 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384
>
> 59819180 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha512,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)
>
> 59819181 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512
>
> 59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1,
> org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)
>
> 59819182 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
> org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1
>
> 59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-md5,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)
>
> 59819182 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-md5
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5
>
> 59819182 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)
>
> 59819182 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160
>
> 59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha256,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)
>
> 59819183 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256
>
> 59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha384,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)
>
> 59819183 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384
>
> 59819183 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha512,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)
>
> 59819183 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512
>
> 59819190 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP:
> A simple resolver for requests to HTTP space
>
> 59819191 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem:
> A simple resolver for requests to the local file system
>
> 59819191 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A
> simple resolver for requests of same-document URIs
>
> 59819192 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A
> simple resolver for requests of XPointer fragents
>
> 59819194 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver:
> Can extract RSA public keys
>
> 59819195 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver:
> Can extract DSA public keys
>
> 59819195 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver:
> Can extract public keys from X509 certificates
>
> 59819196 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver:
> Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate
> from the storages
>
> 59819196 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver:
> Resolves keys and certificates using ResourceResolvers
>
> 59819197 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver:
> Uses an X509 SubjectName to retrieve a certificate from the storages
>
> 59819198 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver:
> Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the
> storages
>
> 59819198 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind prefixes:
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind ds to http://www.w3.org/2000/09/xmldsig#
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind xenc to http://www.w3.org/2001/04/xmlenc#
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind experimental to http://www.xmlsecurity.org/experimental#
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind ec to http://www.w3.org/2001/10/xml-exc-c14n#
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind xx to
> http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_init                             70 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
>  XX_prng                           0 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_parsing                        14 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_i18n                 2 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_c14n             17 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_jcemapper        4 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
>  XX_configure_reg_keyInfo          3 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_keyResolver      5 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_prefixes         1 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_resourceresolver 4 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_sigalgos         11 ms
>
> 59819199 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_transforms       8 ms
>
> 59819225 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The
> provider BC was added at position: 2
>
> 59819226 [http-8443-1] DEBUG org.apache.ws.security.util.Loader  -
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>
> java.lang.ClassNotFoundException:
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>
>                 at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)
>
>                 at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)
>
>                 at
> org.apache.ws.security.util.Loader.loadClass(Loader.java:185)
>
>                 at
> org.apache.ws.security.WSSConfig.loadProvider(WSSConfig.java:605)
>
>                 at
> org.apache.ws.security.WSSConfig.addJceProvider(WSSConfig.java:662)
>
>                 at
> org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:306)
>
>                 at
> org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:324)
>
>                 at
> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:333)
>
>                 at
> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:342)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.getWssConfig(WSSecurityEngine.java:157)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>
>                 at
> com.perspective.onMessage.core.Utils.WSSecurityModule.processMessage(WSSecurityModule.java:226)
>
>                 at
> com.perspective.onMessage.core.messaging.SrvRequestMessageLogHandler.invoke(SrvRequestMessageLogHandler.java:214)
>
>                 at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>
>                 at
> org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>
>                 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>
>                 at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>
>                 at
> org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>
>                 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>
>                 at
> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
>
>                 at
> org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
>
>                 at
> org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
>
>                 at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>
>                 at
> org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
>
>                 at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
>                 at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>
>                 at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>
>                 at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
>
>                 at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>
>                 at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>
>                 at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>
>                 at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>
>                 at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
>
>                 at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
>
>                 at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>
>                 at java.lang.Thread.run(Thread.java:662)
>
> 59819227 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The
> provider JuiCE could not be added:
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>
> 59819228 [http-8443-1] DEBUG
> org.apache.ws.security.processor.SignatureProcessor  - Found signature
> element
>
> 59819228 [http-8443-1] DEBUG
> org.apache.ws.security.processor.SignatureProcessor  - Verify XML Signature
>
> 59819230 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:Signature", "null")
>
> 59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:SignedInfo", "null")
>
> 59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:SignatureMethod", "null")
>
> 59819233 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:KeyInfo", "null")
>
> 59819237 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:X509IssuerSerial", "")
>
> 59819238 [http-8443-1] DEBUG
> org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial  -
> X509SerialNumber text: 1444382451
>
> 59819245 [http-8443-1] INFO
> org.apache.ws.security.message.token.SecurityTokenReference  -
> X509IssuerSerial alias: tomcat-sv
>
> 59819246 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - SignatureMethodURI =
> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>
> 59819246 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Create URI "
> http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>
> 59819246 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper
> - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>
> 59819246 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA  -
> Created SignatureRSA using SHA1withRSA
>
> 59819261 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - jceSigAlgorithm    =
> SHA1withRSA
>
> 59819261 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - jceSigProvider     = BC
>
> 59819261 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - PublicKey = Sun RSA
> public key, 1024 bits
>
>   modulus:
> 93610425150689383187201231124099789927987329382418136869121800093428304612151708202031700417081425402958876437802098226652838894600449242632685787409432429554105152649905032574840908271409839981907623327461685416578720622552749877795736234403019908673813687072762834183958546842472520215196850762325388296303
>
>   public exponent: 65537
>
> 59819268 [http-8443-1] DEBUG
> org.apache.xml.security.utils.SignerOutputStream  - Canonicalized
> SignedInfo:
>
> 59819268 [http-8443-1] DEBUG
> org.apache.xml.security.utils.SignerOutputStream  - <ds:SignedInfo
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>
>
>
> <ds:CanonicalizationMethod Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1
> "></ds:SignatureMethod>
>
> <ds:Reference URI="#id-1640824304">
>
> <ds:Transforms>
>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> "></ds:Transform>
>
> </ds:Transforms>
>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
> "></ds:DigestMethod>
>
> <ds:DigestValue>Alh9rNHcaF+nzOfiFRwKC5dnOLI=</ds:DigestValue>
>
> </ds:Reference>
>
> </ds:SignedInfo>
>
> 59819274 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  -
> verify 1 References
>
> 59819274 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  -
> I am not requested to follow nested Manifests
>
> 59819276 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:Reference", "null")
>
> 59819276 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:Transforms", "null")
>
> 59819277 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper
> - Request for URI http://www.w3.org/2000/09/xmldsig#sha1
>
> 59819278 [http-8443-1] DEBUG
> org.apache.xml.security.utils.resolver.ResourceResolver  - I was asked to
> create a ResourceResolver and got 1
>
> 59819278 [http-8443-1] DEBUG
> org.apache.xml.security.utils.resolver.ResourceResolver  -  extra resolvers
> to my existing 4 system-wide resolvers
>
> 59819278 [http-8443-1] DEBUG
> org.apache.xml.security.utils.resolver.ResourceResolver  - check
> resolvability by class org.apache.ws.security.message.EnvelopeIdResolver
>
> 59819278 [http-8443-1] DEBUG
> org.apache.ws.security.message.EnvelopeIdResolver  - enter engineResolve,
> look for: #id-1640824304
>
> 59819283 [http-8443-1] DEBUG
> org.apache.ws.security.message.EnvelopeIdResolver  - exit engineResolve,
> result: XMLSignatureInput/Element/[soapenv:Body: null] exclude null
> comments:false/null
>
> 59819283 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:Transform", "null")
>
> 59819284 [http-8443-1] DEBUG
> org.apache.xml.security.utils.DigesterOutputStream  - Pre-digested input:
>
> 59819285 [http-8443-1] DEBUG
> org.apache.xml.security.utils.DigesterOutputStream  - <soapenv:Body
> xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> wsu:Id="id-1640824304"><ns1:PostRq xmlns:ns1="
> http://www.ACORD.org/Standards/AcordMsgSvc/1.4.0
> "><ns1:Sender><ns1:PartyId>urn:duns:912345678</ns1:PartyId><ns1:PartyRoleCd>Reinsurer</ns1:PartyRoleCd></ns1:Sender><ns1:Receiver><ns1:PartyId>urn:duns:123456789</ns1:PartyId><ns1:PartyRoleCd>Broker</ns1:PartyRoleCd></ns1:Receiver><ns1:Application><ns1:ApplicationCd>AML</ns1:ApplicationCd><ns1:SchemaVersion>
> http://www.acord.org/schema/data/draft/ReusableDataComponents/1
> </ns1:SchemaVersion></ns1:Application><ns1:TimeStamp>2016-02-26T09:28:05Z</ns1:TimeStamp><ns1:MsgItem><ns1:MsgId>3d3dcd60-dc6b-11e5-8d07-de2796627f3b</ns1:MsgId><ns1:MsgTypeCd>RiskBoundReportProcess</ns1:MsgTypeCd></ns1:MsgItem><ns1:SecurityProfileCd>Basic</ns1:SecurityProfileCd><ns1:WorkFolder><ns1:MsgFile><ns1:FileId>cid:7F1C53A91C91DAC48E088DB79E1014A2</ns1:FileId><ns1:FileFormatCd>text/xml</ns1:FileFormatCd></ns1:MsgFile></ns1:WorkFolder></ns1:PostRq></soapenv:Body>
>
> 59819285 [http-8443-1] DEBUG org.apache.xml.security.signature.Reference
> - Verification successful for URI "#id-1640824304"
>
> 59819285 [http-8443-1] DEBUG org.apache.xml.security.signature.Manifest  -
> The Reference has Type
>
> 59819285 [http-8443-1] DEBUG org.apache.ws.security.TIME  - Verify: total=
> 57, prepare-cert= 18, verify= 39
>
> 59819285 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ds:Transform", "null")
>
> 59819287 [http-8443-1] DEBUG org.apache.ws.security.TIME  - processHeader:
> total 180, prepare 1, handle 179
>
>
>
>
>
>
>
>
>
> *Signature Validation Log – B*
>
> 75811797 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  -
> enter processSecurityHeader()
>
> 75811802 [http-8443-1] DEBUG org.apache.ws.security.WSSecurityEngine  -
> Processing WS-Security header for '' actor.
>
> 75811858 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315OmitComments)
>
> 75811859 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315WithComments)
>
> 75811860 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclOmitComments)
>
> 75811860 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments,
> org.apache.xml.security.c14n.implementations.Canonicalizer20010315ExclWithComments)
>
> 75811862 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11,
> org.apache.xml.security.c14n.implementations.Canonicalizer11_OmitComments)
>
> 75811862 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Canonicalizer.register(http://www.w3.org/2006/12/xml-c14n11#WithComments,
> org.apache.xml.security.c14n.implementations.Canonicalizer11_WithComments)
>
> 75811865 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2000/09/xmldsig#base64,
> org.apache.xml.security.transforms.implementations.TransformBase64Decode)
>
> 75811866 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/TR/2001/REC-xml-c14n-20010315,
> org.apache.xml.security.transforms.implementations.TransformC14N)
>
> 75811867 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments,
> org.apache.xml.security.transforms.implementations.TransformC14NWithComments)
>
> 75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2006/12/xml-c14n11,
> org.apache.xml.security.transforms.implementations.TransformC14N11)
>
> 75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2006/12/xml-c14n11#WithComments,
> org.apache.xml.security.transforms.implementations.TransformC14N11_WithComments)
>
> 75811868 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#,
> org.apache.xml.security.transforms.implementations.TransformC14NExclusive)
>
> 75811869 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2001/10/xml-exc-c14n#WithComments,
> org.apache.xml.security.transforms.implementations.TransformC14NExclusiveWithComments)
>
> 75811870 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/TR/1999/REC-xpath-19991116,
> org.apache.xml.security.transforms.implementations.TransformXPath)
>
> 75811870 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2000/09/xmldsig#enveloped-signature,
> org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature)
>
> 75811871 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/TR/1999/REC-xslt-19991116,
> org.apache.xml.security.transforms.implementations.TransformXSLT)
>
> 75811872 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2002/04/xmldsig-filter2,
> org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
>
> 75811872 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> Transform.register(http://www.w3.org/2002/06/xmldsig-filter2,
> org.apache.xml.security.transforms.implementations.TransformXPath2Filter)
>
> 75811875 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Init() called
>
> 75811877 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#dsa-sha1,
> org.apache.xml.security.algorithms.implementations.SignatureDSA)
>
> 75811877 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2000/09/xmldsig#dsa-sha1
> org.apache.xml.security.algorithms.implementations.SignatureDSA
>
> 75811878 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#rsa-sha1,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1)
>
> 75811878 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2000/09/xmldsig#rsa-sha1
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1
>
> 75811879 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2000/09/xmldsig#hmac-sha1,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1)
>
> 75811880 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2000/09/xmldsig#hmac-sha1
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA1
>
> 75811880 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(http://www.w3.org/2001/04/xmldsig-more#rsa-md5,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5)
>
> 75811880 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-md5
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSAMD5
>
> 75811880 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160)
>
> 75811880 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSARIPEMD160
>
> 75811881 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256)
>
> 75811881 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA256
>
> 75811881 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha384,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384)
>
> 75811881 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA384
>
> 75811882 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha512,
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512)
>
> 75811882 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA512
>
> 75811883 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1,
> org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1)
>
> 75811883 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1
> org.apache.xml.security.algorithms.implementations.SignatureECDSA$SignatureECDSASHA1
>
> 75811883 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-md5,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5)
>
> 75811883 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-md5
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacMD5
>
> 75811884 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160)
>
> 75811884 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacRIPEMD160
>
> 75811884 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha256,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256)
>
> 75811884 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA256
>
> 75811885 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha384,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384)
>
> 75811885 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA384
>
> 75811885 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> SignatureAlgorithm.register(
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha512,
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512)
>
> 75811885 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Try to register
> http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
> org.apache.xml.security.algorithms.implementations.IntegrityHmac$IntegrityHmacSHA512
>
> 75811893 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP:
> A simple resolver for requests to HTTP space
>
> 75811895 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem:
> A simple resolver for requests to the local file system
>
> 75811895 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverFragment: A
> simple resolver for requests of same-document URIs
>
> 75811896 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.utils.resolver.implementations.ResolverXPointer: A
> simple resolver for requests of XPointer fragents
>
> 75811898 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.RSAKeyValueResolver:
> Can extract RSA public keys
>
> 75811899 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.DSAKeyValueResolver:
> Can extract DSA public keys
>
> 75811900 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolver:
> Can extract public keys from X509 certificates
>
> 75811900 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509SKIResolver:
> Uses an X509v3 SubjectKeyIdentifier extension to retrieve a certificate
> from the storages
>
> 75811901 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.RetrievalMethodResolver:
> Resolves keys and certificates using ResourceResolvers
>
> 75811902 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver:
> Uses an X509 SubjectName to retrieve a certificate from the storages
>
> 75811903 [http-8443-1] DEBUG org.apache.xml.security.Init  - Register
> Resolver:
> org.apache.xml.security.keys.keyresolver.implementations.X509IssuerSerialResolver:
> Uses an X509 IssuerName and IssuerSerial to retrieve a certificate from the
> storages
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind prefixes:
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind ds to http://www.w3.org/2000/09/xmldsig#
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind xenc to http://www.w3.org/2001/04/xmlenc#
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind experimental to http://www.xmlsecurity.org/experimental#
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind dsig-xpath-old to http://www.w3.org/2002/04/xmldsig-filter2
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind dsig-xpath to http://www.w3.org/2002/06/xmldsig-filter2
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind ec to http://www.w3.org/2001/10/xml-exc-c14n#
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  - Now I try to
> bind xx to
> http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_init                             73 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
>  XX_prng                           0 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_parsing                        11 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_i18n                 3 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_c14n             12 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_jcemapper        4 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
>  XX_configure_reg_keyInfo          8 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_keyResolver      7 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_prefixes         0 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_resourceresolver 5 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_sigalgos         13 ms
>
> 75811904 [http-8443-1] DEBUG org.apache.xml.security.Init  -
> XX_configure_reg_transforms       10 ms
>
> 75811934 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The
> provider BC was added at position: 2
>
> 75811936 [http-8443-1] DEBUG org.apache.ws.security.util.Loader  -
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>
> java.lang.ClassNotFoundException:
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>
>                 at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680)
>
>                 at
> org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526)
>
>                 at
> org.apache.ws.security.util.Loader.loadClass(Loader.java:185)
>
>                 at
> org.apache.ws.security.WSSConfig.loadProvider(WSSConfig.java:605)
>
>                 at
> org.apache.ws.security.WSSConfig.addJceProvider(WSSConfig.java:662)
>
>                 at
> org.apache.ws.security.WSSConfig.staticInit(WSSConfig.java:306)
>
>                 at
> org.apache.ws.security.WSSConfig.<init>(WSSConfig.java:324)
>
>                 at
> org.apache.ws.security.WSSConfig.getNewInstance(WSSConfig.java:333)
>
>                 at
> org.apache.ws.security.WSSConfig.getDefaultWSConfig(WSSConfig.java:342)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.getWssConfig(WSSecurityEngine.java:157)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:320)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:198)
>
>                 at
> com.perspective.onMessage.core.Utils.WSSecurityModule.processMessage(WSSecurityModule.java:226)
>
>                 at
> com.perspective.onMessage.core.messaging.SrvRequestMessageLogHandler.invoke(SrvRequestMessageLogHandler.java:214)
>
>                 at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>
>                 at
> org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>
>                 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>
>                 at
> org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
>
>                 at
> org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>
>                 at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>
>                 at
> org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454)
>
>                 at
> org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
>
>                 at
> org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
>
>                 at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>
>                 at
> org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
>
>                 at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>
>                 at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>
>                 at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>
>                 at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
>
>                 at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>
>                 at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>
>                 at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>
>                 at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
>
>                 at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
>
>                 at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
>
>                 at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
>
>                 at java.lang.Thread.run(Thread.java:662)
>
> 75811937 [http-8443-1] DEBUG org.apache.ws.security.WSSConfig  - The
> provider JuiCE could not be added:
> org.apache.security.juice.provider.JuiCEProviderOpenSSL
>
> 75811938 [http-8443-1] DEBUG
> org.apache.ws.security.processor.SignatureProcessor  - Found signature
> element
>
> 75811938 [http-8443-1] DEBUG
> org.apache.ws.security.processor.SignatureProcessor  - Verify XML Signature
>
> 75811940 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ns2:Signature", "null")
>
> 75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ns2:SignedInfo", "null")
>
> 75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ns2:SignatureMethod", "null")
>
> 75811943 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ns2:KeyInfo", "null")
>
> 75811947 [http-8443-1] DEBUG org.apache.xml.security.utils.ElementProxy  -
> setElement("ns2:X509IssuerSerial", "")
>
> 75811949 [http-8443-1] DEBUG
> org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial  -
> X509SerialNumber text: 604358
>
> 75811958 [http-8443-1] INFO
> org.apache.ws.security.message.token.SecurityTokenReference  -
> X509IssuerSerial alias: lloyds-exch
>
> 75811959 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - SignatureMethodURI =
> http://www.w3.org/2000/09/xmldsig#rsa-sha1
>
> 75811959 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.SignatureAlgorithm  - Create URI "
> http://www.w3.org/2000/09/xmldsig#rsa-sha1" class "class
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA$SignatureRSASHA1"
>
> 75811959 [http-8443-1] DEBUG org.apache.xml.security.algorithms.JCEMapper
> - Request for URI http://www.w3.org/2000/09/xmldsig#rsa-sha1
>
> 75811959 [http-8443-1] DEBUG
> org.apache.xml.security.algorithms.implementations.SignatureBaseRSA  -
> Created SignatureRSA using SHA1withRSA
>
> 75811976 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - jceSigAlgorithm    =
> SHA1withRSA
>
> 75811976 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - jceSigProvider     = BC
>
> 75811977 [http-8443-1] DEBUG
> org.apache.xml.security.signature.XMLSignature  - PublicKey = Sun RSA
> public key, 2048 bits
>
>   modulus:
> 26430731384825362242696808077633199711202753670797332780727536659131960813652566992350509167921393013813366003748544038538461902188890311123165826467140044341011862766176978150742269203625151938990165544929787829837938988000820998332488145317091742337954792664993194742301362562495035781177387750692860723060672603654968039388568042893668467974917933369415902977464977413736394694476283767728239077206845772427531671068443654802074780748359829021441038851112407179903997173832621234910670461653199651463640776709030791759891654422491840524696846497795438748682591298012408472585017460957223048794672235177868443588973
>
>   public exponent: 65537
>
> 75811984 [http-8443-1] DEBUG
> org.apache.xml.security.utils.SignerOutputStream  - Canonicalized
> SignedInfo:
>
> 75811984 [http-8443-1] DEBUG
> org.apache.xml.security.utils.SignerOutputStream  - <ns2:SignedInfo
> xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"><ns2:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ns2:CanonicalizationMethod><ns2:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ns2:SignatureMethod><ns2:Reference
> URI="#Id-005f3bba-d023-1004-8580-6239465f8fb3"><ns2:Transforms><ns2:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ns2:Transform></ns2:Transforms><ns2:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1
> "></ns2:DigestMethod><ns2:DigestValue>+wCLGGkbQHYmNneaAf+/+k2QXdM=</ns2:DigestValue></ns2:Reference></ns2:SignedInfo>
>
> 75811990 [http-8443-1] WARN
> org.apache.xml.security.signature.XMLSignature  - Signature verification
> failed.
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811994 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811995 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811996 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811997 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPush (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.utils.NSStack  - NSPop (32)
>
> 75811998 [http-8443-1] DEBUG org.apache.axis.i18n.ProjectResourceBundle  -
> org.apache.axis.i18n.resource::handleGetObject(empty00)
>
>
>
>
>
>
>
> -----Original Message-----
> From: "Colm O hEigeartaigh" <[hidden email]>
> Sent: Thursday, 25 February, 2016 14:05
> To: [hidden email]
> Subject: Re: WS-Security digital signature validation
>
> It's impossible to say what the problem is without access to the signature
> validation logs. Turn on DEBUG logging and it should tell you what the
> problem is. All of WSS4J 1.5.x is deprecated and no longer supported by the
> way.
>
> Colm.
>
> On Thu, Feb 25, 2016 at 12:12 PM, Sam Amarteifio <
> [hidden email]> wrote:
>
>> We are currently using the WSS4J (version 1.5.3) with Axis 1.4 for our
>> WS-Security digital signature validation.
>>
>>
>>
>> We use the WSSecurityEngine.ProcessSecurityHeader method to validate the
>> signature in the security header.
>>
>>
>>
>> The issue we are experiencing here is that the signature validation is
>> successful for one form of security header (Header A. see below) and fails
>> for another form of security header (Header B. see below). You will notice
>> a difference in the construct of the ‘<wsse:Security’> and ‘<ds:Signature>’
>> elements in respect of their namespace definitions.
>>
>>
>>
>> Please could someone enlighten us if we are doing something wrong or do
>> we need to upgrade to a particular version of the WSS4J WS-Security
>> library, please note we are bound at the moment to Axis 1.4.
>>
>>
>>
>> Regards,
>> Sam
>>
>>
>>
>>
>>
>> Header A.
>>
>>
>>
>> <soapenv:Envelope xmlns:soapenv="
>> http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="
>> http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="
>> http://www.w3.org/2001/XMLSchema" xmlns:xsi="
>> http://www.w3.org/2001/XMLSchema-instance">
>>
>>                 <SOAP-ENV:Header xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/">
>>
>>                                 <wsse:Security
>> SOAP-ENV:mustUnderstand="1" xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
>> ">
>>
>>                                                 <ds:Signature xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>>
>>
>> <ds:SignedInfo>
>>
>>
>> <ds:CanonicalizationMethod Algorithm="
>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>
>>
>> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> "/>
>>
>>
>> <ds:Reference URI="#id-38">
>>
>>
>> <ds:Transforms>
>>
>>
>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>
>>
>> </ds:Transforms>
>>
>>
>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>
>>
>> <ds:DigestValue>vIxJAh8EITqs1uZPiC1yrt4H2DU=</ds:DigestValue>
>>
>>
>> </ds:Reference>
>>
>>
>> </ds:SignedInfo>
>>
>>
>> <ds:SignatureValue>zcaDiNn0om913HKIryt1+S4EPWXHIKH8bsQTdGDKlUepfv5yMJTLPA9PNecyAAMDF3GuT096lR5WjB2IJQClOoCobbabofvjr7GbfHV8XQLRPiykGKd8+IuiKEKHqyxClUi5strXIOw5ppFnEHkfib2h2YJQzjSptmke7PsAixgh5mDkDranYHNUE3+zdRFeLyC0ZFCeyMD45+tkdnr6koV1di5Z+dJggo4EbWIUv20OUdPblZaw6B82uMondZ/iK/Em8qniMz3FPf583vySkBlb+kLecDPrB/DidYtyDnuFicxsD2pdJ9KsPApXr5dpsnoBITiw8ZubVFbE3uZl1g==</ds:SignatureValue>
>>
>>
>> <ds:KeyInfo>
>>
>>
>> <wsse:SecurityTokenReference
>> wsu:Id="Id-18fe8f24-d993-1004-81fe-8f8827f68a2b" xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>>
>>
>> <ds:X509Data>
>>
>>
>> <ds:X509IssuerSerial>
>>
>>
>> <ds:X509IssuerName>CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust
>> Inc.,C=US</ds:X509IssuerName>
>>
>>
>>                 <ds:X509SerialNumber>604358</ds:X509SerialNumber>
>>
>>
>> </ds:X509IssuerSerial>
>>
>>
>> </ds:X509Data>
>>
>>
>> </wsse:SecurityTokenReference>
>>
>>
>> </ds:KeyInfo>
>>
>>                                                 </ds:Signature>
>>
>>                                 </wsse:Security>
>>
>>                 </SOAP-ENV:Header>
>>
>>                 <soapenv:Body wsu:Id="id-38" xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>>
>>                                 ......
>>
>>                 </soapenv:Body>
>>
>> </soapenv:Envelope>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Header B.
>>
>>
>>
>> <soapenv:Envelope xmlns:soapenv="
>> http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="
>> http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="
>> http://www.w3.org/2001/XMLSchema" xmlns:xsi="
>> http://www.w3.org/2001/XMLSchema-instance">
>>
>>                 <SOAP-ENV:Header xmlns:SOAP-ENV="
>> http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#" xmlns:wsa="
>> http://www.w3.org/2005/08/addressing"
>>
>>                                  xmlns:wsse="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> "
>>
>>                                  xmlns:xenc="
>> http://www.w3.org/2001/04/xmlenc#">
>>
>>                                 <wsse:Security
>> SOAP-ENV:mustUnderstand="1">
>>
>>                                                 <ds:Signature>
>>
>>
>> <ds:SignedInfo>
>>
>>
>>                 <ds:CanonicalizationMethod Algorithm="
>> http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>
>>
>> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1
>> "/>
>>
>>
>> <ds:Reference URI="#MainBody">
>>
>>
>> <ds:Transforms>
>>
>>
>> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>>
>>
>> </ds:Transforms>
>>
>>
>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>
>>
>>
>> <ds:DigestValue>20WF+Eg2mHpaHbvKWVasYdNoFsw=</ds:DigestValue>
>>
>>
>> </ds:Reference>
>>
>>
>> </ds:SignedInfo>
>>
>>
>> <ds:SignatureValue>J4ItDIaW2ak6R1UwdQEHMpQHpdjZVVqsx5mxTUjVoFwRNBPpbIua54mdaIZnJJpl06AdZ1i04Kl4yx4xkvd+IzDEWvAISu0CeCQDgmB+R2BfcHwtVtqBi04lGNyIdPZJVv2y9Y5VUywgtWvOLuwydXKVpy9uA5j47LDfEuI0YbrK6+I8d6bfD+aO0I6q7+yHU6iZOUchv920r3eVMGjNfihMag80qRBPzScIWnH3kWp2iOCCJi8Q/O5nTwUI8DwW7EJXvMPVPouDzzbxYekQuOEG+GdumXKcfmeOqCDd9cqflbyUbTOpB5fFVu2qmqVOsVStNzGNn15vH8SHuibXvA==</ds:SignatureValue>
>>
>>
>> <ds:KeyInfo>
>>
>>
>> <wsse:SecurityTokenReference
>> wsu:Id="Id-fb589ba8-d9bb-1004-8f49-10246a7582f9">
>>
>>
>> <ds:X509Data>
>>
>>
>> <ds:X509IssuerSerial>
>>
>>
>> <ds:X509IssuerName>CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of
>> use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust
>> Network,O=VeriSign\, Inc.,C=US</ds:X509IssuerName>
>>
>>
>>
>> <ds:X509SerialNumber>62129071348004622724048880787045315607</ds:X509SerialNumber>
>>
>>
>> </ds:X509IssuerSerial>
>>
>>
>> </ds:X509Data>
>>
>>
>> </wsse:SecurityTokenReference>
>>
>>
>> </ds:KeyInfo>
>>
>>                                                 </ds:Signature>
>>
>>                                 </wsse:Security>
>>
>>                 </SOAP-ENV:Header>
>>
>>                 <soapenv:Body Id="MainBody" xmlns:wsu="
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
>> ">
>>
>>                 ........
>>
>>                 </soapenv:Body>
>>
>> </soapenv:Envelope>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com