[
https://issues.apache.org/jira/browse/CXF-6900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15306924#comment-15306924
]
Michael Smith commented on CXF-6900:
------------------------------------
With 3.1.7-SNAPSHOT, signature verification succeeds. However there's another
problem processing the fault:
{noformat}
May 30, 2016 3:42:48 PM
com.sun.xml.internal.messaging.saaj.soap.ver1_2.Fault1_2Impl
checkIfStandardFaultCode
SEVERE: SAAJ0435: Sender is not a standard Code value
May 30, 2016 3:42:48 PM com.sun.xml.internal.messaging.saaj.soap.impl.FaultImpl
setFaultCode
SEVERE: SAAJ0140: Empty/Null NamespaceURI specified for faultCode fc1:Sender
{noformat}
Here's the pre-digested input. The <Fault><Code><Value> of "Sender" looks OK to
my untrained eye; it's unqualified, but the default namespace in that block is
http://www.w3.org/2003/05/soap-envelope so it should be OK.
{code:xml}
<s:Body xmlns:s="http://www.w3.org/2003/05/soap-envelope";
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
u:Id="_1">
<Fault xmlns="http://www.w3.org/2003/05/soap-envelope";>
<Code><Value>Sender</Value></Code>
<Reason><Text xml:lang="en-US">CustomerNotFound</Text></Reason>
</Fault>
</s:Body>
{code}
> invalid signature in case of soap fault
> ---------------------------------------
>
> Key: CXF-6900
> URL: https://issues.apache.org/jira/browse/CXF-6900
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 3.0.3
> Environment: windows 2008 jdk 1.6.0_45
> Reporter: david leruse
> Assignee: Colm O hEigeartaigh
> Fix For: 3.1.7
>
> Attachments: server7.log
>
>
> Hello,
> Having signature verification problems on the cxf client-side with a .NET
> Ws-fed protected webservice, I ask you a little help...
> Here is a summary of the problem :
> Most of the time, communication works well excepted when we got a soap fault
> message.
> Indeed signature validation works usually well excepted when
> we receive a fault message inside the body of the soap message. Even In this
> boundary case, signature verification works well excepted for one element,
> the fault message (see the enclosed server7.log file).
> After digging a bit, i've found that the calculated digest couldn't be equal
> to the claimed one because the content of the message given to the
> DigesterOutpustrream is not well canonicalized or normalized.
> Partial decrypted msg
> ...
> <s:Body u:Id="_3">
> <Fault
> xmlns="http://www.w3.org/2003/05/soap-envelope";><Code><Value>DataNotFoundFault</Value></Code><Reason><Text
> xml:lang="nl-BE">ContextContactInfo with Id '1' does not
> exist.</Text></Reason><Detail><DataNotFoundFault
> xmlns="http://schemas.riziv.fgov.be/contact/2015/08/faults";
> xmlns:i="http://www.w3.org/2001/XMLSchema-instance";><ErrorCode>ContextContactInfoNotFound</ErrorCode><Message>ContextContactInfo
> with Id '1' does not exist.</Message></DataNotFoundFault></Detail></Fault>
> </s:Body>
> ...
> Predigested input :
> <s:Body xmlns:s="http://www.w3.org/2003/05/soap-envelope";
> xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
> u:Id="_3"><env:Fault><Code
> xmlns="http://www.w3.org/2003/05/soap-envelope";><Value>DataNotFoundFault</Value></Code><Reason
> xmlns="http://www.w3.org/2003/05/soap-envelope";><Text
> xml:lang="nl-BE">ContextContactInfo with Id '1' does not
> exist.</Text></Reason><env:Detail><DataNotFoundFault
> xmlns="http://schemas.riziv.fgov.be/contact/2015/08/faults";><ErrorCode>ContextContactInfoNotFound</ErrorCode><Message>ContextContactInfo
> with Id '1' does not
> exist.</Message></DataNotFoundFault></env:Detail></env:Fault></s:Body>
> Could you please check this problem and give me an advice ?
> The library used are :
> cxf 3.0.3
> wss4j 2.0.2
> xmlsec 2.0.2
> on a jdk 1.6.0_45
> Thanks in advance
> David L
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
