aaron-kumar
commented
1 year ago @evgenywork : Thanks for reporting this. We will analyze and would take respective action after analyzing case.
Closed evgenywork closed 7 months ago
aaron-kumar
commented
1 year ago @evgenywork : Thanks for reporting this. We will analyze and would take respective action after analyzing case.
aaron-kumar
commented
1 year ago Also reported by "Peppol France PoC" Oxalis user. Probably they are also sending to AP which is using same implementation as used by Austrian Central AP . We will go through Peppol AS4 specification and will take necessary action.
dladlk
commented
1 year ago From what I see, https://www.erechnung.gv.at/as4 returns unencrypted and unsigned response in pure SOAP Envelope:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<S12:Envelope xmlns:S12="http://www.w3.org/2003/05/soap-envelope">
<S12:Header>
<eb:Messaging xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
xmlns:ebbp="http://docs.oasis-open.org/ebxml-bp/ebbp-signals-2.0"
xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns3="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xlink="http://www.w3.org/1999/xlink"
wsu:Id="phase4-msg-825fb7c7-c46f-4a48-808a-960960a009c4">
<eb:SignalMessage>
<eb:MessageInfo>
<eb:Timestamp>2023-06-09T15:04:34.029+02:00</eb:Timestamp>
<eb:MessageId>3026e747-172b-4e35-b851-ee4c45d9602c@phase4</eb:MessageId>
<eb:RefToMessageId>7d2454ec-7515-4c27-99d3-c52e44010a48</eb:RefToMessageId>
</eb:MessageInfo>
<eb:Error category="Content" errorCode="EBMS:0004" refToMessageInError="7d2454ec-7515-4c27-99d3-c52e44010a48" severity="failure" shortDescription="Other">
<eb:Description xml:lang="en">Invoked AS4 message processor SPI at.gv.brz.erb.webapp.peppol.as4.ERBAS4MessageProcessorSPI@691f2e7a on '7d2454ec-7515-4c27-99d3-c52e44010a48'
returned a failure: [ER-AS4] Invalid business document provided via AS4:
[error] [error] in Invoice/LegalMonetaryTotal/PrepaidAmount The <PrepaidAmount> element is not supported!
[error] [error] in PaymentMeans[0] The PaymentMeansCode '48' is invalid. For credit/debit transfer use 30, 31, 42, 58 and for direct debit use 59.
[error] [error] in Invoice A payment method must be provided.</eb:Description>
<eb:ErrorDetail>An undefined error occurred.</eb:ErrorDetail>
</eb:Error>
</eb:SignalMessage>
</eb:Messaging>
</S12:Header>
<S12:Body/>
</S12:Envelope>I hardly imagine how it can be correct, as business errors should be signed. An unsigned response can be generated if the protocol requirements are not satisfied, but here we have a case where the document is considered invalid by Schematron (although I do not understand this neither, as the test document is valid by Peppol BIS3 schematron validation rules...).
So my point here is that the implementation from Austrian Central AP rejects invalid documents without signature - although it is possible to generate a signed rejection document!
Here is an example of Oxalis response on an invalid payload - it includes Header\Security tag with signatures and non-empty Body:
<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header>
<eb:Messaging xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="true" wsu:Id="_73bb29ec-ebe9-4187-82a5-cd729b3baa48">
<eb:SignalMessage>
<eb:MessageInfo>
<eb:Timestamp>2023-06-09T13:16:08.728Z</eb:Timestamp>
<eb:MessageId>cc157195-06c7-11ee-8169-0242ac110012@domibus.eu</eb:MessageId>
<eb:RefToMessageId>0989568d-f6e7-416f-bc90-b3985a5f088d@NB-DLK.truelink.dk.local</eb:RefToMessageId>
</eb:MessageInfo>
<eb:Error category="CONTENT" errorCode="EBMS:0004" origin="ebMS" refToMessageInError="0989568d-f6e7-416f-bc90-b3985a5f088d@NB-DLK.truelink.dk.local" severity="failure" shortDescription="Other">
<eb:Description xml:lang="">Other</eb:Description>
<eb:ErrorDetail>DELIS:INVALID_BY_XSD</eb:ErrorDetail>
</eb:Error>
</eb:SignalMessage>
</eb:Messaging>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="true">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="G68ad00c8-ece7-4ccf-8a39-9f891410bc22">MIID2jCCAsKgAwIBAgIE...jo1VUPgP</wsse:BinarySecurityToken>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-ebb426f2-2e93-47c9-94c3-0b7ed178bdd2">MIID2jCCAsKgAwIBAgIE....LHI1SRn</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-328914b3-9ba2-48f1-962e-de19a1877fcb">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="env"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_d318f067-9428-4502-9349-2420d4d116a3">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>Ul5qM/M8N/1SPVf5wGEjntCl6Z2iU3rHjlutQyc6uE8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#_73bb29ec-ebe9-4187-82a5-cd729b3baa48">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>zi9VUKk7KDyc07O8lcJrD77WZbcwE0+WGpmnGb2uVuE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>mUF/Dm6Ha+ZuNQ6WWl9mJ4HJ...dFw4OFztY1nBglIoUGS8ahaTR0qii59A==</ds:SignatureValue>
<ds:KeyInfo Id="KI-c0e8a9e7-4f26-44cb-83cb-0cf9150eecf5">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STR-9a8b59a1-e0b3-482a-a22b-735de69e113a">
<wsse:Reference URI="#X509-ebb426f2-2e93-47c9-94c3-0b7ed178bdd2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</env:Header>
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_d318f067-9428-4502-9349-2420d4d116a3">
<env:Fault>
<env:Code>
<env:Value>env:Receiver</env:Value>
</env:Code>
<env:Reason>
<env:Text xml:lang="en">An error occurred while processing your request. Please check the message header for more details.</env:Text>
</env:Reason>
</env:Fault>
</env:Body>
</env:Envelope>Looking into OASIS AS4 Profile of ebMS 3.0 Version 1.0 specification: http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html#__RefHeading__26446_1909778835
5.1.4 Signing Messages
a) AS4 MSH implementations are REQUIRED to use Detached Signatures as defined by the XML Signature Specification [XMLDSIG] when signing AS4 user or signal messages. Enveloped Signatures as defined by [XMLDSIG] are not supported by or authorized in this profile.
b) AS4 MSH implementations are REQUIRED to include the entire eb:Messaging SOAP header block and the (possibly empty) SOAP Body in the signature. The eb:Messaging header SHOULD be referenced using the “id” attribute.
I am not sure what was meant under "AS4 Error Message" - as ebMS specification defines only 4 types of messages:
And I would say that Signal Message Error should be signed...
dladlk
commented
1 year ago Finally, both eDeliveryAS4Policy.xml and eDeliveryAS4Policy_BST.xml (BST stays for BinarySecurityToken) specify that Header/Messaging should be signed:
phax
commented
1 year ago Hi guys, This is a general design decision in the phase4 implementation, following the ebMS 3 specification.
Ebms Core 3.0 specification mentions a lot about signing etc., but it never mentions "signed Errors". It only mentions "Signed Receipts" - e,g, in http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/core/os/ebms_core-3.0-spec-os.html#7.12.2.Persistent%20Signed%20Receipt|outline
The advanced features also only mentions "Signed Receipt" as in http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/part2/201004/cs01/ebms-v3.0-part2-cs01.html#__RefHeading__435897_822242408
So my conclusion, crosschecking with a spec lead at that time was, that Error messages are not signed. However, I am trying figure out if there are better references then the ones I found above.
hth, Philip
dladlk
commented
1 year ago Hello Philip,
thank you for your comment!
What do you think about this part of the spec:
AS4 MSH implementations are REQUIRED to include the entire eb:Messaging SOAP header block and the (possibly empty) SOAP Body in the signature.
The Error messages in this discussion are those, which have Error tag as /env:Envelope/env:Header/eb:Messaging/eb:SignalMessage/eb:Error - so for me it looks like a requirement in ANY message to sign the whole eb:Messaging contents...
phax
commented
1 year ago Well, according to one of the spec leads, there is no specific statement if errors should be signed or not.
But you must always consider the case, that a PMode was not found on the receiver side so you don't know if and how you should sign - from a generic AS4 perspective. For Peppol we could always know it.
As neither OpenPeppol AS4 specification nor CEF eDelivery makes a statement about this, both versions (signed and unsigned) are correct I would say.
phax
commented
1 year ago Maybe I add something here. Consider the "default AS4" case, where you have bilateral agreement between 2 exchanging parties. In that case it might be that for one party you respond with a signed Receipt, in others you don't. In case you cannot find the matching PMode on the receiver side, you don't know whether you should sign or not.
I assume that is the reason, why there is no "SHOULD" or similar statement in the AS4 specification.
The best way forward, from my point of view, would be to file a request for change to the Peppol Service Desk, elaborating the problem and requesting to also sign Error Messages. I don't see any technical issue hindering always signed Receipts in the context of Peppol only.
Legione85
commented
1 year ago Hello,
We have the same issue, is there any workaround it can be used to avoid this problem or a fix is the only way to overcome this problem?
Thanks
phax
commented
1 year ago I suggest to add to the discussion at https://github.com/OxalisCommunity/Oxalis-AS4/discussions/210 - this is the issue only
dladlk
commented
1 year ago Hello @Legione85 , could you please file a change request at Peppol Service Desk to fix TestBed so that it signs errors too like it is suggested by @phax in above comment https://github.com/OxalisCommunity/Oxalis-AS4/issues/205#issuecomment-1597272387 ?
As a workaround to see the actual error message you can look into suggestions at https://github.com/OxalisCommunity/Oxalis-AS4/issues/212#issuecomment-1623108233
But it is mostly errors like here (if you work with TestBed) - https://github.com/OxalisCommunity/Oxalis-AS4/issues/212#issuecomment-1630643197 ( Unable to correlate request with Document's Identifier [POP000581-2-20230703T135007] )
It could be also that the sent payload is not valid.
phax
commented
1 year ago In general, Oxalis should be able to handle unsigned errors - it is used in the network. Modifying the Testbed is only fighting the symptoms, but not the reasons....
dladlk
commented
1 year ago Hello Philip @phax, as I see it, Domibus 5.0 also does not trust unsigned rejections:
eu.domibus.core.ebms3.EbMS3Exception: Error dispatching message to https://www.erechnung.gv.at/as4
at eu.domibus.core.ebms3.EbMS3ExceptionBuilder.build(EbMS3ExceptionBuilder.java:27)
at eu.domibus.core.ebms3.sender.client.MSHDispatcher.dispatch(MSHDispatcher.java:80)
at eu.domibus.core.ebms3.sender.client.MSHDispatcher$$FastClassBySpringCGLIB$$a76b2dc5.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createTimer(MetricsAspect.java:42)
at eu.domibus.core.metrics.MetricsAspect.surroundWithATimer(MetricsAspect.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createCounter(MetricsAspect.java:64)
at eu.domibus.core.metrics.MetricsAspect.surroundWithACounter(MetricsAspect.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
at eu.domibus.core.ebms3.sender.client.MSHDispatcher$$EnhancerBySpringCGLIB$$de77b73b.dispatch(<generated>)
at eu.domibus.core.ebms3.sender.AbstractUserMessageSender.sendMessage(AbstractUserMessageSender.java:159)
at eu.domibus.core.ebms3.sender.AbstractUserMessageSender$$FastClassBySpringCGLIB$$59f1bb50.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createTimer(MetricsAspect.java:42)
at eu.domibus.core.metrics.MetricsAspect.surroundWithATimer(MetricsAspect.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createCounter(MetricsAspect.java:64)
at eu.domibus.core.metrics.MetricsAspect.surroundWithACounter(MetricsAspect.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
at eu.domibus.core.ebms3.sender.UserMessageSender$$EnhancerBySpringCGLIB$$ef0acb02.sendMessage(<generated>)
at eu.domibus.core.ebms3.sender.MessageSenderService.sendUserMessage(MessageSenderService.java:80)
at eu.domibus.core.ebms3.sender.MessageSenderService$$FastClassBySpringCGLIB$$cd596518.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createTimer(MetricsAspect.java:42)
at eu.domibus.core.metrics.MetricsAspect.surroundWithATimer(MetricsAspect.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createCounter(MetricsAspect.java:64)
at eu.domibus.core.metrics.MetricsAspect.surroundWithACounter(MetricsAspect.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
at eu.domibus.core.ebms3.sender.MessageSenderService$$EnhancerBySpringCGLIB$$3aca0914.sendUserMessage(<generated>)
at eu.domibus.core.ebms3.sender.MessageSenderListener.sendUserMessage(MessageSenderListener.java:38)
at eu.domibus.core.ebms3.sender.AbstractMessageSenderListener.onMessage(AbstractMessageSenderListener.java:66)
at eu.domibus.core.ebms3.sender.MessageSenderListener.onMessage(MessageSenderListener.java:33)
at eu.domibus.core.ebms3.sender.MessageSenderListener$$FastClassBySpringCGLIB$$dbdaf2b1.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createTimer(MetricsAspect.java:42)
at eu.domibus.core.metrics.MetricsAspect.surroundWithATimer(MetricsAspect.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
at eu.domibus.core.metrics.MetricsAspect.createCounter(MetricsAspect.java:64)
at eu.domibus.core.metrics.MetricsAspect.surroundWithACounter(MetricsAspect.java:52)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:634)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:624)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:72)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:175)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:708)
at eu.domibus.core.ebms3.sender.MessageSenderListener$$EnhancerBySpringCGLIB$$6123797f.onMessage(<generated>)
at org.springframework.jms.listener.AbstractMessageListenerContainer.doInvokeListener(AbstractMessageListenerContainer.java:761)
at org.springframework.jms.listener.AbstractMessageListenerContainer.invokeListener(AbstractMessageListenerContainer.java:699)
at org.springframework.jms.listener.AbstractMessageListenerContainer.doExecuteListener(AbstractMessageListenerContainer.java:674)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.doReceiveAndExecute(AbstractPollingMessageListenerContainer.java:331)
at org.springframework.jms.listener.AbstractPollingMessageListenerContainer.receiveAndExecute(AbstractPollingMessageListenerContainer.java:270)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.invokeListener(DefaultMessageListenerContainer.java:1237)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:1127)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: javax.xml.ws.soap.SOAPFaultException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: Soap Body is not SIGNED
at org.apache.cxf.jaxws.DispatchImpl.mapException(DispatchImpl.java:285)
at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:330)
at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:241)
at eu.domibus.core.ebms3.sender.client.MSHDispatcher.dispatch(MSHDispatcher.java:69)
... 149 common frames omitted
Caused by: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied:
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement
{http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: Soap Body is not SIGNED
at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179)
at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102)
at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:831)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1702)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1571)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1371)
at org.apache.cxf.ext.logging.LoggingOutputStream.postClose(LoggingOutputStream.java:53)
at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:228)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
at org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:349)
at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:322)
... 151 common frames omitted
Checked it by sending from Domibus to a static URL which always returns
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Envelope xmlns="http://www.w3.org/2003/05/soap-envelope">
<Header>
<eb:Messaging
xmlns:eb="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="phase4-msg-825fb7c7-c46f-4a48-808a-960960a009c4">
<eb:SignalMessage>
<eb:MessageInfo>
<eb:Timestamp>2023-06-09T15:04:34.029+02:00</eb:Timestamp>
<eb:MessageId>3026e747-172b-4e35-b851-ee4c45d9602c@phase4</eb:MessageId>
<eb:RefToMessageId>7d2454ec-7515-4c27-99d3-c52e44010a48</eb:RefToMessageId>
</eb:MessageInfo>
<eb:Error category="Content" errorCode="EBMS:0004"
refToMessageInError="7d2454ec-7515-4c27-99d3-c52e44010a48"
severity="failure"
shortDescription="Other">
<eb:Description xml:lang="en">Some error</eb:Description>
<eb:ErrorDetail>An undefined error occurred.</eb:ErrorDetail>
</eb:Error>
</eb:SignalMessage>
</eb:Messaging>
</Header>
<Body/>
</Envelope>and also to the access point in this issue.
Stacktrace is quite similar to Oxalis, because Domibus is also based on Apache CXF.
dladlk
commented
1 year ago In general, I would say that trusting unsigned responses - including rejections - looks wrong from the security point of view.
Signed response guarantee, that it was generated by the correct party, as it includes information who signed it. Unsigned rejections open a way to easily interfere into communication channel (let's ignore https for a moment) and make sender to believe that the payload was rejected, as it is only 2 dynamic parts in the response XML - Timestamp and RefToMessageId, and RefToMessageId can be extracted from unencrypted part of request XML.
In a general AS4 implementation there can be cases when an endpoint, which serves different standards by the same URL, can have not enough information to detect the security policy requirements, but in case of Peppol network (and Oxalis-AS4 is implementation of only PEPPOL AS4 pMode) it is always known...
I would say that each access point in Peppol network should do the best to sign errors, so the sender can trust them...
In terms of "AS4 Profile of ebMS 3.0 Version 1.0", I would say that rejection is just a type of Signal Message - Error, and it is required to be signed:
BTW, do you know any other Peppol-compliant access point implementations which trust unsigned responses?
Legione85
commented
1 year ago Hello @Legione85 , could you please file a change request at Peppol Service Desk to fix TestBed so that it signs errors too like it is suggested by @phax in above comment #205 (comment) ?
As a workaround to see the actual error message you can look into suggestions at #212 (comment)
But it is mostly errors like here (if you work with TestBed) - #212 (comment) ( Unable to correlate request with Document's Identifier [POP000581-2-20230703T135007] )
It could be also that the sent payload is not valid.
Hi @dladlk ,
Thanks for the suggestions, unfortunately the workaround doesn't seem to work. As you wrote we have the problem when the documents has something wrong but with generic error on the sign of the answer we can't figure it out what's wrong. Now we are trying a different way to understand what's wrong in our report.
aaron-kumar
commented
9 months ago Oxalis is following specification. It is further clarified with specification group.
phax
commented
8 months ago Fyi I implemented potential Error Message signing in phase4 2.7.0. Nevertheless you still need to be able to deal with unsigned Error Messages, because in some cases signing is NOT possible.
ViaductAB
commented
7 months ago @aaron-kumar I have emailed you regarding the same issue i just found here and in #210 We have this issue with Oxalis 6.4.0 when we try to send Peppol reports. Philip Helger states that there are cases where signing is omitted no matter what. Is there work ongoing to resolve this or is there a workaround in Oxalis that makes it possible for us to see the actual error message?
dladlk
commented
7 months ago You can try this one: https://github.com/dladlk/oxalis-as4-unsigned-error
aaron-kumar
commented
7 months ago @ViaductAB : as discussed, fix is already there in phase4 2.7.0. Hopefully OpenPeppol Testbed will deploy this soon. Cases where it will be still unsigned message will be related to certificate, see : https://github.com/phax/phase4/issues/188
We are trying to send invoices to Austrian Central AP ("9915:b" Participant ID), but getting error message (see below). Sending to many other countries and access points works fine.
We are using Oxalis AS4 5.0.1 and also tested on oxalis 5.5.0.
We also contacted Austrian support and received following message: "The problem is most likely, that we are rejecting your invoice with an AS4 Error Message. AS4 Error Messages cannot, unlike AS4 Receipts, be signed (see the OASIS AS4 1.0 specification for details). Hence, please contact your Oxalis vendor and get your application fixed, so that it does handle the error message correctly."
How can we configure our Oxalis installation to handle AS4 Error Messages? And why does this problem only occur with the Austrian access point, shouldn't the standard be the same for everyone and work universally?
Error message:
2023-04-26 18:49:09,275 WARN [org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl] No assertion builder for type {http://oxalis.network/custom/security-policy}Basic128GCMSha256MgfSha256 registered. 2023-04-26 18:49:11,300 ERROR [org.apache.cxf.ws.policy.PolicyVerificationInInterceptor] Inbound policy verification failed: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: Soap Body is not SIGNED 2023-04-26 18:49:11,303 WARN [org.apache.cxf.phase.PhaseInterceptorChain] Interceptor for {oxalis.network/}outbound-service#{http://cxf.apache.org/jaxws/dispatch}Invoke has thrown exception, unwinding now org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: Soap Body is not SIGNED at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179) at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102) at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:829) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1696) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1570) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1371) at org.apache.cxf.ext.logging.LoggingOutputStream.postClose(LoggingOutputStream.java:53) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:228) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314) at org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:349) at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:322) at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:241) at network.oxalis.as4.outbound.As4MessageSender.invoke(As4MessageSender.java:105) at network.oxalis.as4.outbound.As4MessageSender.send(As4MessageSender.java:89) at network.oxalis.as4.outbound.As4MessageSenderFacade.send(As4MessageSenderFacade.java:20) at network.oxalis.api.outbound.MessageSender.send(MessageSender.java:59) at network.oxalis.outbound.transmission.DefaultTransmitter.perform(DefaultTransmitter.java:149) at network.oxalis.outbound.transmission.DefaultTransmitter.transmit(DefaultTransmitter.java:93) at eu.sendregning.oxalis.TransmissionTask.performTransmission(TransmissionTask.java:166) at eu.sendregning.oxalis.TransmissionTask.call(TransmissionTask.java:94) at eu.sendregning.oxalis.TransmissionTask.call(TransmissionTask.java:48) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) 2023-04-26 18:49:11,318 ERROR [eu.sendregning.oxalis.Main] Execution failed: network.oxalis.as4.lang.OxalisAs4TransmissionException: Failed to send message java.util.concurrent.ExecutionException: network.oxalis.as4.lang.OxalisAs4TransmissionException: Failed to send message at java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.util.concurrent.FutureTask.get(FutureTask.java:192) at eu.sendregning.oxalis.Main.main(Main.java:225) Caused by: network.oxalis.as4.lang.OxalisAs4TransmissionException: Failed to send message at network.oxalis.as4.outbound.As4MessageSender.invoke(As4MessageSender.java:108) at network.oxalis.as4.outbound.As4MessageSender.send(As4MessageSender.java:89) at network.oxalis.as4.outbound.As4MessageSenderFacade.send(As4MessageSenderFacade.java:20) at network.oxalis.api.outbound.MessageSender.send(MessageSender.java:59) at network.oxalis.outbound.transmission.DefaultTransmitter.perform(DefaultTransmitter.java:149) at network.oxalis.outbound.transmission.DefaultTransmitter.transmit(DefaultTransmitter.java:93) at eu.sendregning.oxalis.TransmissionTask.performTransmission(TransmissionTask.java:166) at eu.sendregning.oxalis.TransmissionTask.call(TransmissionTask.java:94) at eu.sendregning.oxalis.TransmissionTask.call(TransmissionTask.java:48) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: javax.xml.ws.soap.SOAPFaultException: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: Soap Body is not SIGNED at org.apache.cxf.jaxws.DispatchImpl.mapException(DispatchImpl.java:285) at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:330) at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:241) at network.oxalis.as4.outbound.As4MessageSender.invoke(As4MessageSender.java:105) ... 14 common frames omitted Caused by: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can not be satisfied: {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token: The received token does not match the token inclusion requirement {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}SignedParts: Soap Body is not SIGNED at org.apache.cxf.ws.policy.AssertionInfoMap.checkEffectivePolicy(AssertionInfoMap.java:179) at org.apache.cxf.ws.policy.PolicyVerificationInInterceptor.handle(PolicyVerificationInInterceptor.java:102) at org.apache.cxf.ws.policy.AbstractPolicyInterceptor.handleMessage(AbstractPolicyInterceptor.java:44) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:829) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1696) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1570) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1371) at org.apache.cxf.ext.logging.LoggingOutputStream.postClose(LoggingOutputStream.java:53) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:228) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:671) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314) at org.apache.cxf.endpoint.ClientImpl.invokeWrapped(ClientImpl.java:349) at org.apache.cxf.jaxws.DispatchImpl.invoke(DispatchImpl.java:322) ... 16 common frames omitted Total time spent: 3s Attempted to send 0 files Failed transmissions: 1