esig / dss-demonstrations

Examples of DSS integration
GNU Lesser General Public License v2.1
95 stars 70 forks source link

Demo WebApp v5.7 is unable to produce T, LT, LTA signatures #17

Closed plaidshirtakos closed 4 years ago

plaidshirtakos commented 4 years ago

I use SOAP webservice to sign files with DSS DemoWebapp v5.7. B level signatures are OK via webservice, but got error message, when try to create T, LT, LTA signatures. Example parameter set:

<digestAlgorithm>SHA256</digestAlgorithm>
<encryptionAlgorithm>RSA</encryptionAlgorithm>
<signatureLevel>XAdES_BASELINE_LT</signatureLevel>
<signaturePackaging>ENVELOPING</signaturePackaging>

Error message in Tomcat:

2020-09-30 07:34:36,812  INFO | http-nio-8080-exec-9 | e.e.e.d.w.s.common.Remote
DocumentSignatureServiceImpl   | SignDocument in process...
2020-09-30 07:34:36,827  INFO | http-nio-8080-exec-9 | eu.europa.esig.dss.xades.
signature.XAdESLevelBaselineT  | ====> Extending: IN MEMORY DOCUMENT
2020-09-30 07:34:36,831  INFO | http-nio-8080-exec-9 | eu.europa.esig.dss.valida
tion.CommonCertificateVerifier | + New CommonCertificateVerifier created.
2020-09-30 07:34:36,842  INFO | http-nio-8080-exec-9 | e.e.esig.dss.xades.valida
tion.XAdESCertificateSource    | +XAdESCertificateSource
2020-09-30 07:34:36,843  WARN | http-nio-8080-exec-9 | org.apache.xml.security.s
ignature.XMLSignature          | Signature verification failed.
2020-09-30 07:34:36,843  WARN | http-nio-8080-exec-9 | eu.europa.esig.dss.xades.
validation.XAdESSignature      | Determining signing certificate from certificat
e candidates list failed: [Certificate #1: Signature verification failed]
2020-09-30 07:34:36,853  WARN | http-nio-8080-exec-9 | org.apache.cxf.phase.Phas
eInterceptorChain              | Application {http://soap.signature.ws.dss.esig.
europa.eu/}SoapDocumentSignatureServiceImplService#{http://signature.dss.esig.eu
ropa.eu/}signDocument has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Cryptographic signature verification has faile
d / Certificate #1: Signature verification failed
        at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractIn
voker.java:162)
        at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.createFault(AbstractJ
AXWSMethodInvoker.java:267)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker
.java:128)
        at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSM
ethodInvoker.java:232)
        at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.jav
a:85)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker
.java:74)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInv
okerInterceptor.java:59)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:51
1)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInv
okerInterceptor.java:126)
        at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecu
tor.java:37)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(Se
rviceInvokerInterceptor.java:131)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercept
orChain.java:308)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainIniti
ationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(Abstract
HTTPDestination.java:267)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(
ServletController.java:234)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletCont
roller.java:208)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletCont
roller.java:160)
        at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpr
ingServlet.java:225)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(Ab
stractHTTPServlet.java:301)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractH
TTPServlet.java:220)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(Abstract
HTTPServlet.java:276)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:320)
        at org.springframework.security.web.access.ExceptionTranslationFilter.do
Filter(ExceptionTranslationFilter.java:118)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.session.SessionManagementFilter.doFi
lter(SessionManagementFilter.java:137)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.authentication.AnonymousAuthenticati
onFilter.doFilter(AnonymousAuthenticationFilter.java:111)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.servletapi.SecurityContextHolderAwar
eRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.savedrequest.RequestCacheAwareFilter
.doFilter(RequestCacheAwareFilter.java:63)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.authentication.logout.LogoutFilter.d
oFilter(LogoutFilter.java:116)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.header.HeaderWriterFilter.doHeadersA
fter(HeaderWriterFilter.java:92)
        at org.springframework.security.web.header.HeaderWriterFilter.doFilterIn
ternal(HeaderWriterFilter.java:77)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
equestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.context.SecurityContextPersistenceFi
lter.doFilter(SecurityContextPersistenceFilter.java:105)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.context.request.async.WebAsyncManage
rIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
equestFilter.java:119)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.
doFilter(FilterChainProxy.java:334)
        at org.springframework.security.web.FilterChainProxy.doFilterInternal(Fi
lterChainProxy.java:215)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChai
nProxy.java:178)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
elegatingFilterProxy.java:358)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
ingFilterProxy.java:271)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:199)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:96)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:543)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:139)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:81)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce
ssLogValve.java:690)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:87)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:343)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java
:615)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLig
ht.java:65)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(Abstract
Protocol.java:818)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpo
int.java:1627)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBas
e.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
read.java:61)
        at java.lang.Thread.run(Thread.java:748)
Caused by: eu.europa.esig.dss.model.DSSException: Cryptographic signature verifi
cation has failed / Certificate #1: Signature verification failed
        at eu.europa.esig.dss.xades.signature.ExtensionBuilder.assertSignatureVa
lid(ExtensionBuilder.java:138)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT.extendSignatur
eTag(XAdESLevelBaselineT.java:165)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineLT.extendSignatu
reTag(XAdESLevelBaselineLT.java:62)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT.extendSignatur
es(XAdESLevelBaselineT.java:141)
        at eu.europa.esig.dss.xades.signature.XAdESLevelBaselineT.extendSignatur
es(XAdESLevelBaselineT.java:80)
        at eu.europa.esig.dss.xades.signature.XAdESService.signDocument(XAdESSer
vice.java:156)
        at eu.europa.esig.dss.xades.signature.XAdESService.signDocument(XAdESSer
vice.java:55)
        at eu.europa.esig.dss.ws.signature.common.RemoteDocumentSignatureService
Impl.signDocument(RemoteDocumentSignatureServiceImpl.java:157)
        at eu.europa.esig.dss.ws.signature.soap.SoapDocumentSignatureServiceImpl
.signDocument(SoapDocumentSignatureServiceImpl.java:48)
        at sun.reflect.GeneratedMethodAccessor384.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(Abst
ractInvoker.java:179)
        at org.apache.cxf.jaxws.JAXWSMethodInvoker.performInvocation(JAXWSMethod
Invoker.java:66)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker
.java:96)
        ... 70 common frames omitted
2020-09-30 07:34:36,855  INFO | http-nio-8080-exec-9 | o.a.cxf.services.SoapDocu
mentSignatureService.FAULT_OUT | FAULT_OUT
    Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:
b2bcdddf-cba3-4955-b901-42f5fbeb50d3"; start="<root.message@cxf.apache.org>"; st
art-info="text/xml"
    ResponseCode: 500
    ExchangeId: 1cb2250b-fabb-40e1-89bd-aaed0194b36e
    ServiceName: SoapDocumentSignatureServiceImplService
    PortName: SoapDocumentSignatureServiceImplPort
    PortTypeName: SoapDocumentSignatureService
    Headers: {}
    Payload:
--uuid:b2bcdddf-cba3-4955-c451-42f5fbec50d3
Content-Type: application/xop+xml; charset=UTF-8; type="text/xml"
Content-Transfer-Encoding: binary
Content-ID: <root.message@cxf.apache.org>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body
><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Cryptographic signat
ure verification has failed / Certificate #1: Signature verification failed</fau
ltstring></soap:Fault></soap:Body></soap:Envelope>

These are OK on UI side with use of NexU.