Error in processing endorsing signature if no sign parts is specified.

[glassfishrobot]

If the policy in the wsdl contains:

1. EndorsingSupportingToken 2. but no SignParts so that only Timestamp is signed with primary signature

Then on the service side, an exception is thrown when process the endorsing signature:

WSITPVD0035: Error in Verifying Security in Inbound Message. javax.xml.ws.WebServiceException: Could not find Reference #_1 under Signature with ID_4 at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSignature(SecurityRecipient.java:1264) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.createMessage(SecurityRecipient.java:790) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:230) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:549) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:333) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:244) at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:172) at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:133)

Here is the request message:

<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:exc14n="http://www.w3.org/2001/10/xml-exc-c14n#"><To xmlns="http://www.w3.org/2005/08/addressing">[http://localhost:8080/PingService/PingService](http://localhost:8080/PingService/PingService)<Action xmlns="http://www.w3.org/2005/08/addressing">[http://server.simple/Ping/pingRequest](http://server.simple/Ping/pingRequest)<ReplyTo xmlns="http://www.w3.org/2005/08/addressing">

[http://www.w3.org/2005/08/addressing/anonymous](http://www.w3.org/2005/08/addressing/anonymous)

<MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:6d34d29d-1ee0-4300-8a35-05185394869a<wsse:Security S:mustUnderstand="1"><wsu:Timestamp xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="_3">2009-08-21T20:59:22Z</wsu:Created>2009-08-21T21:04:22Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" wsu:Id="uuid_05a09fd0-edfd-4e10-baab-4b89b01739ea" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDDzCCAnigAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEMMAoGA1UEChMDU1VOMQwwCgYDVQQLEwNKV1MxDjAMBgNVBAMTBVNVTkNBMB4XDTA3MDMxMjEwMjQ0MFoXDTE3MDMwOTEwMjQ0MFowbzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UECxMDU1VOMRowGAYDVQQDExF4d3NzZWN1cml0eWNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvYxVZKIzVdGMSBkW4bYnV80MV/RgQKV1bf/DoMTX8laMO45P6rlEarxQiOYrgzuYp+snzz2XM0S6o3JGQtXQuzDwcwPkH55bHFwHgtOMzxG4SQ653a5Dzh04nsmJvxvbncNH/XNaWfHaC0JHBEfNCMwRebYocxYM92pq/G5OGyECAwEAAaOB2zCB2DAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/mItfvuFdS7A0GCysE71TFRxP2cwfgYDVR0jBHcwdYAUZ7plxs6VyOOOTSFyojDV0/YYjJWhUqRQME4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMQwwCgYDVQQKEwNTVU4xDDAKBgNVBAsTA0pXUzEOMAwGA1UEAxMFU1VOQ0GCCQDbHkJaq6KijjANBgkqhkiG9w0BAQQFAAOBgQBEnRdcQeMyCYqOHw2jbPOPUlvu07bZe7sI3ly/Qz+4mkrFctqMSupghQtLv9dZcqDOUFLCGMse7+l5MG00VawzsoVe242iXzJB111ePzhhppIPOHXXtflj/JD2U4Qz75C/dfdd5AAZbqGSFtZh7pyE8Ot1vOq7R48/bHuvTsEVUQ==</wsse:BinarySecurityToken><xenc:EncryptedKey xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_5002"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" /><ds:KeyInfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="keyInfo">CN=SUNCA, OU=JWS, O=SUN, ST=Some-State, C=AU</ds:X509IssuerName>2</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo>YmP2n5j9JXtIM15wD4zLLgGTpTywGEVOJQKUwkal9nOVtO6W7pdVvRbjyuXrEwe2LzIqEEeTyNvJBfHCsZsBK5y7yAS4Mr1jZn9eAgrYaAC6nPJAfrcGE9GvNkvW/z9ykeqhKUIWW0aq37v5X+c1FqH/CEhjZs4oWN5kL6uxoJg=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey><ds:Signature xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_1"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsse S" /></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" /><ds:Reference URI="#_3"><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />F9XrI4qdunRQYzVUK9pg7aM3gM2jJfpD++LJkLqi4Mw=</ds:DigestValue></ds:Reference></ds:SignedInfo>7YayZ/pVUcadiex1kUagdIKPF8A=</ds:SignatureValue><wsse:SecurityTokenReference wsu:Id="uuid_369782d4-0269-45e0-8536-24fdbbccfed5"><wsse:Reference ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" URI="#_5002" /></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature><ds:Signature xmlns:ns19="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity" xmlns:ns18="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" xmlns:ns17="http://www.w3.org/2003/05/soap-envelope" Id="_4"><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsse S" /></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><ds:Reference URI="#_1"><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><exc14n:InclusiveNamespaces PrefixList="wsu wsse S" /></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />bLeYXyQmCKuq19kWrjIjaXwp11tw0XO6/On4Ks0hjdo=</ds:DigestValue></ds:Reference></ds:SignedInfo>t1hI2hNYK4eEN8WdmrhVR9b9/lKXRUmIxS3GDO0Bxs7A0K7a/Lqaz2+MWjN03C3urr+JKk0GtWlTLGGhiQYGS0/MEdVqYDIlXXjTz/uMiTJCqS9cNqC1q9mmZ4JwpCV/lbKbjSQUNFyIIOOH7p2T+9vAd1PD/hRz4IZrUQABXBM=</ds:SignatureValue><wsse:Reference ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" URI="#uuid_05a09fd0-edfd-4e10-baab-4b89b01739ea" /></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></S:Header><ns2:ping xmlns:ns2="http://server.simple/">hello</ns2:ping></S:Body></S:Envelope>

Environment

Operating System: All Platform: All

Affected Versions

[current]

[glassfishrobot]

Reported by jdg6688@java.net

[glassfishrobot]

sm228678@java.net said: we fixed it.please check ..

[glassfishrobot]

Was assigned to kumarjayanti@java.net

[glassfishrobot]

This issue was imported from java.net JIRA WSIT-1217

[glassfishrobot]

Marked as fixed on Tuesday, August 25th 2009, 4:04:07 pm