search

javaee / metro-wsit

https://javaee.github.io/metro-wsit/
Other
9 stars 24 forks source link

digest verification failure #1694

Open glassfishrobot opened 9 years ago

glassfishrobot commented 9 years ago

I'm running the client on:

And the server side on:

The problem is that if the java web service method throws an exception, the c# client fails with a digest validation error. I tried the same front end with webservices-rt-2.1.1 and it works fine. The problems seems to have been introduced in webservices-rt-2.2

This is the stack trace from the c# client:

| Error | TestSystemException | The signature verification failed. Please see inner exception for fault details. System.ServiceModel.Security.MessageSecurityException: The signature verification failed. Please see inner exception for fault details. ---> System.Security.Cryptography.CryptographicException: Digest verification failed for Reference '#_5006'. at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.EnsureDigestValidityIfIdMatches(SignedInfo signedInfo, String id, XmlDictionaryReader reader, Boolean doSoapAttributeChecks, MessagePartSpecification signatureParts, MessageHeaderInfo info, Boolean checkForTokensAtHeaders) — End of inner exception stack trace — |

Server stack trace: at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.EnsureDigestValidityIfIdMatches(SignedInfo signedInfo, String id, XmlDictionaryReader reader, Boolean doSoapAttributeChecks, MessagePartSpecification signatureParts, MessageHeaderInfo info, Boolean checkForTokensAtHeaders) at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ExecuteMessageProtectionPass(Boolean hasAtLeastOneSupportingTokenExpectedToBeSigned) at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy) at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Security.SymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

Environment

Windows client/Linux server

Affected Versions

[2.2, 2.3]

glassfishrobot commented 9 years ago

Reported by aginga

glassfishrobot commented 9 years ago

Was assigned to miroslav.kos

glassfishrobot commented 7 years ago

This issue was imported from java.net JIRA WSIT-1694