Closed glassfishrobot closed 16 years ago
Reported by vivekp@java.net
ashutoshshahi@java.net said: This bug occurred with non optimized security; with optimized security, which is now the default, it should no longer be an issue as we use only three prefixes - S, wsu, and wsse inside prefix list - and all of them are declared on the soap envelope itself.
Can someone verify if this is still an issue as I do not have the setup to run Indigo to Tango test. I am marking this issue as fixed
mmatula@java.net said: This issue was fixed before we created 1.0 branch, so the fix is in 1.0 -> setting target milestone to say so.
Was assigned to ashutoshshahi@java.net
This issue was imported from java.net JIRA WSIT-209
Marked as fixed on Tuesday, July 22nd 2008, 10:44:57 am
This is the issue that was reported by deepak to kirill. The bug is that with WCF Sept CTP, indigo client fails with WSIT Secure MTOM endpoints. Look at the end of the description for Kirills' evaluation of the problem on WCF client side and possible workarounds.
HEre is the mail from Deepak with details on the failure:
Am trying to run MTOM interop scenarios with the private plug-fest CTP, that was provided by Indigo team. When I run Indigo client against Tango endpoint, all SOAP1.1 sign-only MTOM scenarios fail throwing same exception.
Am not getting any exception on the Tango endpoint side. The exception thrown by the Indigo client is what is in the subject of the mail. The exception stack-trace, from Indigo client and SOAP message logs, obtained from the Tango endpoint side are attached. They both are from EchoBinaryAsString scenario (but the exception is the same for all scenarios).
Just FYI, didn't see this issue in SOAP1.1 sign+encrypt MTOM scenarios.
Can you please ask your team to investigate this issue?
Thanks, -Deepak
System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ServiceModel.Security.MessageSecurityException: Message security verification failed. ---> System.ArgumentNullException: Value cannot be null. Parameter name: ns at System.Xml.XmlBaseWriter.WriteXmlnsAttribute(String prefix, String ns) at System.IdentityModel.CanonicalizationDriver.WriteTo(Stream canonicalStream) at System.IdentityModel.ExclusiveCanonicalizationTransform.ProcessReaderInput(XmlReader reader, SignatureResourcePool resourcePool, HashStream hashStream) at System.IdentityModel.ExclusiveCanonicalizationTransform.ProcessAndDigest(Object input, SignatureResourcePool resourcePool, HashAlgorithm hash, DictionaryManager dictionaryManger) at System.IdentityModel.ExclusiveCanonicalizationTransform.ProcessAndDigest(Object input, SignatureResourcePool resourcePool, String digestAlgorithm, DictionaryManager dictionaryManager) at System.IdentityModel.TransformChain.TransformToDigest(Object data, SignatureResourcePool resourcePool, String digestMethod, DictionaryManager dictionaryManager) at System.IdentityModel.Reference.ComputeDigest() at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource) at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.EnsureDigestValidityIfIdMatches(SignedInfo signedInfo, String id, XmlDictionaryReader reader, Boolean doSoapAttributeChecks, MessagePartSpecification signatureParts, MessageHeaderInfo info, Boolean checkForTokensAtHeaders) at System.ServiceModel.Security.WSSecurityOneDotZeroReceiveSecurityHeader.ExecuteMessageProtectionPass(Boolean hasAtLeastOneSupportingTokenExpectedToBeSigned) at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout) at System.ServiceModel.Security.MessageSecurityProtocol.ProcessSecurityHeader(ReceiveSecurityHeader securityHeader, Message& message, SecurityToken requiredSigningToken, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Security.AsymmetricSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) — End of inner exception stack trace —
Server stack trace: at System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates) at System.ServiceModel.Channels.SecurityChannelFactory
1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout) at System.ServiceModel.Channels.SecurityChannelFactory
1.SecurityRequestChannel.Request(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at IMtomTest.EchoBinaryAsString(Byte[] array) at MtomTestClient.EchoBinaryAsString(Byte[] array) — End of inner exception stack trace — at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.RuntimeType.InvokeMember(String name, BindingFlags bindingFlags, Binder binder, Object target, Object[] providedArgs, ParameterModifier[] modifiers, CultureInfo culture, String[] namedParams) at Microsoft.Xws.Test.Suite.Util.WsdlTestUtilities.DynamicProxy.DynamicObject.CallMethod(String method, Object[] parameters) at XwsInterop.HostedClient.HostedClientSoapImpl.TestMtomMethods(DynamicProxy proxy, Boolean enableSecurity, String operationName) at XwsInterop.HostedClient.HostedClientSoapImpl.runScenario(String featureName, String scenarioName, HostedClientParameter[] parameters)
Oct 18, 2006 2:38:37 PM com.sun.xml.wss.impl.filter.DumpFilter process INFO: ==== Received Message Start ==== <?xml version="1.0" encoding="UTF-8"?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<o:Security
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
s:mustUnderstand="1">
2006-10-18T09:08:39.640Z</u:Created>
2006-10-18T09:13:39.640Z</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
u:Id="uuid-14f9af59-b20e-4afc-a130-6a5ce65d8986-642">MIIDDDCCAfSgAwIBAgIQM6YEf7FVYx/tZyEXgVComTANBgkqhkiG9w0BAQUFADAwMQ4wDAYDVQQKDAVPQVNJUzEeMBwGA1UEAwwVT0FTSVMgSW50ZXJvcCBUZXN0IENBMB4XDTA1MDMxOTAwMDAwMFoXDTE4MDMxOTIzNTk1OVowQjEOMAwGA1UECgwFT0FTSVMxIDAeBgNVBAsMF09BU0lTIEludGVyb3AgVGVzdCBDZXJ0MQ4wDAYDVQQDDAVBbGljZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoqi99By1VYo0aHrkKCNT4DkIgPL/SgahbeKdGhrbu3K2XG7arfD9tqIBIKMfrX4Gp90NJa85AV1yiNsEyvq+mUnMpNcKnLXLOjkTmMCqDYbbkehJlXPnaWLzve+mW0pJdPxtf3rbD4PS/cBQIvtpjmrDAU8VsZKT8DN5Kyz+EZsCAwEAAaOBkzCBkDAJBgNVHRMEAjAAMDMGA1UdHwQsMCowKKImhiRodHRwOi8vaW50ZXJvcC5iYnRlc3QubmV0L2NybC9jYS5jcmwwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBQK4l0TUHZ1QV3V2QtlLNDm+PoxiDAfBgNVHSMEGDAWgBTAnSj8wes1oR3WqqqgHBpNwkkPDzANBgkqhkiG9w0BAQUFAAOCAQEABTqpOpvW+6yrLXyUlP2xJbEkohXHI5OWwKWleOb9hlkhWntUalfcFOJAgUyH30TTpHldzx1+vK2LPzhoUFKYHE1IyQvokBN2JjFO64BQukCKnZhldLRPxGhfkTdxQgdf5rCK/wh3xVsZCNTfuMNmlAM6lOAg8QduDah3WFZpEA0s2nwQaCNQTNMjJC8tav1CBr6+E5FAmwPXP7pJxn9Fw9OXRyqbRA4v2y7YpbGkG2GI9UvOHw6SGvf4FRSthMMO35YbpikGsLix3vAsXWWi4rwfVOYzQK0OFPNi9RMCUdSH06m9uLWckiCxjos0FQODZE9l4ATGy9s9hNVwryOJTw==</o:BinarySecurityToken>