Security Exception : Signature Verification Failed Error
246 views
Skip to first unread message
Yuvaraj P V
Jun 26, 2015, 7:48:21 AM6/26/15
to wse...@googlegroups.com
Dear Richard ,
Thanks for wonderful library. im using your library and im getting a error message . i dont know where im doing wrong. please help me to fix this issue. When i run in soapui it is working fine. but when i run the php code im getting "Security Exception : Signature Verification Failed Error".
In the server im getting the following log
[2015-06-24 11:16:33,061] WARN uuid:3f6c703f-05e6-85e8-6b62-a4fa343cd54f [org.apache.ws.security.validate.SignatureTrustValidator] [[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)']: No SubjectDN Certificate Constraints were defined. This could be a security issue
i compared our xml with the soapui generated xml and found that soapui included the following block
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=xxxxxxxxx,OU=Terms and Conditions of use: http://www.digi-sign.com/repository,O=Digi-Sign Limited,L=xxxxxxxxxxxx,ST=xxxxxxx,C=xxxxxx</ds:X509IssuerName>
<ds:X509SerialNumber>25245444438933132383239393433321326333337433</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
So i added the following code in the soap-wsse.php under addEncryptedKey function ( attached the file with this )
$X509Data = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509Data');
$tokenRef->appendChild($X509Data);
$X509IssuerSerial = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509IssuerSerial');
$X509Data->appendChild($X509IssuerSerial);
$serial = $this->getIssuerName($options["ServiceCertificate"]);
$X509IssuerName = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509IssuerName',$serial);
$X509IssuerSerial->appendChild($X509IssuerName);
$serialNumber = $this->getSerialNumber($options["ServiceCertificate"]);
$X509IssuerNumber = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509SerialNumber',$serialNumber);
$X509IssuerSerial->appendChild($X509IssuerNumber);
Second thing i noticed is that they are adding Action, From , To , Messageid as the last node in the header . but we are entering as the first node in the soap header . is that really matters
i cant able to figure the issue. wil you please help me out
Thanks for wonderful library. im using your library and im getting a error message . i dont know where im doing wrong. please help me to fix this issue. When i run in soapui it is working fine. but when i run the php code im getting "Security Exception : Signature Verification Failed Error".
In the server im getting the following log
[2015-06-24 11:16:33,061] WARN uuid:3f6c703f-05e6-85e8-6b62-a4fa343cd54f [org.apache.ws.security.validate.SignatureTrustValidator] [[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)']: No SubjectDN Certificate Constraints were defined. This could be a security issue
i compared our xml with the soapui generated xml and found that soapui included the following block
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=xxxxxxxxx,OU=Terms and Conditions of use: http://www.digi-sign.com/repository,O=Digi-Sign Limited,L=xxxxxxxxxxxx,ST=xxxxxxx,C=xxxxxx</ds:X509IssuerName>
<ds:X509SerialNumber>25245444438933132383239393433321326333337433</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
So i added the following code in the soap-wsse.php under addEncryptedKey function ( attached the file with this )
$X509Data = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509Data');
$tokenRef->appendChild($X509Data);
$X509IssuerSerial = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509IssuerSerial');
$X509Data->appendChild($X509IssuerSerial);
$serial = $this->getIssuerName($options["ServiceCertificate"]);
$X509IssuerName = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509IssuerName',$serial);
$X509IssuerSerial->appendChild($X509IssuerName);
$serialNumber = $this->getSerialNumber($options["ServiceCertificate"]);
$X509IssuerNumber = $objDoc->createElementNS('http://www.w3.org/2000/09/xmldsig#', 'dsig:X509SerialNumber',$serialNumber);
$X509IssuerSerial->appendChild($X509IssuerNumber);
Second thing i noticed is that they are adding Action, From , To , Messageid as the last node in the header . but we are entering as the first node in the soap header . is that really matters
i cant able to figure the issue. wil you please help me out
Reply all
Reply to author
Forward
0 new messages