Forum Discussion

Ivan_Chung's avatar
Ivan_Chung
New Contributor
16 years ago

The signature or decryption was invalid

Dear all:

I have a project with following WS-Security setting:
1) incoming (encryption and signature).
2) outgoing (encryption and signature).
3) A keystore with my privatey key and server's public key.

Everything work fine in SOAPUI 2.0.2. But in Version 2.5.1, I got the error "WSSecurityException: The signature or decryption was invalid" while getting the incoming response.

org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:429)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)


It seems that the encryption is OK but the signature is not. It's quite strange cause everything is fine in version 2.0.2.

Also, I've checked my server's log, the server can verify the signature and decrypt the request message without any problem.  It just the SOAPUI cannot verify the response.

Any help would be very appreciated.


Regards
Ivan
  • Ivan_Chung's avatar
    Ivan_Chung
    New Contributor
    I've try again with the nightly build (2.5.2) but with no luck. It's still the same.
  • JamesV's avatar
    JamesV
    New Contributor
    Just had a look at the bug list.  There is a similar issue there in bug 2721567.

    I tried disabling Pretty Printing and now the signature is valid.

    So it seems true that pretty printing is done before signature verification.  At least there is a workaround.
  • I get the same behavior with 2.5.1.

    When I run 2.0.2, signature verification succeeds. Same project, same ws-security configuration between the two.

  • Fredrik_Granstr's avatar
    Fredrik_Granstr
    Occasional Contributor
    Hi, I might have the same problem. This is signature is generated with SoapUI 3.0 (Signature Algorithm = X509 Certificate)
    -
    -
      MIIEFzC......
     

     


    If I read the standard, http://docs.oasis-open.org/wss/2004/01/ ... le-1.0.pdf, (page=8, line 209). Then it says that the ValueTypeUri has to be "X509 SubjectKeyIdentifier". This is not the case in SoapUI as you can see above. Is this an error in SoapUI or am I reading the standard in a wrong way.

    If I change Sequrity Algorithm to Binary Sequrity Token it work fine.
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    Hi everyone.

    the pretty-print issue will finally be fixed in the upcoming 3.0 nightly build. Sorry for the long delay on this..

    regards,

    /Ole
    eviware.com