Rodgers Andati
Reputation: 151
The signature or decryption was invalid
I need to hit a webservice using Java over https. I have been provided with keys and certificates in a jks store. I have also been provided with sample soap message below which works on soap UI
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:clic="http://www.xxxx.com/xxx/schema/foundation/service/TestSchema">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-10205c90-231b-4430-8ec1-429e022d1c79">
<wsu:Created>2018-07-23T13:00:06.981Z</wsu:Created>
<wsu:Expires>2018-12-23T13:16:46.981Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Gd9c929cb-1e7f-42b6-93dc-a48ed8bdcd33">MIIC9DCCAl2gAwIBAgICASAwDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAtNYWhhcmFzaHRyYTEPMA0GA1UEBwwGTXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEQURNUzENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA3MTAxNTA2NTlaFw0xOTA3MTAxNTA2NTlaMGwxCzAJBgNVBAYTAmluMRQwEgYDVQQIEwttYWhhcmFzaHRyYTEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczERMA8GA1UEAxMId3NzZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoNuOqHEg2gwhJqU5/qJ97+nBZU5pR7plAvGjfsqdTRb8Qd/UBRkVWPaSWxVJm6yERi4km2qwoOetDiPRnedj32QJu2tUs0N52lTG/DGAHBHkinkUOTNfBwWlWSz8hvpCuz7GvbSGi1EQyOGBJq6OgDaSYbmwpHXDhYl6iaW/MjAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSVjKcFNjOT+RJyfHywsmDe3odF2zAfBgNVHSMEGDAWgBTpiJNUrifNvox2jit80t/e9BlxLjANBgkqhkiG9w0BAQUFAAOBgQBEpijq5vKRmWEZFUt9RTJ1cw6vpQbKSyhKOm7Sv1YgxHjzP5uGjddSkl8QmBBoHp5FIS/z1lBuRyMVNDChUrxqUR3Mz+qt+dM/xDJzYYA5oFkV3JAtZg5Re1uc0xq5uRkn5Qo5t5oj9RTN4a5zr9oK+AIxORSTWz33WUq7cHhJ0g==</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="EK-5a112e0f-279e-43f2-b3ee-5a7044951d8d" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#Gd9c929cb-1e7f-42b6-93dc-a48ed8bdcd33" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>dBTVGkwYgWNXBZ/20oAugPl57b5iE82sM344mvqppDfXYzIgWegF7KDI696xIbvyz1CqAFw/Km645180FuFKVsbXPYp5nTKs4QMNfivVu10QBksKaguKiRiowmSUNx5WUXef4x+qEbOqDjNbS98DdflpfOsJchOvdhBFSwUMf6o=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-c1e7ddcc-207d-4ebb-a165-64aebd752871"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-68055fd0-3aa4-4947-a7b6-a6ed2966a464">MIIC9DCCAl2gAwIBAgICASEwDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAtNYWhhcmFzaHRyYTEPMA0GA1UEBwwGTXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEQURNUzENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA3MTAxNTE5NDZaFw0xOTA3MTAxNTE5NDZaMGwxCzAJBgNVBAYTAmluMRQwEgYDVQQIEwttYWhhcmFzaHRyYTEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczERMA8GA1UEAxMId3NjbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANM9PR5tuVI5sLvEvCu2dPPZmxvvJEMPHnCo8sKz1WGxlp9xyqjxln0o2tsSQXEwlpaWoVypMSvEDPVXxTRpypaJ2n1aD6Zda4X4lDda7G4nd//EalItZxrZ4cYmk4SueIz4JPmg1JyQfdoFg+8LAoJXuGjNcHN6+d8BQjJh+oD1AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQAaGiDClvXpk9AdblQa8w4oCRTdjAfBgNVHSMEGDAWgBTpiJNUrifNvox2jit80t/e9BlxLjANBgkqhkiG9w0BAQUFAAOBgQCBMmVzYVpNtQs5KqhQ/q7QcU2gkoQqaGbkngY2CgvDl7w65lJo7lB2dn0H/rDrTxzcTAusp71RzSpzCE8zTkkh8bWjghpDKBcp2s5rTxsGuNf2fHT7EHyIq/wxX/DAY6Z2t6Wb3BYIo9Xe7NN9+UEmi0aHxxZ5TzH0sbIviZ1x2Q==</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-af07415f-9af5-447b-ab52-6ed562332323" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsa SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-73d18922-a97d-4ef4-a3ce-a5476e2c876b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>mek5MuRjirVXt8ly13SqLfVl7NA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-20cca316-6e2e-4434-a3a4-b855da57bb6e">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>TRCFwe1ZqDRAg4QSXZbZyGUDWIs=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-26419ab7-c125-4c16-a41e-c8e1051577ef">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>hGs9BeHV6gWNzRt2bIOO6ufip6c=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-3fefc90b-632a-426f-b8f7-74a99ec4f82a">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="SOAP-ENV" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>jGO5ckp7b9JDGeLjDu2b9jyzSJ4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-ec181695-d50a-4579-94a4-410e8fd4e422">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>7lPYMD7/qYqiiw60hXnXoE7+hpc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>0vyKSyRw2br6F4AEGfynFw8HwlYOebJMdNASuwP6+Cch3hhteoydJ8H9JVqxiqRAnYHnR9Cx/rhRzkXhDLvBV9/NFw9EdrHBmdbAnbYVwfLA5dTndLPHUk+fvrvs7YjfjsNOlUNYhIZhnvfMt9MUoNKJlI62r5ijkPWIgpwIqLA=</ds:SignatureValue>
<ds:KeyInfo Id="KI-3883121d-1f56-46aa-98f2-e6c4be09b4f7">
<wsse:SecurityTokenReference wsu:Id="STR-0b7f8424-870e-4c49-8b32-6c7748a08537">
<wsse:Reference URI="#X509-68055fd0-3aa4-4947-a7b6-a6ed2966a464" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:To SOAP-ENV:mustUnderstand="1" wsu:Id="id-ec181695-d50a-4579-94a4-410e8fd4e422" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">none</wsa:To>
<wsa:From>
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
</wsa:From>
<wsa:ReplyTo wsu:Id="id-3fefc90b-632a-426f-b8f7-74a99ec4f82a" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:FaultTo>
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
</wsa:FaultTo>
<wsa:FromSoap>
<wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
</wsa:FromSoap>
<wsa:Action wsu:Id="id-20cca316-6e2e-4434-a3a4-b855da57bb6e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://www.xxxx.com/xxx/definitions/service/RequestTestAgreement</wsa:Action>
<wsa:MessageID wsu:Id="id-26419ab7-c125-4c16-a41e-c8e1051577ef" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">urn:uuid:97d1f396-3f51-41db-ad62-2633f13fed32</wsa:MessageID>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="id-ba05ffcc-9962-4b41-a1da-e813d9bc93d0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<clic:getTestAgreementRequest>true</clic:getTestAgreementRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I have generated by soap message using apache wss4j 1.6.8 and the output is as below
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:clic="http://www.xxxx.com/xxx/schema/foundation/service/TestSchema">
<SOAP-ENV:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-3">
<wsu:Created>2019-02-06T18:50:11.074Z</wsu:Created>
<wsu:Expires>2019-02-06T19:06:51.074Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="6593263F499877B4A415494790109675">MIIDeDCCAuGgAwIBAgICAR4wDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAttYWhhcmFzaHRyYTEPMA0GA1UEBwwGbXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEYWRtczENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA4MzEwOTEyNTZaFw0xOTA4MzEwOTEyNTZaMGwxCzAJBgNVBAYTAmluMRQwEgYDVQQIEwttYWhhcmFzaHRyYTEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczERMA8GA1UEAxMId3NzZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGZAOvKwIffsVhKQ4sGasgUcgP1Vp+KZsNsuCjKCIkfZ5w0S7m5jUpzzIYjmWYa3b+aU3jCpvtfSFB5xQ6iHGcPJ6w3Dso+Clp4XuXgfS9ECblJjJ1gk6e91/uhywbt+e1zAE7dl7+S1dkxsw3H/1E3bVVWmeK31tqexwUVgVtyWJuX77w31yx0zJ2KI7CEfPq7OMEVRMq4jRkn9s0bHUjQ9PqMtOnglo9isg1lhm3TpWfy9wkB99pdDkAG5QqPlp/m+l5mBUTvoZIoOpVNHsI0r15bqC/Nzkm/g4p9qbG02rlv3P9JqDFCkgYWg/zIe5HUzTFaDFZwBKxO2Mexe7DAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR2GHKfXofss3GtyDO9Y/CihdWrIDAfBgNVHSMEGDAWgBRGhczI58cP0v9DFA2z1jVz6w2ksDANBgkqhkiG9w0BAQUFAAOBgQAZSuRlgWHwoeUBKwI4c2vvfaSjntw2T73JcDL2L+ZsqRQz3TPWGs5T/UtnPiKP5SDrCR0syz1ejLXo0DgBlehlwBDYbizznyK2a8sG5URA5VGDCV69JInihZft0IbplDzaGr+RYdRlk6sL9Xn9/faKF6EJbG90WtqnRjBz+9Lvsg==</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="EK-6593263F499877B4A415494790109674" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#6593263F499877B4A415494790109675" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>ChwYvMF05oQtM1pCPwhsH2SUnb/D1ilvjff+1yPb8HPUyLv4AcbcQzROnujUdDBxdNNC5gWGP9YqSvEFTV1WF4+qXzVAOt6RdSERx0JGmh7FaeHiO0JDuVKmfJsb+sRgUh2u3LBgxEqs2mqB4PEW8rat3rY2V4d7pl3MiS4mJO7QTeo3OvoxXKeN4ya009DrKkr+Is7OUhWYqU6Ffw6sZSeZltbz0ZcrtLlZa/dIZo4gSgvFcePgBuW43Lm3KwtzCqOV1Zgul2bRpsQnfD3EVXp75i5zPYU/KvWJqBkpKM3h8c8h6nNA+aibvq9WCos1nZvs8XaKg6Ymd3dcwgePHQ==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-6593263F499877B4A415494790103071">MIIDcjCCAtugAwIBAgICASAwDQYJKoZIhvcNAQEFBQAwgZUxCzAJBgNVBAYTAklOMRQwEgYDVQQIDAttYWhhcmFzaHRyYTEPMA0GA1UEBwwGbXVtYmFpMRQwEgYDVQQKDAszaS1pbmZvdGVjaDENMAsGA1UECwwEYWRtczENMAsGA1UEAwwEd3NjYTErMCkGCSqGSIb3DQEJARYcc3dhdGkuc2hpbmRlQDNpLWluZm90ZWNoLmNvbTAeFw0xODA5MjEwNzI1MTNaFw0xOTA5MjEwNzI1MTNaMGYxCzAJBgNVBAYTAmluMQswCQYDVQQIEwJtaDEPMA0GA1UEBxMGbXVtYmFpMRQwEgYDVQQKEwszaS1pbmZvdGVjaDENMAsGA1UECxMEYWRtczEUMBIGA1UEAxMLc2F0aWFjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHoAKC/vd19vb/OUlSjCmJc30RNiyvzorBjNAqyR9oBRALtwxMdnzLboCxawzTnjborgP1LBgmFD1c42LW83Yja/vmwNEGCNp7+S2moLbN4xe4lFB6ixNDcWgrbkFz4rGotvSGs8mxhLAdye69g5UUV14h/brzJY8pOmABG6Gz30bxogq+SWtZ1TlymAxNgx/Tw80gzgy1aOfUhJQaKIF6m+59O4HpxxFH00Z/f3ZXbyIfDfgRXDP+sxt1vOUKoLmgn3bypM9EqN2sGr721HKqJujMqtl1YNMs3fIGaT6lA4+obIg3/JYsz9xj7M6ym8IJm/OyDkRzRuB3BxVvW1GHAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBT0ZtrJGWC5jLIFvXHbSw/KV+M++DAfBgNVHSMEGDAWgBRGhczI58cP0v9DFA2z1jVz6w2ksDANBgkqhkiG9w0BAQUFAAOBgQC78s3HaYM1sqBXoPyUFitSZf9zyQipOWpvrrYdYwKMEmT84ZDJeJPLens/7URyyla9s/ygXbFpHbzre2nXZLEfXEC5ZSjt+/zDz0TTDPCoi/PBPAZP0f1gnAihSzi04YB2MKKKgRKCEPnc43WbiNWq9+e8rnKN3p82fgc03Mrc1w==</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsa SOAP-ENV clic" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="clic" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xb52CEoxKdEcSo8q8eLMOURnTnI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>wQlP4hzCvKMVtolq6nnVnfH7Zz/0ktTrgHqb467RgoOB6W7jrDpNprofp7gMbdxjC2D4X7yj/APYD9ADmmGZf0EzMbF/o0G1RYPQzl2J/1tagWM5H3M3Ztnxbwj7cA7ToYTci9D6BASLef9Jl9I5diiBP/1eXsqjVkzeuocvozrRPVZLXhdLFIUT2Yk2V6s7RH0q6FNDZEk10Z6AWstneh/ixq7BkYUhObZmEu1P5/IO99lX68n+EGexbBOmTFBraszkjBeSSH+8/ShLDfhm24O52LlFktKXmyuMN8eQu8vmQW21vtW+7GxXD/TIdwTwtwjyH2awJtNCCRf8pLTJIQ==</ds:SignatureValue>
<ds:KeyInfo Id="KI-6593263F499877B4A415494790103382">
<wsse:SecurityTokenReference wsu:Id="STR-6593263F499877B4A415494790103413">
<wsse:Reference URI="#X509-6593263F499877B4A415494790103071" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action wsu:Id="id-1ea06b17-3ceb-4a69-8d2c-2ea8c9f88a9e" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">http://www.xxxx.com/xxx/definitions/service/RequestTestAgreement</wsa:Action>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="id-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<clic:getTestAgreementRequest>true</clic:getTestAgreementRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
When I call my webservice using my generated soap message on soap UI I get below response
<faultstring xml:lang="en">The signature or decryption was invalid; nested exception is org.apache.ws.security.WSSecurityException: The signature or decryption was invalid</faultstring>
What could be the problem with my soap message? I can see that CipherValue and SignatureValue in my soap message are longer than the one in the given sample soap message. Which encryption and signing algorithms do I need to use to make them have the same length of characters?
Upvotes: 1
Views: 12170
Answers (3)
Yash
Reputation: 9578
I had faced the same problem like the SoapMessage signature invalid. Due to improper conversion of SoapMessage to String XML.
<soapenv:Fault>
<faultcode>soapenv:Client</faultcode>
<faultstring xml:lang="en">The signature or decryption was invalid; nested exception is org.apache.ws.security.WSSecurityException: The signature or decryption was invalid</faultstring>
</soapenv:Fault>
The problem that occurred is while delivery.
- Soap message Signing code is correct.
- while delivery SoapMessage is converted to XML is wrong due to this we have received an invalid response.
Exception Code: SoapMessage
public static String getSoapMessages(SOAPMessage soapMessage) throws Exception {
SOAPEnvelope soapEnv = soapMessage.getSOAPPart().getEnvelope();
Document ownerDocument = soapEnv.getOwnerDocument();
String stringDocument = toStringDocument(ownerDocument);
//System.out.println("SoapMessage: "+stringDocument);
return stringDocument;
}
public static String toStringDocument(Document doc) throws TransformerException {
StringWriter sw = new StringWriter();
TransformerFactory tf = TransformerFactory.newInstance();
Transformer transformer = tf.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "no");
transformer.setOutputProperty(OutputKeys.METHOD, "xml");
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
transformer.transform(new DOMSource(doc), new StreamResult(sw));
return sw.toString();
}
Working code SoapMessage to XML String.
public static String getSoapMessageFromStream(SOAPMessage soapMessage) throws Exception {
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
soapMessage.writeTo(outputStream);
String codepage = "UTF-8";
String stringDocument = new String( outputStream.toByteArray(), codepage );
//System.out.println("SoapMessage form Stram: "+stringDocument);
return stringDocument;
}
Upvotes: 0
saikamna
Reputation: 11
ERROR:org.apache.ws.security.WSSecurityException: The signature or decryption was invalid
The reason for that error is that the WSS4J library needs XmlSec libraries starting from the version 1.5.6 but the SOAPUI is exported with the version 1.4.5
After replacing xmlsec-1.4.5 jar with xmlsec-1.5.6 jar under lib of C:\Program Files (x86)\SmartBear\SoapUI-5.5.0\lib the issue will be resolved.
Try this approach.
Upvotes: 0
nidal kadmiri
Reputation: 1
Either the signed Message was altered and then the signature doesn't know how to decrypt the signed message or you might have a problem with your keystore.
You can try generating a message using your keystore inside soapui https://www.soapui.org/soapui-projects/ws-security.html and then try to verify it once again, i had the same problem, that i managed to solve
Upvotes: 0
Related Questions
- Signing soap message using WSS4j in Java
- SOAP WSS4JInInterceptor Security processing failed (actions mismatch)
- SOAPFaultException "MustUnderstand headers (oasis-200401-wss-wssecurity-secext-1.0.xsd) are not understood"
- javax.xml.soap.SOAPException: java.security.ProviderException: Could not derive key
- Caused by: org.apache.wss4j.common.ext.WSSecurityException: BSP:R5424: Any ENC_KEY_INFO MUST have exactly one child element
- Validation of encrypted SOAP request throws the error fault
- WS-Security: HttpsToken could not be asserted
- SoapFault MustUnderstand headers, CXF WSS4J No crypto property file supplied
- org.apache.ws.security.WSSecurityException: General security error (No certificates were found for decryption (KeyId))
- "The signature or decryption was invalid" when trying to access web service over WSE or WCF