WLS 8.1: Canonicalization fails signing SOAP message in DigestValue tag (Doc ID 1140775.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle Weblogic Server - Version: 8.1 and later   [Release: and later ]
Information in this document applies to any platform.

Symptoms

When attempting to sign the SOAP message, which is done incorrectly, following error is thrown:

...
[ExcC14NTransform] : +++ inclusiveNamespaces : null
<soap:Body xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-2"><ns5:submitILECcustomerServiceRecordQuery xmlns="java:com.sprint.webservice.voiceoverip.common" xmlns:ns5="https://servicegateway.sprint.com/WSvoiceOverIPservice"><ns2:VoIPorderHeader xmlns:ns2="java:com.sprint.webservice.voiceoverip.helpers"><OriginationID>OXL</OriginationID><DestinationID>SPRINT</DestinationID></ns2:VoIPorderHeader><ns2:ILECcustomerServiceRecordQueryForm xmlns:ns2="java:com.sprint.webservice.voiceoverip.helpers"><ns4:ATN xmlns:ns4="http://tempuri.org/GeneralLNP/GeneralLNP">2526330669</ns4:ATN><ns4:OLSP xmlns:ns4="http://tempuri.org/GeneralLNP/GeneralLNP">0470</ns4:OLSP><ns4:STATE xmlns:ns4="http://tempuri.org/GeneralLNP/GeneralLNP">NC</ns4:STATE><ns4:DTSent xmlns:ns4="http://tempuri.org/GeneralLNP/GeneralLNP">2010-03-23-05:00</ns4:DTSent><ns4:AUTHNM xmlns:ns4="http://tempuri.org/GeneralLNP/GeneralLNP">SPRINT</ns4:AUTHNM><ns4:AGAUTH xmlns:ns4="http://tempuri.org/GeneralLNP/GeneralLNP">Y</ns4:AGAUTH><ns4:DATED xmlns:ns4="http://tempuri.org/GeneralLNP/GeneralLNP">2010-03-23-05:00</ns4:DATED></ns2:ILECcustomerServiceRecordQueryForm></ns5:submitILECcustomerServiceRecordQuery></soap:Body>
<!----- End Reference (uri=#id-2) -- -->
+++++++ Printing computedDigest : JIuafYc8jf/MK04lx6TnH3XPWhU=
+++++++ Printing referenceDigest : 6aTQ0IzIlM5H/sF0UOaDImJoYeE=
#id-2 failed reference validation: Invalid digest
at weblogic.xml.security.signature.Reference.validate(Reference.java:119)
at weblogic.xml.security.signature.SignedInfo.validateReferences(SignedInfo.java:211)
at weblogic.xml.security.signature.Signature.validateReferences(Signature.java:154)
at weblogic.xml.security.wsse.SecureSoapInputStream.addSignatureAssertions(SecureSoapInputStream.java:180)
at weblogic.xml.security.wsse.SecureSoapInputStream.getSecurityAssertions(SecureSoapInputStream.java:139)
at weblogic.webservice.core.soap.XMLSignature.validate(XMLSignature.java:102)
at com.oracle.test.ValidateSoap.main(ValidateSoap.java:19)
javax.xml.rpc.soap.SOAPFaultException: One or more references failed to validate: <Reference URI="#id-2" />
at weblogic.xml.security.wsse.internal.Utils.handleException(Utils.java:103)
at weblogic.xml.security.wsse.internal.Utils.handleException(Utils.java:130)
at weblogic.xml.security.wsse.SecureSoapInputStream.addSignatureAssertions(SecureSoapInputStream.java:256)
at weblogic.xml.security.wsse.SecureSoapInputStream.getSecurityAssertions(SecureSoapInputStream.java:139)
at weblogic.webservice.core.soap.XMLSignature.validate(XMLSignature.java:102)
at com.oracle.test.ValidateSoap.main(ValidateSoap.java:19)
weblogic.webservice.core.soap.XMLSignatureInvalidException: javax.xml.rpc.soap.SOAPFaultException: One or more references failed to validate: <Reference URI="#id-2" />
at weblogic.webservice.core.soap.XMLSignature.validate(XMLSignature.java:107)
at com.oracle.test.ValidateSoap.main(ValidateSoap.java:19)
Caused by: javax.xml.rpc.soap.SOAPFaultException: One or more references failed to validate: <Reference URI="#id-2" />
at weblogic.xml.security.wsse.internal.Utils.handleException(Utils.java:103)
at weblogic.xml.security.wsse.internal.Utils.handleException(Utils.java:130)
at weblogic.xml.security.wsse.SecureSoapInputStream.addSignatureAssertions(SecureSoapInputStream.java:256)
at weblogic.xml.security.wsse.SecureSoapInputStream.getSecurityAssertions(SecureSoapInputStream.java:139)
at weblogic.webservice.core.soap.XMLSignature.validate(XMLSignature.java:102)
... 1 more
Exception in thread "main"

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms