WSSecurityException: An invalid security token was provided

Question

Hello to all (this is my first post on this forum),

I''ve got problem with encrypted response:


Wed Jul 20 17:49:12 CEST 2011:ERROR:org.apache.ws.security.WSSecurityException: An invalid security token was provided (Bad ValueType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1")
   org.apache.ws.security.WSSecurityException: An invalid security token was provided (Bad ValueType "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1")
    at org.apache.ws.security.message.token.X509Security.<init>(X509Security.java:59)
    at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:262)
    at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:117)
    at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:93)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
    at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
    at com.eviware.soapui.impl.wsdl.support.wss.IncomingWss.processIncoming(IncomingWss.java:119)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.support.attachments.WsdlSinglePartHttpResponse.processIncomingWss(WsdlSinglePartHttpResponse.java:49)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.support.attachments.WsdlSinglePartHttpResponse.<init>(WsdlSinglePartHttpResponse.java:38)
    at com.eviware.soapui.impl.wsdl.submit.filters.HttpPackagingResponseFilter.wsdlRequest(HttpPackagingResponseFilter.java:64)
    at com.eviware.soapui.impl.wsdl.submit.filters.HttpPackagingResponseFilter.afterAbstractHttpResponse(HttpPackagingResponseFilter.java:42)
    at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.afterRequest(AbstractRequestFilter.java:64)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:204)
    at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:122)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
    at java.util.concurrent.FutureTask.run(FutureTask.java:138)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)

The response I get:


<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsa="http://www.w3.org/2005/08/addressing">
   <env:Header>
      <wsa:MessageID>urn:AF65D1B0B2E711E09F313FB1CEF4EA97</wsa:MessageID>
      <wsa:ReplyTo>
         <wsa:Address>http://www.w3.org/2005/08/addressing/anonymous</wsa:Address>
         <wsa:ReferenceParameters>
            <instra:tracking.ecid xmlns:instra="http://xmlns.oracle.com/sca/tracking/1.0">d1d4bd7380e4e7e0:-554fd9de:13104396944:-8000-00000000001aa460</instra:tracking.ecid>
         </wsa:ReferenceParameters>
      </wsa:ReplyTo>
      <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-tbTjrvuQJWZ71eKKsMAPpw22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDxjCCAa4CCQDieSIuLsQbZjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCcGwxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAxMGc2xhd2VrMSgwJgYJKoZIhvcNAQkBFhlzbGF3b21pcnN0cm9qZWtAZ21haWwuY29tMB4XDTExMDIxNzEyMjc0N1oXDTEyMDIxNzEyMjc0N1owTTELMAkGA1UEBhMCUEwxEzARBgNVBAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDHNpZ25hbC1pZHVuYTESMBAGA1UEAxMJbWxpc2llY2tpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0mzdya0kvFtoHH5vmEFBc4cW2zsNXUBgKCDJ1JTQvSRFa2ELvAIprF51zj+QXJH7W2c/qHIjdRSLKjrea0WCK8aIOqRCg/B3wiBQrJqL74/HyZYMOyUn1q7WQTRK4CNoBfx7Wxg8XTDFUKFxEwhfpVjIkiPo174iMcBqaBA+g6wIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQBm5vg05a1ymdr5XU0nAvESLl+gb+jgoT0zI6cNfbj7AqvCvLSkdvbG92hpg7afYIcEMUVtDnB00LpBdPXT8n4GJCwUVo2dMdESGYV8BUraiOhlcOFuZslCug5qgT5PF9BxQa4/WB0Pb7jAZjm0aTzvOA9DPyykG7H8BDNt5Ew3mvBWO2jcdgMmTUVTl2K4q5XcrsgLn6Htmg3WWA0pgt8hAfIrz+IdZ36VgytTRMIi+/5qpypHD+2dIpv1HvOfz4pfXtV8UBgJ8VOg23wNlJs2jZcnnqOPe/nETrGvNjlbmy6NZ1hfk0/NyBAH1/AhHYgl0rRoxm2vjn9Dy1U7pphg8om5alpE3WvMMLob4HSuUenXqNsHMOuw+MaBT/Y0FcHo3apenfV4SMlpP3cJSHILA+T2KRuja5pD6pBmWZE4xKhPKvr+b/BKtJ4jxgnLLRCAaSu/RBEBDlWI/rtseiD9F2jS0BhkmAIpDVkKsX6ypH4+MdqIg07PjwoDYaPp/UXelIxjaftxqFSRyGX5O/4v95ND9lI0UA002I2RVPRfClDLMGuxwGUwRyPa2y6cGBKedfSx2xIqVXMaeAS05JefLP2dNJQfV+bffcNJoHs6dIQZ+nHserCjdheWjYqLeI9CZTW6MPrq7Gm3RXnZTspScURP3wmNPc4xdIfI9yH1xQ==</wsse:BinarySecurityToken>
         <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
               <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
            </xenc:EncryptionMethod>
            <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
               <wsse:SecurityTokenReference>
                  <wsse:Reference URI="#BST-tbTjrvuQJWZ71eKKsMAPpw22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1"/>
               </wsse:SecurityTokenReference>
            </dsig:KeyInfo>
            <xenc:CipherData>
               <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime">d/Z8ND4Ty7Xkjow4WofvCKHuK1YpXFqWZFk1pWMSnlUF/fxsgRYdps+KjlW7Ye6SIoLxDmPz/i42
ONwkRsXJhb1D93QeAdz1JVntT8YOMuIatyCmGtbSrCPu1fuWnyIygcyW3V285MefvhxA72AEoWKv
qHzGp7/GecMnjW0PWZc=</xenc:CipherValue>
            </xenc:CipherData>
            <xenc:ReferenceList>
               <xenc:DataReference URI="#_BEPOLju8uyKOl5mRz7bsFA22"/>
            </xenc:ReferenceList>
         </xenc:EncryptedKey>
         <wsu:Timestamp wsu:Id="Timestamp-3bk1KEjTsCLhXxdCiku2YQ22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsu:Created>2011-07-20T15:48:17Z</wsu:Created>
            <wsu:Expires>2011-07-20T15:53:17Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" wsu:Id="BST-GeB0eL5GVeqSE4ZQImjhAA22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIDxjCCAa4CCQDieSIuLsQbZjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCcGwxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAxMGc2xhd2VrMSgwJgYJKoZIhvcNAQkBFhlzbGF3b21pcnN0cm9qZWtAZ21haWwuY29tMB4XDTExMDIxNzEyMjc0N1oXDTEyMDIxNzEyMjc0N1owTTELMAkGA1UEBhMCUEwxEzARBgNVBAgTClNvbWUtU3RhdGUxFTATBgNVBAoTDHNpZ25hbC1pZHVuYTESMBAGA1UEAxMJbWxpc2llY2tpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0mzdya0kvFtoHH5vmEFBc4cW2zsNXUBgKCDJ1JTQvSRFa2ELvAIprF51zj+QXJH7W2c/qHIjdRSLKjrea0WCK8aIOqRCg/B3wiBQrJqL74/HyZYMOyUn1q7WQTRK4CNoBfx7Wxg8XTDFUKFxEwhfpVjIkiPo174iMcBqaBA+g6wIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQBm5vg05a1ymdr5XU0nAvESLl+gb+jgoT0zI6cNfbj7AqvCvLSkdvbG92hpg7afYIcEMUVtDnB00LpBdPXT8n4GJCwUVo2dMdESGYV8BUraiOhlcOFuZslCug5qgT5PF9BxQa4/WB0Pb7jAZjm0aTzvOA9DPyykG7H8BDNt5Ew3mvBWO2jcdgMmTUVTl2K4q5XcrsgLn6Htmg3WWA0pgt8hAfIrz+IdZ36VgytTRMIi+/5qpypHD+2dIpv1HvOfz4pfXtV8UBgJ8VOg23wNlJs2jZcnnqOPe/nETrGvNjlbmy6NZ1hfk0/NyBAH1/AhHYgl0rRoxm2vjn9Dy1U7pphg8om5alpE3WvMMLob4HSuUenXqNsHMOuw+MaBT/Y0FcHo3apenfV4SMlpP3cJSHILA+T2KRuja5pD6pBmWZE4xKhPKvr+b/BKtJ4jxgnLLRCAaSu/RBEBDlWI/rtseiD9F2jS0BhkmAIpDVkKsX6ypH4+MdqIg07PjwoDYaPp/UXelIxjaftxqFSRyGX5O/4v95ND9lI0UA002I2RVPRfClDLMGuxwGUwRyPa2y6cGBKedfSx2xIqVXMaeAS05JefLP2dNJQfV+bffcNJoHs6dIQZ+nHserCjdheWjYqLeI9CZTW6MPrq7Gm3RXnZTspScURP3wmNPc4xdIfI9yH1xQ==</wsse:BinarySecurityToken>
         <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <dsig:SignedInfo>
               <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <dsig:Reference URI="#BST-GeB0eL5GVeqSE4ZQImjhAA22">
                  <dsig:Transforms>
                     <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </dsig:Transforms>
                  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <dsig:DigestValue>M4ERopdY6LMXv4xakpWvkUOdmX0=</dsig:DigestValue>
               </dsig:Reference>
               <dsig:Reference URI="#Timestamp-3bk1KEjTsCLhXxdCiku2YQ22">
                  <dsig:Transforms>
                     <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </dsig:Transforms>
                  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <dsig:DigestValue>otFOGtYzP7sXUt48z7tll1txkUM=</dsig:DigestValue>
               </dsig:Reference>
               <dsig:Reference URI="#Body-HolZWJwsL186U0GHajR0Iw22">
                  <dsig:Transforms>
                     <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                  </dsig:Transforms>
                  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <dsig:DigestValue>U/lReyfZj3RQvK+MUL2OypaKDRc=</dsig:DigestValue>
               </dsig:Reference>
            </dsig:SignedInfo>
            <dsig:SignatureValue>k9rWAjdQPoBuja3CUoMKOcm0oRlH0muwuT7SSXd+1qLrYEyBSnIvJbgpXduWAd6yXgGVsjuK5sJXX+fvGcfrWp41KC+c5go0J2+HTEEnKK5VYYjxVQnu5N5ZyYyDFiwFKI7BrbM3TkSK3HDYlrdmc8iFxRAxspAAEOB7bNnjrgs=</dsig:SignatureValue>
            <dsig:KeyInfo Id="KeyInfo-T9H85C7usFxNRRtigVmFQg22">
               <wsse:SecurityTokenReference>
                  <wsse:Reference URI="#BST-GeB0eL5GVeqSE4ZQImjhAA22" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1"/>
               </wsse:SecurityTokenReference>
            </dsig:KeyInfo>
         </dsig:Signature>
      </wsse:Security>
   </env:Header>
   <env:Body wsu:Id="Body-HolZWJwsL186U0GHajR0Iw22" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_BEPOLju8uyKOl5mRz7bsFA22" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
         <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
         <xenc:CipherData>
            <xenc:CipherValue xmime:contentType="application/octet-stream" xmlns:xmime="http://www.w3.org/2005/05/xmlmime">pHQq97hH/INW/bn7tSSkhJic+qNTOInj1SiD0WzTwJGA0Rk0LLZCNZxQ7cfcIdh9VjW+qfy/HYDl
0xMZKXuJUItwUvWhKK4UKw7CpcisNd2NB06fei3LWwWkPEtRNeXTndFn3Znzv8QTpDiH9mBPKIcM
nCLSMBl+AcCO2BvRXpk/PZJu9vExc8Ef1lTjpUxFF6RAk6+flRpI3CEMRnmKbBdsRxutE0AyaHak
0O3B0++sqZCAzStrNz8Om6YP+lgpW+7xRag36y9ET+5C8o1nj5iURHgPy3YGxqe0rhBE3l9d4wdt
rWzcf0EGsIJzpVyNl86wp/HqMT1uF7ebMe9A87z3VNBbNIHGZIiaM69ugs8JBNzxiOSF0bg4rUBM
DVUZqiB8sZ++HNMaXhHjyQIT5ccTTDPuX7BiO9tZyateugJbwHHmd+SkofPuEiI3TUFi5dL9y8Is
iqRruXxy/8mmj27XqIyq7iTtME86NXVaGUqP/KDRugJW+BgF7fa1NpW+ot1izzeT2WNaoyt2DkI3
yE2xm7TtPc5qsxVAUSqJA4QEiPb3uLvc0yAWIw5lx8Sb5a6WzFELyrz+lABV2PRP5z2P3hDPViB4
id8akUVXZixRwctViHyD3OUZMXUZJOg3btdfpCOS4PCID85xQzn3JiVk1/6UXAGXhT/C2vgihxaH
9EYntIM0cYWW/FI4MsC8psZY7gcP9o4glfnURQtNys7yhc8CU2hnIOlt8d5Ye2bqhmCD+Ft7lTnZ
R9PzxYWg2PJqAJT05jV9BoIKpYeC5BCml/fz+ZDLBnGQTEFWgyptPwEDNaYL9uVCzOZnq72E9AON
ILl6fW1JPIPDf+Du4LVXQ5LAm7lp/wIdSexkJ19OZppvBcdiPueFpxCg0eJiseb9Xq/prJ+me6hM
XE+1CtMNPYhJXsjAV7mq/dMyc/yEPOzNL0NNZPKO5sB8V+6mGn0O7098SfznIOoP4Sq9bR4flEuG
oS2scwD14HKupmfglas5YXRcqpCVtSuiL3GwmTsrb0FaxTJepO1GD0Ub0fsVzWM1kjPW01zGKwfp
wyYX3OfJeMCkynT+HCe0uT6c1FJeYdgYqZ1ghEQnZ9lAGrUU57WVpPrJ/NRwHs9WJqPi1E27Si4O
OGL/L/WxCXY23FcxMpiMOgYLiqdm1J//PtCwRdvfyEtiJu4usI5t31OC4smtwGiXLUIbsva7l5Vb
5EkaDcjtFxYV33jmfc2BWnQcf9mQAlJpCAauuTwDqMc2pFfXSnMkP7ZAAheLeifYizL1ej3v1sI3
MMZk/+vj/rbLrx04CYKhpMJsU27AUTtoqE/Q/Sf+vdiiaqdhAEWSDzT5HEd2RmE8/iVsGDqz/3p0
j6CEJzK7qmf+3xLOzlAGwlihaG4HrwtuPZnbToWEmaY6BkjZnrMikx3hlkzCENBadFLtayuK8N+Y
6aXb9Ag=</xenc:CipherValue>
         </xenc:CipherData>
      </xenc:EncryptedData>
   </env:Body>
</env:Envelope>

I've tried wss4j-1.5.3, wss4j-1.5.8, wss4j-1.5.11 and error still occurs.
I've tested it in SoapUI 3.5.1 and 4.0.0 with the same result.

Could you please advise me where to look for solution? I'll appreciate any hint.

pbienkowski · Answer

Hi,I found solution.Bad ValueType of X509v1 exception is raised because from docsis v1.1 errata certificate X509v1 is no longer supported - so wss4j from 1.5.6 and above won't work with X509v1.When I changed wss4j to 1.5.4 everything works fine.

Forum Discussion

WSSecurityException: An invalid security token was provided

1 Reply

Recent Discussions

Signature\Encryption tags missing in Security Header

CVE-2024-7565 and CVE-2017-16670 vulnabilities

Vulnerabilities found in SoapUI 5.9.1

Related Content

Missing SCC Provider

log4j security vulnerability

[Solved] SSL Handshake exception calling a secure webservice