Wss4j and soaphandler error when calling a web service twice

Question

I have got a problem when i'm using wss4j to verify the security on SOAP request on my server, here is the part of code I use to verify the security headers of the soap request (I'm in the handleMessage method of a SOAPHandler implementation) :

// get the crypto file to retrieve dedicated certificate
final Crypto iCertificateStore = WSKeystoreManagement.getCryptoFile();
final WSSecurityEngine iEngine = new WSSecurityEngine();
// Add the default config file to the engine
final WSSConfig iConfig = WSSConfig.getNewInstance();
iEngine.setWssConfig(iConfig);

try {

  // check security header
  final List<WSSecurityEngineResult> iSecurityParts =
    iEngine.processSecurityHeader(aDocument, null, null, iCertificateStore);


} catch (final WSSecurityException iException) { ...}

On the request there is a signature and a timestamp, when i'm calling the web service the first, everything goes ok, and the request is treated, I use a small java project to call my web service, the program retrieve the answer and finish correctly. But then I launch the program again, but this time on server side the check does not work. I've been looking in the wss4j code to see where the problems come from, i've arrived here in DOMReference.validate method where :

        if (validateContext == null) {
        throw new NullPointerException("validateContext cannot be null");
    }
    if (validated) {
        return validationStatus;
    }
    Data data = dereference(validateContext);
    calcDigestValue = transform(data, validateContext);

    if (log.isDebugEnabled()) {
        log.debug("Expected digest: " + Base64.encode(digestValue));
        log.debug("Actual digest: " + Base64.encode(calcDigestValue));
    }

This time the calcDigestValue is different, and i can't find why... Does anybody know something about that?

Thanks.

Edit : I've been progressing in my research, the problem comes from the fact that the body of the request envelop is changed somewhere between the client and the server... I have checked on the client and I'm almost sure the body is not changed there. Those changes only appears on the second call, still don't know why ??

Answer 1

I've finnaly found the problem, there was differences between the objects i was using on client side and on server side (don't ask me why) and when the transport layer on server side was retrieving the enveloppe it was putting namespace on those objects in the body causing the digest check to fail on the signature.