You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Filip Majernik <fi...@gmail.com> on 2009/11/20 10:53:33 UTC

Encrypting multiple elements defined through one XPath expression

Hello,
I am using Rampart 1.4 in Apache ODE 1.3.2. Ode is sending a message with
sequence of <xsd:insuree /> elements each of them wrapped by another element
(I generate this elements with a bash script for testing, so all elements
are the same, only the Id is different).
I have defined a ContentEncryptedElements assertion with one XPath
expression like this (using AsymmetricBinding):

<ContentEncryptedElements>
     <XPath xmlns:xsd="...">//xsd:insuree</XPath>
</ContentEncryptedElements>

However, only the first element <xsd:insuree/> is always encrypted in the
message and the others are left in clear text. I've checked it in Rampart
source and the method
RampartUtil.getContentEncryptedElements(), which searches the elements in
the message, finds all <xsd:insuree /> elements in the message. The class
AsymsetricBindingBuilder is not doing anything with that elements, so I
suppose there is something with wss4j encryption?

Can maybe someone help me with this issue?

Thanks,
Filip

Re: Encrypting multiple elements defined through one XPath expression

Posted by Filip Majernik <fi...@gmail.com>.

Hi again,
so I checked the AsymmetricBuilder in trunk and the
RampartUtil.getContentEncryptedElements() method. The only difference is
in the RampartUtil.getContentEncryptedElements() where the WSEncryptionPart
has also the appropriate XPath expression set:

encryptedElem.setXpath(expression);

So I've downloaded the latest wss4j (1.5.8 version) and added the setXPath()
in rampart 1.4. However, it didn't work. But this time,
the EncryptedKey element had two <xenc:DataReference> elements(this was
correct as there were two <xsd:insuree> elements in the
message). The message was of course rejected, because the second reference
was not found. So I took the message, deleted the non-existing
<xenc:DataReference> and sent it with SoapUI to the service and found out,
that the first <xsd:insuree> was encrypted two times.
After the decryption of the element, there was <EncryptedData> with the Id
from the deleted <DataReference>.

So this seems to me like a wss4j bug.

Regards,
Filip

On Fri, Nov 20, 2009 at 11:20 AM, Prabath Siriwardena <pr...@wso2.com>wrote:

> IIRC this seems to be an issue with Rampart 1.4 - and fixed in 1.5 to be
> released and the trunk.
>
> Thanks & regards.
> -Prabath
>
>
> Filip Majernik wrote:
>
>> Hello,
>> I am using Rampart 1.4 in Apache ODE 1.3.2. Ode is sending a message with
>> sequence of <xsd:insuree /> elements each of them wrapped by another
>> element
>> (I generate this elements with a bash script for testing, so all elements
>> are the same, only the Id is different).
>> I have defined a ContentEncryptedElements assertion with one XPath
>> expression like this (using AsymmetricBinding):
>>
>> <ContentEncryptedElements>
>>     <XPath xmlns:xsd="...">//xsd:insuree</XPath>
>> </ContentEncryptedElements>
>>
>> However, only the first element <xsd:insuree/> is always encrypted in the
>> message and the others are left in clear text. I've checked it in Rampart
>> source and the method
>> RampartUtil.getContentEncryptedElements(), which searches the elements in
>> the message, finds all <xsd:insuree /> elements in the message. The class
>> AsymsetricBindingBuilder is not doing anything with that elements, so I
>> suppose there is something with wss4j encryption?
>>
>> Can maybe someone help me with this issue?
>>
>> Thanks,
>> Filip
>>
>>
>>
>
>

Re: Encrypting multiple elements defined through one XPath expression

Posted by Prabath Siriwardena <pr...@wso2.com>.

IIRC this seems to be an issue with Rampart 1.4 - and fixed in 1.5 to be 
released and the trunk.

Thanks & regards.
-Prabath

Filip Majernik wrote:
> Hello,
> I am using Rampart 1.4 in Apache ODE 1.3.2. Ode is sending a message with
> sequence of <xsd:insuree /> elements each of them wrapped by another element
> (I generate this elements with a bash script for testing, so all elements
> are the same, only the Id is different).
> I have defined a ContentEncryptedElements assertion with one XPath
> expression like this (using AsymmetricBinding):
>
> <ContentEncryptedElements>
>      <XPath xmlns:xsd="...">//xsd:insuree</XPath>
> </ContentEncryptedElements>
>
> However, only the first element <xsd:insuree/> is always encrypted in the
> message and the others are left in clear text. I've checked it in Rampart
> source and the method
> RampartUtil.getContentEncryptedElements(), which searches the elements in
> the message, finds all <xsd:insuree /> elements in the message. The class
> AsymsetricBindingBuilder is not doing anything with that elements, so I
> suppose there is something with wss4j encryption?
>
> Can maybe someone help me with this issue?
>
> Thanks,
> Filip
>
>