You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by Hugo Trippaers <tr...@gmail.com> on 2015/06/15 11:10:01 UTC

Signing and encrypting attachments with derived keys

Hello Folks,

I’m running into an issue where if get an exception about not having an attachment callback when i try to execute an operation on a service with  the policy sp:Attachment on the INPUT and OUTPUT policies. I was able to trace this back to something in the cxf-rt-ws-security:SymmetricBindingHandler where different paths were chosen to work with regular and derived keys. To me it appeared like encrypting and signing attachments was enabled for the former and not for the latter. After figuring our how it was supposed to work i made a couple of small fixes to both CXF and WSS4J that solved my problem.

However these fixes are for older versions and don’t have unit tests yet. I’m looking for some feedback on the fixes and if they are still relevant for current versions of CXF and WSS4J i’ll happily work with you guys to get these fixes in. 

Here are the links to the relevant fixes;
WSS4J <based on 2.0.3> : https://github.com/spark404/wss4j/commit/f36dd8e86dededab759a772eba9e9b4d0bee17b6 <https://github.com/spark404/wss4j/commit/f36dd8e86dededab759a772eba9e9b4d0bee17b6>
CXF <based on 3.0.4>: https://github.com/spark404/cxf/commit/f3a22fd8b9ded3d9bc796eb938ebf6e06d524604

Cheers,

Hugo