You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Wabi Sabi <wa...@gmail.com> on 2014/02/06 20:28:12 UTC
Decrypting Attachments
Hello,
I am building a WS client that with CXF 2.7.4 and I got stuck getting it to
decrypt attachments in response message. The catch here is that response
comes in as SwA. So it would look as follows:
--MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014
Content-Type: text/xml; charset=UTF-8
Content-Transfer-Encoding: binary
Content-ID: <0....@apache.org>
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><wsse:Security
soapenv:mustUnderstand="1" xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" xmlns:dsig="
http://www.w3.org/2000/09/xmldsig#"/><dsig:KeyInfo xmlns:dsig="
http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdentifier
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"
EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qXzKaOt1jDRiRCnSEvhA8HhI85g=</wsse:KeyIdentifier></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#
"><xenc:CipherValue>SdZ9RaxcP3HcXhKpyUclVXDEu244Dp8PyUpJCVpG3mpcxejo5pcrirv
... SINGED AND ENCRYPTED SOAP MESSAGE ...
</soapenv:Envelope>
--MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
Content-ID: <ur...@apache.org>
-- BINARY ATTACHMENTS HERE --
--MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
Content-ID: <ur...@apache.org>
....
--MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014--
I configured WSS4J interceptor but it errors out with the exception below
for this call (it works fine for all other non-SwA calls):
14:00:12,906 DEBUG PhaseInterceptorChain:437 - Invoking handleFault on
interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@6c2a78
14:00:12,907 WARN PhaseInterceptorChain:443 - Interceptor for {
http://gov.serv.ca}DelService#{http://gov.serv.ca}download has thrown
exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
invalid
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:96)
...
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
at com.sun.proxy.$Proxy47.download(Unknown Source)
at org.client.ClientTest.testDownload(ClientTest.java:223)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
...
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid
at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:339)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:420)
...
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277)
... 40 more
Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Could
not find a resolver for URI
cid:urn%3Auuid%3A261FBEA55A15F11F531391713216338@apache.org and Base null
Original Exception was
org.apache.xml.security.utils.resolver.ResourceResolverException: Could not
find a resolver for URI
cid:urn%3Auuid%3A261FBEA55A15F11F531391713216338@apache.org and Base null
at
org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:134)
at
org.apache.xml.security.encryption.XMLCipherInput.getBytes(XMLCipherInput.java:103)
at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1709)
at
org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612)
at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:980)
at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:337)
... 46 more
Caused by:
org.apache.xml.security.utils.resolver.ResourceResolverException: Could not
find a resolver for URI
cid:urn%3Auuid%3A261FBEA55A15F11F531391713216338@apache.org and Base null
at
org.apache.xml.security.utils.resolver.ResourceResolver.internalGetInstance(ResourceResolver.java:130)
at
org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(ResourceResolver.java:87)
at
org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:130)
... 51 more
I managed to write a custom resolver to provide attachment data, but then
it fails with yet another exception:
14:09:51,849 DEBUG PhaseInterceptorChain:437 - Invoking handleFault on
interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@6270b
14:09:51,850 WARN PhaseInterceptorChain:443 - Interceptor for {
http://gov.serv.ca}DelService#{http://gov.serv.ca}download has thrown
exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
invalid
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:96)
...
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid
at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:339)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:420)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:368)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:166)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277)
... 40 more
Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
Unknown transformation. No handler installed for URI
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
Original Exception was
org.apache.xml.security.transforms.TransformationException: Unknown
transformation. No handler installed for URI
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
Original Exception was
org.apache.xml.security.transforms.InvalidTransformException: Unknown
transformation. No handler installed for URI
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
at
org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:159)
at
org.apache.xml.security.encryption.XMLCipherInput.getBytes(XMLCipherInput.java:103)
at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1709)
at
org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612)
at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:980)
at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:337)
... 46 more
Caused by: org.apache.xml.security.transforms.TransformationException:
Unknown transformation. No handler installed for URI
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
Original Exception was
org.apache.xml.security.transforms.InvalidTransformException: Unknown
transformation. No handler installed for URI
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
at org.apache.xml.security.transforms.Transforms.item(Transforms.java:330)
at
org.apache.xml.security.transforms.Transforms.performTransforms(Transforms.java:275)
at
org.apache.xml.security.transforms.Transforms.performTransforms(Transforms.java:248)
at
org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:157)
... 51 more
Caused by: org.apache.xml.security.transforms.InvalidTransformException:
Unknown transformation. No handler installed for URI
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
at org.apache.xml.security.transforms.Transform.<init>(Transform.java:156)
at org.apache.xml.security.transforms.Transforms.item(Transforms.java:328)
... 54 more
Can somebody point me in the right direction, please? Any help is greatly
appreciated.
Thanks.
Nick.