You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Aki Yoshida <el...@gmail.com> on 2015/06/16 12:02:44 UTC

Re: Attachment signing/encryption and MTOM

the content-id in the uri-form i.e. "cid:..." needs to be url-encoded
because some characters allowed in the content-id header value are
reserved in the URI syntax.
see http://www.ietf.org/rfc/rfc2111.txt  section 2.

I'm moving this thread to users@cxf.


2015-06-15 17:47 GMT+02:00 Hugo Trippaers <tr...@gmail.com>:
> Hello Folks,
>
> I’m running into a problem with url encoding of attachments identifiers. The versions i’m using are WSS4j 2.0.3 and CXF 3.0.4 (so if this is solved in future versions, please tell me ;-) as i haven’t been able to test it.
>
> I have a web service that returns an encrypted attachment, works fine without MTOM, but when i enable MTOM i get an error.
>
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Attachment not found
>         at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:363)
>         at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:213)
>         at org.apache.wss4j.dom.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:121)
>         at org.apache.wss4j.dom.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:80)
>
> Tracing it, it fails on comparing the attachments Ids between the mime parts and the references in the soap code.
>
> In the mime header of the attachment, the attachment id is not encoded
> Content-ID: <f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http://schubergphilis.com/2015/
>
> However the reference in both the CipherReference and Signature soap part is url encoded:
> <xenc:CipherReference URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd”>
>
> <ds:Reference
>         URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd">
>     <ds:Transforms>
>         <ds:Transform
>                 Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"/>
>     </ds:Transforms>
>     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>     <ds:DigestValue>yHytVyICcbG5TDfcL4iZHFyalbI=</ds:DigestValue>
> </ds:Reference>
>
>
> What should be correct? I don’t think the content in the attribute should be URL encoded, but should be entitiy encoded. Yet it is encoded in AttachmentUtil.createContentID and decoded before creating the mime part in AttachmentSerializer.writeHeaders
>
> Happy to help solve this..
>
> Cheers,
>
> Hugo