You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Aki Yoshida <el...@gmail.com> on 2015/06/16 12:02:44 UTC
Re: Attachment signing/encryption and MTOM
the content-id in the uri-form i.e. "cid:..." needs to be url-encoded
because some characters allowed in the content-id header value are
reserved in the URI syntax.
see http://www.ietf.org/rfc/rfc2111.txt section 2.
I'm moving this thread to users@cxf.
2015-06-15 17:47 GMT+02:00 Hugo Trippaers <tr...@gmail.com>:
> Hello Folks,
>
> I’m running into a problem with url encoding of attachments identifiers. The versions i’m using are WSS4j 2.0.3 and CXF 3.0.4 (so if this is solved in future versions, please tell me ;-) as i haven’t been able to test it.
>
> I have a web service that returns an encrypted attachment, works fine without MTOM, but when i enable MTOM i get an error.
>
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Attachment not found
> at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:363)
> at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:213)
> at org.apache.wss4j.dom.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:121)
> at org.apache.wss4j.dom.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:80)
>
> Tracing it, it fails on comparing the attachments Ids between the mime parts and the references in the soap code.
>
> In the mime header of the attachment, the attachment id is not encoded
> Content-ID: <f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http://schubergphilis.com/2015/
>
> However the reference in both the CipherReference and Signature soap part is url encoded:
> <xenc:CipherReference URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd”>
>
> <ds:Reference
> URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>yHytVyICcbG5TDfcL4iZHFyalbI=</ds:DigestValue>
> </ds:Reference>
>
>
> What should be correct? I don’t think the content in the attribute should be URL encoded, but should be entitiy encoded. Yet it is encoded in AttachmentUtil.createContentID and decoded before creating the mime part in AttachmentSerializer.writeHeaders
>
> Happy to help solve this..
>
> Cheers,
>
> Hugo