You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Oliver Wulff <ol...@zurich.ch> on 2008/07/22 18:27:31 UTC
Decryption with several EncryptedKey elements
Hi all
I've got a soap request (see below) with two EncryptedKey elements
(different public keys).
My application is in the possession of only one private key which means
that it can only process some of the encrypted elements. If I process the
security header the following exception is thrown:
Caused by: org.apache.ws.security.WSSecurityException: Cannot
encrypt/decrypt data; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey
(EncryptedKeyProcessor.java:287)
How can I tell WSS4J to ignore the EncryptedKey elements which are not
intended to be decrypted?
This is the code to decrypt the soap message:
String message = ... ;
String cert = .... ;
try {
InputStream inStream = new ByteArrayInputStream(message.getBytes());
SOAPMessage soapmsg = MessageFactory.newInstance().createMessage());
null, inStream);
Document doc = (Document) soapmsg.getSOAPPart();
Crypto crypto = CryptoFactory.getInstance(cert);
secEngine.processSecurityHeader(doc, null, new MyCallbackHandler(),;
crypto);
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
DOMSource source = new DOMSource(doc);
StringWriter sw = new StringWriter();;
StreamResult result = new StreamResult(sw);
transformer.transform(source, result);
return sw.toString();
} catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(ex);
}
Here is the input soap request:;
<?xml version="1.0" encoding="UTF-8"?>
<>SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:m2="http://ecm.zurich.com/svc/ws/types"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:m1="http://ecm.zurich.com/svc/ws/document_v1_0">
<SOAP-ENV:Header>
<m3:Security
xmlns:m3=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
SOAP-ENV:mustUnderstand.="1">
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyId-712593">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<wsse:SecurityTokenReference
xmlns:wsse=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
446
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
gL4WtugirLpupgr7i9I6VVHyDu2H6sS1phCX8zY9+65dTf8LtsDSjVFNLaBHmIrfMLXgC1gREA
+WnUGoObNV5Ek1VePLrCzYp4TGzVR0wxbhF6m1Zzc81wKArtLHflcXKsn5v7rUvArC3bh4o7QqBs6o1W13EmI244r9ZA30gqY=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-31188783" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyId-30675222">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<wsse:SecurityTokenReference
xmlns:wsse=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
447
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
RVKDb7RnEPf1/566a4kSEy0Q8Rq2cglbyEcoxHy7YtFQfQdEs
+Dx3iC29r2LhYzQidp51ZuLNptJGvFz5eQrFivgqlTfdgxPBC
+LVXN1zMu9N5f0PVRk8BGsoxK9Jwum05TvEnXu+IbwWpM70roh9H6KlQU5azZfYnTUMossrYo=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-28179427" />
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-24390742" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<m3:UsernameToken xsi:type="m3:UsernameTokenType">
<m3:Username>YSV101676</m3:Username>
<m3:Password
Type=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
xsi:type="m3:PasswordString">
r8328hFs
</m3:Password>
</m3:UsernameToken>
</:m3:Security>
</:SOAP-ENV:Header>
<SOAP-ENV:Body>
<m1:updateMetadata>
<m1:docIDs>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-31188783">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
lfVNeqOdi8BjOqdWZ
+Vniu3oXf9h8sjP2FG7wLHVlrxd/w3Gaj8tpW3r83HhSQk87Ta1CFGPN1VG
IWBZW6VQOg==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:docIDs>
<m1:metadata>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-28179427">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
YxeTDZRvhDlAAYmTvMoyp2l3u1fywZJ8uMgI3M
+hmEEqOoAQwmrWTeG8JEyDFymlycnEoT7siMR9
dOkauixPm7OIb6uW/2WlpK106/3RqRe/Rwj98zne2WiG6otfM5gWICpc7i2bf97opS2MFcM85v13
6bCXXbEybWw
+erNexIEUcVg56L50dup4d2PqVNHUSZurdKYwKmR944QjydN25zTO9XjvhoppHCDT
nuoUz1UuIHiDXtDgFpSknHoGzMA8tWebb4PNy6fBViqfoT39EGNMF7C2N+aVygR2xl3OY63Lbix
+
xbxq3g
+3BHlDbsDaCtVaC4BIM637xr75xQGUp/sHVEx/mY6KUoxcLHQgQbe0vrXKFdWIQ7zHRjQq
o04PRIJTOWW9hruD+2HS3UEo0v8t
+G2jHsirqmv17vr1uPcq0NZzRJVSpVAxS1KOIaSBtJeBbxui
EvB1ZAb9hxOXQ8NYT0xrzp3SFrvkcLLT0h1Skvg50A4r6yBDWFeHUDCX
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:metadata>
<m1:context>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-24390742">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
M960LIC0KgOVcGTbB0CvRaV7ONx2wjjFRhMVrBYW9G61v
+esYY2mP6p4k9gJWrDyfqthgYDfLyPp
eRjSpgSAlXNGMwrMW8/9QUlDmKloKQvTLGTSJG5ySpSkrY5NLyTDp1LSnjvWvRoaPYuHEBKHdw==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:context>
</:m1:updateMetadata>
</:SOAP-ENV:Body>
</SOAP-ENV:Envelope>
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Antwort: AW: Antwort: RE: Decryption with several EncryptedKey
elements
Posted by Fred Dushin <fa...@apache.org>.
On Jul 23, 2008, at 6:48 AM, Oliver Wulff wrote:
> One follow on question:
> Let's assume a complexType called WageData is defined. We have a
> client
> which calls an intermediary which then calls the target wage data
> service.
> Some data must be encrypted with the public key of the intermediary
> but the
> WageData type must be encrypted with the public key of the target
> wage data
> service.
> Let's assume that a soap request with two security headers (different
> actors for intermediary and target service) is received in the
> intermediary. The interesting part now is how the language binding
> (JAX-WS)
> looks like for the WageData type. The intermediary can't decrypt it
> but the
> JAX-WS service implementation must access this element to pass it on
> to the
> target service. Is this usecase covered in JAX-WS
Yes, indeed, that is a problem for any middleware stack that needs to
unmarshal DOM into some kind of type system, be it JAX-B, or Mom's Own
Cooking types.
In that case, the best the intermediate can do is re-marshal the DOM,
and pass the request on to the next tier.
I'd think that an EIP engine, like Apache Camel, would be the right
tool for the job, not a service creation engine, like Axis or CXF.
-Fred
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Antwort: AW: Antwort: RE: Decryption with several EncryptedKey elements
Posted by Oliver Wulff <ol...@zurich.ch>.
Thanks for clarification guys.
I thought that this fact should be part of a spec like WS-I. I've checked
the following one:
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#XMLEncryption
But I haven't found anything which says that. Have I overlooked that?
But I have found the recommendation about the soap actor:
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html#SOAPActorAttribute
One follow on question:
Let's assume a complexType called WageData is defined. We have a client
which calls an intermediary which then calls the target wage data service.
Some data must be encrypted with the public key of the intermediary but the
WageData type must be encrypted with the public key of the target wage data
service.
Let's assume that a soap request with two security headers (different
actors for intermediary and target service) is received in the
intermediary. The interesting part now is how the language binding (JAX-WS)
looks like for the WageData type. The intermediary can't decrypt it but the
JAX-WS service implementation must access this element to pass it on to the
target service. Is this usecase covered in JAX-WS?
Thanks
Oliver
"Dittmann, Werner
(NSN - An: "ext Oliver Wulff" <ol...@zurich.ch>, <Co...@iona.com>
DE/Muenich)" Kopie: <ws...@ws.apache.org>
<werner.dittmann@ Thema: AW: Antwort: RE: Decryption with several EncryptedKey elements
nsn.com>
23.07.2008 11:10
Oliver,
that's not a workaround - actor was defined to provide sperarate
processing of different Security header bydifferent actors (rules).
If the actor is set then it (shall) only process the security header
that has the same actor attribute value.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: ext Oliver Wulff [mailto:oliver.wulff@zurich.ch]
> Gesendet: Mittwoch, 23. Juli 2008 07:39
> An: Colm.OhEigeartaigh@iona.com
> Cc: wss4j-dev@ws.apache.org
> Betreff: Antwort: RE: Decryption with several EncryptedKey elements
>
> Hi Colm
>
> Thanks for your feedback. At least the API allows you to pass
> the actor
> when processing the soap headers. I do have control of the
> creation of the
> soap request.
>
> One question for you: when I split the two encrypted keys
> into different
> soap headers is that best practise or a workaround?
>
> Thanks
> Oliver
>
>
>
>
>
>
> "O hEigeartaigh,
>
>
> Colm" An:
> "Oliver Wulff" <ol...@zurich.ch>,
> <ws...@ws.apache.org>
> <Colm.OhEigeartaig Kopie:
>
>
> h@iona.com> Thema: RE:
> Decryption with several EncryptedKey elements
>
>
>
>
> 22.07.2008 19:09
>
>
>
>
>
>
>
>
>
> Hi Oliver,
>
> Do you have control over the creation of the SOAP request? If so, one
> possibility is to create a different security header for both
> encrypted
> keys using a specific "actor" attribute for both. On the
> processing side,
> WSS4J can be configured to only process a security header with the
> specified actor name (at least I think it can, I haven't tried it).
>
> If not, then I suspect the only option is to write your own
> processor or
> submit an enhancement request.
>
> Colm.
>
> -----Original Message-----
> From: Oliver Wulff [mailto:oliver.wulff@zurich.ch]
> Sent: 22 July 2008 17:28
> To: wss4j-dev@ws.apache.org
> Subject: Decryption with several EncryptedKey elements
>
>
> Hi all
>
> I've got a soap request (see below) with two EncryptedKey elements
> (different public keys).
>
> My application is in the possession of only one private key
> which means
> that it can only process some of the encrypted elements. If I
> process the
> security header the following exception is thrown:
>
> Caused by: org.apache.ws.security.WSSecurityException: Cannot
> encrypt/decrypt data; nested exception is:
> java.lang.Exception: alias is null
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> ncryptedKey
> (EncryptedKeyProcessor.java:287)
>
>
> How can I tell WSS4J to ignore the EncryptedKey elements which are not
> intended to be decrypted?
>
> This is the code to decrypt the soap message:
>
> String message = ... ;
> String cert = .... ;
>
> try {
> InputStream inStream = new
> ByteArrayInputStream(message.getBytes());
> SOAPMessage soapmsg =
> MessageFactory.newInstance().createMessage());
> null, inStream);
> Document doc = (Document) soapmsg.getSOAPPart();
>
> Crypto crypto = CryptoFactory.getInstance(cert);
>
> secEngine.processSecurityHeader(doc, null, new
> MyCallbackHandler(),;
> crypto);
>
> TransformerFactory tFactory = TransformerFactory.newInstance();
> Transformer transformer = tFactory.newTransformer();
> DOMSource source = new DOMSource(doc);
> StringWriter sw = new StringWriter();;
> StreamResult result = new StreamResult(sw);
> transformer.transform(source, result);
> return sw.toString();
>
> } catch (Exception ex) {
> ex.printStackTrace();
> throw new RuntimeException(ex);
> }
>
>
> Here is the input soap request:;
> <?xml version="1.0" encoding="UTF-8"?>
> <>SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:m2="http://ecm.zurich.com/svc/ws/types"
> xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:m1="http://ecm.zurich.com/svc/ws/document_v1_0">
> <SOAP-ENV:Header>
> <m3:Security
> xmlns:m3=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-secext-1.0.xsd
> "
> SOAP-ENV:mustUnderstand.="1">
> <xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Id="EncKeyId-712593">
> <xenc:EncryptionMethod
> Algorithm=
> ":http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo
>
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#:"
> >
> <wsse:SecurityTokenReference
> xmlns:wsse=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-secext-1.0.xsd
> "
> >
> <ds:X509Data
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerSerial
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerName
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
>
> EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
> Internal
> CA,OU=ING,O=Swiss Data
> Center,L=Zurich
>
> Insurance,ST=Zurich,C=CH
> </ds:X509IssuerName>
>
> <ds:X509SerialNumber
> xmlns:ds=
> ".http://www.w3.org/2000/09/xmldsig#">
> 446
> </ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> gL4WtugirLpupgr7i9I6VVHyDu2H6sS1phCX8zY9+65dTf8LtsDSjVFNLaBHmI
rfMLXgC1gREA
> +WnUGoObNV5Ek1VePLrCzYp4TGzVR0wxbhF6m1Zzc81wKArtLHflcXKsn5v7rU
> vArC3bh4o7QqBs6o1W13EmI244r9ZA30gqY=
>
> </xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> xmlns:xenc=
> ":http://www.w3.org/2001/04/xmlenc#"
> URI="#EncDataId-31188783" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Id="EncKeyId-30675222">
> <xenc:EncryptionMethod
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo
>
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#:"
> >
> <wsse:SecurityTokenReference
> xmlns:wsse=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-secext-1.0.xsd
> "
> >
> <ds:X509Data
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerSerial
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerName
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
>
> EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
> Internal
> CA,OU=ING,O=Swiss Data
> Center,L=Zurich
>
> Insurance,ST=Zurich,C=CH
> </ds:X509IssuerName>
>
> <ds:X509SerialNumber
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> 447
> </ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> RVKDb7RnEPf1/566a4kSEy0Q8Rq2cglbyEcoxHy7YtFQfQdEs
> +Dx3iC29r2LhYzQidp51ZuLNptJGvFz5eQrFivgqlTfdgxPBC
> +LVXN1zMu9N5f0PVRk8BGsoxK9Jwum05TvEnXu+IbwWpM70roh9H6KlQU5azZf
> YnTUMossrYo=
> </xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> URI="#EncDataId-28179427" />
> <xenc:DataReference
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> URI="#EncDataId-24390742" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <m3:UsernameToken xsi:type="m3:UsernameTokenType">
> <m3:Username>YSV101676</m3:Username>
> <m3:Password
> Type=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-userna
me-token-profile-1.0#PasswordText
> "
> xsi:type="m3:PasswordString">
> r8328hFs
> </m3:Password>
> </m3:UsernameToken>
> </:m3:Security>
> </:SOAP-ENV:Header>
> <SOAP-ENV:Body>
> <m1:updateMetadata>
> <m1:docIDs>
> <xenc:EncryptedData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Type=
> "http://www.w3.org/2001/04/xmlenc#Content>"
> Id="EncDataId-31188783">
> <xenc:EncryptionMethod
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> lfVNeqOdi8BjOqdWZ
> +Vniu3oXf9h8sjP2FG7wLHVlrxd/w3Gaj8tpW3r83HhSQk87Ta1CFGPN1VG
> IWBZW6VQOg==
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </m1:docIDs>
> <m1:metadata>
> <xenc:EncryptedData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Type=
> "http://www.w3.org/2001/04/xmlenc#Content>"
> Id="EncDataId-28179427">
> <xenc:EncryptionMethod
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> YxeTDZRvhDlAAYmTvMoyp2l3u1fywZJ8uMgI3M
> +hmEEqOoAQwmrWTeG8JEyDFymlycnEoT7siMR9
>
> dOkauixPm7OIb6uW/2WlpK106/3RqRe/Rwj98zne2WiG6otfM5gWICpc7i2bf9
> 7opS2MFcM85v13
>
> 6bCXXbEybWw
> +erNexIEUcVg56L50dup4d2PqVNHUSZurdKYwKmR944QjydN25zTO9XjvhoppHCDT
>
> nuoUz1UuIHiDXtDgFpSknHoGzMA8tWebb4PNy6fBViqfoT39EGNMF7C2N+aVyg
> R2xl3OY63Lbix
> +
> xbxq3g
> +3BHlDbsDaCtVaC4BIM637xr75xQGUp/sHVEx/mY6KUoxcLHQgQbe0vrXKFdWIQ7zHRjQq
> o04PRIJTOWW9hruD+2HS3UEo0v8t
> +G2jHsirqmv17vr1uPcq0NZzRJVSpVAxS1KOIaSBtJeBbxui
>
> EvB1ZAb9hxOXQ8NYT0xrzp3SFrvkcLLT0h1Skvg50A4r6yBDWFeHUDCX
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </m1:metadata>
> <m1:context>
> <xenc:EncryptedData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Type=
> "http://www.w3.org/2001/04/xmlenc#Content>"
> Id="EncDataId-24390742">
> <xenc:EncryptionMethod
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> M960LIC0KgOVcGTbB0CvRaV7ONx2wjjFRhMVrBYW9G61v
> +esYY2mP6p4k9gJWrDyfqthgYDfLyPp
>
> eRjSpgSAlXNGMwrMW8/9QUlDmKloKQvTLGTSJG5ySpSkrY5NLyTDp1LSnjvWvR
> oaPYuHEBKHdw==
>
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </m1:context>
> </:m1:updateMetadata>
> </:SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
>
>
>
>
>
>
> ******************* BITTE BEACHTEN *******************
> Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
> möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
> Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
> genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
> irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
> Ausschluss jeder Reproduktion zu zerstören und die absendende Person
> umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road,
> Dublin 4, Ireland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
>
>
>
>
>
> ******************* BITTE BEACHTEN *******************
> Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
> möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
> Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
> genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
> irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
> Ausschluss jeder Reproduktion zu zerstören und die absendende Person
> umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
AW: Antwort: RE: Decryption with several EncryptedKey elements
Posted by "Dittmann, Werner (NSN - DE/Muenich)" <we...@nsn.com>.
Oliver,
that's not a workaround - actor was defined to provide sperarate
processing of different Security header bydifferent actors (rules).
If the actor is set then it (shall) only process the security header
that has the same actor attribute value.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: ext Oliver Wulff [mailto:oliver.wulff@zurich.ch]
> Gesendet: Mittwoch, 23. Juli 2008 07:39
> An: Colm.OhEigeartaigh@iona.com
> Cc: wss4j-dev@ws.apache.org
> Betreff: Antwort: RE: Decryption with several EncryptedKey elements
>
> Hi Colm
>
> Thanks for your feedback. At least the API allows you to pass
> the actor
> when processing the soap headers. I do have control of the
> creation of the
> soap request.
>
> One question for you: when I split the two encrypted keys
> into different
> soap headers is that best practise or a workaround?
>
> Thanks
> Oliver
>
>
>
>
>
>
> "O hEigeartaigh,
>
>
> Colm" An:
> "Oliver Wulff" <ol...@zurich.ch>,
> <ws...@ws.apache.org>
> <Colm.OhEigeartaig Kopie:
>
>
> h@iona.com> Thema: RE:
> Decryption with several EncryptedKey elements
>
>
>
>
> 22.07.2008 19:09
>
>
>
>
>
>
>
>
>
> Hi Oliver,
>
> Do you have control over the creation of the SOAP request? If so, one
> possibility is to create a different security header for both
> encrypted
> keys using a specific "actor" attribute for both. On the
> processing side,
> WSS4J can be configured to only process a security header with the
> specified actor name (at least I think it can, I haven't tried it).
>
> If not, then I suspect the only option is to write your own
> processor or
> submit an enhancement request.
>
> Colm.
>
> -----Original Message-----
> From: Oliver Wulff [mailto:oliver.wulff@zurich.ch]
> Sent: 22 July 2008 17:28
> To: wss4j-dev@ws.apache.org
> Subject: Decryption with several EncryptedKey elements
>
>
> Hi all
>
> I've got a soap request (see below) with two EncryptedKey elements
> (different public keys).
>
> My application is in the possession of only one private key
> which means
> that it can only process some of the encrypted elements. If I
> process the
> security header the following exception is thrown:
>
> Caused by: org.apache.ws.security.WSSecurityException: Cannot
> encrypt/decrypt data; nested exception is:
> java.lang.Exception: alias is null
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> ncryptedKey
> (EncryptedKeyProcessor.java:287)
>
>
> How can I tell WSS4J to ignore the EncryptedKey elements which are not
> intended to be decrypted?
>
> This is the code to decrypt the soap message:
>
> String message = ... ;
> String cert = .... ;
>
> try {
> InputStream inStream = new
> ByteArrayInputStream(message.getBytes());
> SOAPMessage soapmsg =
> MessageFactory.newInstance().createMessage());
> null, inStream);
> Document doc = (Document) soapmsg.getSOAPPart();
>
> Crypto crypto = CryptoFactory.getInstance(cert);
>
> secEngine.processSecurityHeader(doc, null, new
> MyCallbackHandler(),;
> crypto);
>
> TransformerFactory tFactory = TransformerFactory.newInstance();
> Transformer transformer = tFactory.newTransformer();
> DOMSource source = new DOMSource(doc);
> StringWriter sw = new StringWriter();;
> StreamResult result = new StreamResult(sw);
> transformer.transform(source, result);
> return sw.toString();
>
> } catch (Exception ex) {
> ex.printStackTrace();
> throw new RuntimeException(ex);
> }
>
>
> Here is the input soap request:;
> <?xml version="1.0" encoding="UTF-8"?>
> <>SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:m2="http://ecm.zurich.com/svc/ws/types"
> xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:m1="http://ecm.zurich.com/svc/ws/document_v1_0">
> <SOAP-ENV:Header>
> <m3:Security
> xmlns:m3=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-secext-1.0.xsd
> "
> SOAP-ENV:mustUnderstand.="1">
> <xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Id="EncKeyId-712593">
> <xenc:EncryptionMethod
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo
>
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> >
> <wsse:SecurityTokenReference
> xmlns:wsse=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-secext-1.0.xsd
> "
> >
> <ds:X509Data
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerSerial
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerName
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
>
> EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
> Internal
> CA,OU=ING,O=Swiss Data
> Center,L=Zurich
>
> Insurance,ST=Zurich,C=CH
> </ds:X509IssuerName>
>
> <ds:X509SerialNumber
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> 446
> </ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> gL4WtugirLpupgr7i9I6VVHyDu2H6sS1phCX8zY9+65dTf8LtsDSjVFNLaBHmI
rfMLXgC1gREA
> +WnUGoObNV5Ek1VePLrCzYp4TGzVR0wxbhF6m1Zzc81wKArtLHflcXKsn5v7rU
> vArC3bh4o7QqBs6o1W13EmI244r9ZA30gqY=
>
> </xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> URI="#EncDataId-31188783" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Id="EncKeyId-30675222">
> <xenc:EncryptionMethod
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
> <ds:KeyInfo
>
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> >
> <wsse:SecurityTokenReference
> xmlns:wsse=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecu
rity-secext-1.0.xsd
> "
> >
> <ds:X509Data
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerSerial
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> <ds:X509IssuerName
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
>
> EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
> Internal
> CA,OU=ING,O=Swiss Data
> Center,L=Zurich
>
> Insurance,ST=Zurich,C=CH
> </ds:X509IssuerName>
>
> <ds:X509SerialNumber
> xmlns:ds=
> "http://www.w3.org/2000/09/xmldsig#">
> 447
> </ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> RVKDb7RnEPf1/566a4kSEy0Q8Rq2cglbyEcoxHy7YtFQfQdEs
> +Dx3iC29r2LhYzQidp51ZuLNptJGvFz5eQrFivgqlTfdgxPBC
> +LVXN1zMu9N5f0PVRk8BGsoxK9Jwum05TvEnXu+IbwWpM70roh9H6KlQU5azZf
> YnTUMossrYo=
> </xenc:CipherValue>
> </xenc:CipherData>
> <xenc:ReferenceList>
> <xenc:DataReference
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> URI="#EncDataId-28179427" />
> <xenc:DataReference
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> URI="#EncDataId-24390742" />
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> <m3:UsernameToken xsi:type="m3:UsernameTokenType">
> <m3:Username>YSV101676</m3:Username>
> <m3:Password
> Type=
> "
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-userna
me-token-profile-1.0#PasswordText
> "
> xsi:type="m3:PasswordString">
> r8328hFs
> </m3:Password>
> </m3:UsernameToken>
> </:m3:Security>
> </:SOAP-ENV:Header>
> <SOAP-ENV:Body>
> <m1:updateMetadata>
> <m1:docIDs>
> <xenc:EncryptedData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Type=
> "http://www.w3.org/2001/04/xmlenc#Content"
> Id="EncDataId-31188783">
> <xenc:EncryptionMethod
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> lfVNeqOdi8BjOqdWZ
> +Vniu3oXf9h8sjP2FG7wLHVlrxd/w3Gaj8tpW3r83HhSQk87Ta1CFGPN1VG
> IWBZW6VQOg==
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </m1:docIDs>
> <m1:metadata>
> <xenc:EncryptedData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Type=
> "http://www.w3.org/2001/04/xmlenc#Content"
> Id="EncDataId-28179427">
> <xenc:EncryptionMethod
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> YxeTDZRvhDlAAYmTvMoyp2l3u1fywZJ8uMgI3M
> +hmEEqOoAQwmrWTeG8JEyDFymlycnEoT7siMR9
>
> dOkauixPm7OIb6uW/2WlpK106/3RqRe/Rwj98zne2WiG6otfM5gWICpc7i2bf9
> 7opS2MFcM85v13
>
> 6bCXXbEybWw
> +erNexIEUcVg56L50dup4d2PqVNHUSZurdKYwKmR944QjydN25zTO9XjvhoppHCDT
>
> nuoUz1UuIHiDXtDgFpSknHoGzMA8tWebb4PNy6fBViqfoT39EGNMF7C2N+aVyg
> R2xl3OY63Lbix
> +
> xbxq3g
> +3BHlDbsDaCtVaC4BIM637xr75xQGUp/sHVEx/mY6KUoxcLHQgQbe0vrXKFdWIQ7zHRjQq
> o04PRIJTOWW9hruD+2HS3UEo0v8t
> +G2jHsirqmv17vr1uPcq0NZzRJVSpVAxS1KOIaSBtJeBbxui
>
> EvB1ZAb9hxOXQ8NYT0xrzp3SFrvkcLLT0h1Skvg50A4r6yBDWFeHUDCX
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </m1:metadata>
> <m1:context>
> <xenc:EncryptedData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Type=
> "http://www.w3.org/2001/04/xmlenc#Content"
> Id="EncDataId-24390742">
> <xenc:EncryptionMethod
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#"
> Algorithm=
> "http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
> <xenc:CipherData
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
> <xenc:CipherValue
> xmlns:xenc=
> "http://www.w3.org/2001/04/xmlenc#">
>
> M960LIC0KgOVcGTbB0CvRaV7ONx2wjjFRhMVrBYW9G61v
> +esYY2mP6p4k9gJWrDyfqthgYDfLyPp
>
> eRjSpgSAlXNGMwrMW8/9QUlDmKloKQvTLGTSJG5ySpSkrY5NLyTDp1LSnjvWvR
> oaPYuHEBKHdw==
>
> </xenc:CipherValue>
> </xenc:CipherData>
> </xenc:EncryptedData>
> </m1:context>
> </:m1:updateMetadata>
> </:SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
>
>
>
>
>
>
> ******************* BITTE BEACHTEN *******************
> Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
> möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
> Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
> genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
> irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
> Ausschluss jeder Reproduktion zu zerstören und die absendende Person
> umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
> ----------------------------
> IONA Technologies PLC (registered in Ireland)
> Registered Number: 171387
> Registered Address: The IONA Building, Shelbourne Road,
> Dublin 4, Ireland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
>
>
>
>
>
>
>
> ******************* BITTE BEACHTEN *******************
> Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
> möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
> Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
> genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
> irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
> Ausschluss jeder Reproduktion zu zerstören und die absendende Person
> umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Antwort: RE: Decryption with several EncryptedKey elements
Posted by Oliver Wulff <ol...@zurich.ch>.
Hi Colm
Thanks for your feedback. At least the API allows you to pass the actor
when processing the soap headers. I do have control of the creation of the
soap request.
One question for you: when I split the two encrypted keys into different
soap headers is that best practise or a workaround?
Thanks
Oliver
"O hEigeartaigh,
Colm" An: "Oliver Wulff" <ol...@zurich.ch>, <ws...@ws.apache.org>
<Colm.OhEigeartaig Kopie:
h@iona.com> Thema: RE: Decryption with several EncryptedKey elements
22.07.2008 19:09
Hi Oliver,
Do you have control over the creation of the SOAP request? If so, one
possibility is to create a different security header for both encrypted
keys using a specific "actor" attribute for both. On the processing side,
WSS4J can be configured to only process a security header with the
specified actor name (at least I think it can, I haven't tried it).
If not, then I suspect the only option is to write your own processor or
submit an enhancement request.
Colm.
-----Original Message-----
From: Oliver Wulff [mailto:oliver.wulff@zurich.ch]
Sent: 22 July 2008 17:28
To: wss4j-dev@ws.apache.org
Subject: Decryption with several EncryptedKey elements
Hi all
I've got a soap request (see below) with two EncryptedKey elements
(different public keys).
My application is in the possession of only one private key which means
that it can only process some of the encrypted elements. If I process the
security header the following exception is thrown:
Caused by: org.apache.ws.security.WSSecurityException: Cannot
encrypt/decrypt data; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey
(EncryptedKeyProcessor.java:287)
How can I tell WSS4J to ignore the EncryptedKey elements which are not
intended to be decrypted?
This is the code to decrypt the soap message:
String message = ... ;
String cert = .... ;
try {
InputStream inStream = new ByteArrayInputStream(message.getBytes());
SOAPMessage soapmsg = MessageFactory.newInstance().createMessage());
null, inStream);
Document doc = (Document) soapmsg.getSOAPPart();
Crypto crypto = CryptoFactory.getInstance(cert);
secEngine.processSecurityHeader(doc, null, new MyCallbackHandler(),;
crypto);
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
DOMSource source = new DOMSource(doc);
StringWriter sw = new StringWriter();;
StreamResult result = new StreamResult(sw);
transformer.transform(source, result);
return sw.toString();
} catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(ex);
}
Here is the input soap request:;
<?xml version="1.0" encoding="UTF-8"?>
<>SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:m2="http://ecm.zurich.com/svc/ws/types"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:m1="http://ecm.zurich.com/svc/ws/document_v1_0">
<SOAP-ENV:Header>
<m3:Security
xmlns:m3=
"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
SOAP-ENV:mustUnderstand.="1">
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyId-712593">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<wsse:SecurityTokenReference
xmlns:wsse=
"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
446
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
gL4WtugirLpupgr7i9I6VVHyDu2H6sS1phCX8zY9+65dTf8LtsDSjVFNLaBHmIrfMLXgC1gREA
+WnUGoObNV5Ek1VePLrCzYp4TGzVR0wxbhF6m1Zzc81wKArtLHflcXKsn5v7rUvArC3bh4o7QqBs6o1W13EmI244r9ZA30gqY=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-31188783" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyId-30675222">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<wsse:SecurityTokenReference
xmlns:wsse=
"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
447
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
RVKDb7RnEPf1/566a4kSEy0Q8Rq2cglbyEcoxHy7YtFQfQdEs
+Dx3iC29r2LhYzQidp51ZuLNptJGvFz5eQrFivgqlTfdgxPBC
+LVXN1zMu9N5f0PVRk8BGsoxK9Jwum05TvEnXu+IbwWpM70roh9H6KlQU5azZfYnTUMossrYo=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-28179427" />
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-24390742" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<m3:UsernameToken xsi:type="m3:UsernameTokenType">
<m3:Username>YSV101676</m3:Username>
<m3:Password
Type=
"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
"
xsi:type="m3:PasswordString">
r8328hFs
</m3:Password>
</m3:UsernameToken>
</:m3:Security>
</:SOAP-ENV:Header>
<SOAP-ENV:Body>
<m1:updateMetadata>
<m1:docIDs>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-31188783">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
lfVNeqOdi8BjOqdWZ
+Vniu3oXf9h8sjP2FG7wLHVlrxd/w3Gaj8tpW3r83HhSQk87Ta1CFGPN1VG
IWBZW6VQOg==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:docIDs>
<m1:metadata>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-28179427">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
YxeTDZRvhDlAAYmTvMoyp2l3u1fywZJ8uMgI3M
+hmEEqOoAQwmrWTeG8JEyDFymlycnEoT7siMR9
dOkauixPm7OIb6uW/2WlpK106/3RqRe/Rwj98zne2WiG6otfM5gWICpc7i2bf97opS2MFcM85v13
6bCXXbEybWw
+erNexIEUcVg56L50dup4d2PqVNHUSZurdKYwKmR944QjydN25zTO9XjvhoppHCDT
nuoUz1UuIHiDXtDgFpSknHoGzMA8tWebb4PNy6fBViqfoT39EGNMF7C2N+aVygR2xl3OY63Lbix
+
xbxq3g
+3BHlDbsDaCtVaC4BIM637xr75xQGUp/sHVEx/mY6KUoxcLHQgQbe0vrXKFdWIQ7zHRjQq
o04PRIJTOWW9hruD+2HS3UEo0v8t
+G2jHsirqmv17vr1uPcq0NZzRJVSpVAxS1KOIaSBtJeBbxui
EvB1ZAb9hxOXQ8NYT0xrzp3SFrvkcLLT0h1Skvg50A4r6yBDWFeHUDCX
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:metadata>
<m1:context>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-24390742">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
M960LIC0KgOVcGTbB0CvRaV7ONx2wjjFRhMVrBYW9G61v
+esYY2mP6p4k9gJWrDyfqthgYDfLyPp
eRjSpgSAlXNGMwrMW8/9QUlDmKloKQvTLGTSJG5ySpSkrY5NLyTDp1LSnjvWvRoaPYuHEBKHdw==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:context>
</:m1:updateMetadata>
</:SOAP-ENV:Body>
</SOAP-ENV:Envelope>
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
RE: Decryption with several EncryptedKey elements
Posted by "O hEigeartaigh, Colm" <Co...@iona.com>.
Hi Oliver,
Do you have control over the creation of the SOAP request? If so, one possibility is to create a different security header for both encrypted keys using a specific "actor" attribute for both. On the processing side, WSS4J can be configured to only process a security header with the specified actor name (at least I think it can, I haven't tried it).
If not, then I suspect the only option is to write your own processor or submit an enhancement request.
Colm.
-----Original Message-----
From: Oliver Wulff [mailto:oliver.wulff@zurich.ch]
Sent: 22 July 2008 17:28
To: wss4j-dev@ws.apache.org
Subject: Decryption with several EncryptedKey elements
Hi all
I've got a soap request (see below) with two EncryptedKey elements
(different public keys).
My application is in the possession of only one private key which means
that it can only process some of the encrypted elements. If I process the
security header the following exception is thrown:
Caused by: org.apache.ws.security.WSSecurityException: Cannot
encrypt/decrypt data; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey
(EncryptedKeyProcessor.java:287)
How can I tell WSS4J to ignore the EncryptedKey elements which are not
intended to be decrypted?
This is the code to decrypt the soap message:
String message = ... ;
String cert = .... ;
try {
InputStream inStream = new ByteArrayInputStream(message.getBytes());
SOAPMessage soapmsg = MessageFactory.newInstance().createMessage());
null, inStream);
Document doc = (Document) soapmsg.getSOAPPart();
Crypto crypto = CryptoFactory.getInstance(cert);
secEngine.processSecurityHeader(doc, null, new MyCallbackHandler(),;
crypto);
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
DOMSource source = new DOMSource(doc);
StringWriter sw = new StringWriter();;
StreamResult result = new StreamResult(sw);
transformer.transform(source, result);
return sw.toString();
} catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(ex);
}
Here is the input soap request:;
<?xml version="1.0" encoding="UTF-8"?>
<>SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:m2="http://ecm.zurich.com/svc/ws/types"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:m1="http://ecm.zurich.com/svc/ws/document_v1_0">
<SOAP-ENV:Header>
<m3:Security
xmlns:m3=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
SOAP-ENV:mustUnderstand.="1">
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyId-712593">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<wsse:SecurityTokenReference
xmlns:wsse=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
446
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
gL4WtugirLpupgr7i9I6VVHyDu2H6sS1phCX8zY9+65dTf8LtsDSjVFNLaBHmIrfMLXgC1gREA
+WnUGoObNV5Ek1VePLrCzYp4TGzVR0wxbhF6m1Zzc81wKArtLHflcXKsn5v7rUvArC3bh4o7QqBs6o1W13EmI244r9ZA30gqY=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-31188783" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EncKeyId-30675222">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>
<wsse:SecurityTokenReference
xmlns:wsse=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
EMAILADDRESS=chr_netsecure@zurich.com,CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#">
447
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
RVKDb7RnEPf1/566a4kSEy0Q8Rq2cglbyEcoxHy7YtFQfQdEs
+Dx3iC29r2LhYzQidp51ZuLNptJGvFz5eQrFivgqlTfdgxPBC
+LVXN1zMu9N5f0PVRk8BGsoxK9Jwum05TvEnXu+IbwWpM70roh9H6KlQU5azZfYnTUMossrYo=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-28179427" />
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
URI="#EncDataId-24390742" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<m3:UsernameToken xsi:type="m3:UsernameTokenType">
<m3:Username>YSV101676</m3:Username>
<m3:Password
Type=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"
xsi:type="m3:PasswordString">
r8328hFs
</m3:Password>
</m3:UsernameToken>
</:m3:Security>
</:SOAP-ENV:Header>
<SOAP-ENV:Body>
<m1:updateMetadata>
<m1:docIDs>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-31188783">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
lfVNeqOdi8BjOqdWZ
+Vniu3oXf9h8sjP2FG7wLHVlrxd/w3Gaj8tpW3r83HhSQk87Ta1CFGPN1VG
IWBZW6VQOg==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:docIDs>
<m1:metadata>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-28179427">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
YxeTDZRvhDlAAYmTvMoyp2l3u1fywZJ8uMgI3M
+hmEEqOoAQwmrWTeG8JEyDFymlycnEoT7siMR9
dOkauixPm7OIb6uW/2WlpK106/3RqRe/Rwj98zne2WiG6otfM5gWICpc7i2bf97opS2MFcM85v13
6bCXXbEybWw
+erNexIEUcVg56L50dup4d2PqVNHUSZurdKYwKmR944QjydN25zTO9XjvhoppHCDT
nuoUz1UuIHiDXtDgFpSknHoGzMA8tWebb4PNy6fBViqfoT39EGNMF7C2N+aVygR2xl3OY63Lbix
+
xbxq3g
+3BHlDbsDaCtVaC4BIM637xr75xQGUp/sHVEx/mY6KUoxcLHQgQbe0vrXKFdWIQ7zHRjQq
o04PRIJTOWW9hruD+2HS3UEo0v8t
+G2jHsirqmv17vr1uPcq0NZzRJVSpVAxS1KOIaSBtJeBbxui
EvB1ZAb9hxOXQ8NYT0xrzp3SFrvkcLLT0h1Skvg50A4r6yBDWFeHUDCX
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:metadata>
<m1:context>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Type=
"http://www.w3.org/2001/04/xmlenc#Content"
Id="EncDataId-24390742">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#"
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#">
M960LIC0KgOVcGTbB0CvRaV7ONx2wjjFRhMVrBYW9G61v
+esYY2mP6p4k9gJWrDyfqthgYDfLyPp
eRjSpgSAlXNGMwrMW8/9QUlDmKloKQvTLGTSJG5ySpSkrY5NLyTDp1LSnjvWvRoaPYuHEBKHdw==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:context>
</:m1:updateMetadata>
</:SOAP-ENV:Body>
</SOAP-ENV:Envelope>
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
----------------------------
IONA Technologies PLC (registered in Ireland)
Registered Number: 171387
Registered Address: The IONA Building, Shelbourne Road, Dublin 4, Ireland
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org