You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Mujahed Syed (JIRA)" <ji...@apache.org> on 2014/08/29 13:36:54 UTC

[jira] [Commented] (SANTUARIO-397) EncryptedKey Id Validation fails

    [ https://issues.apache.org/jira/browse/SANTUARIO-397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115158#comment-14115158 ] 

Mujahed Syed commented on SANTUARIO-397:
----------------------------------------

updating the priority as we are unable to use proceed with our UAT/PROD release.

> EncryptedKey Id Validation fails
> --------------------------------
>
>                 Key: SANTUARIO-397
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-397
>             Project: Santuario
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: Java 2.0.1
>         Environment: Java, Xerces parser (or any validator)
>            Reporter: Mujahed Syed
>            Assignee: Colm O hEigeartaigh
>            Priority: Blocker
>              Labels: EncryptedKey, security, validation, xml
>         Attachments: validation-issue.zip
>
>
> The issue is discussed on this page: http://apache-xml-project.6118.n7.nabble.com/EncryptedKey-Id-Validation-fails-td41424.html
> ISSUE Simulation
> run the App.java class attached to this JIRA.
> ISSUE DESCRIPTION:
> I have a flow that does encryption using xmlsec library 2.0.1 and it then sends the encrypted message to third party system. This third party is unable to validate the message if there are two or more encrypted xml elements in them and the exception they see is: validation failed with SEVERE parse event: cvc-id.2: There are multiple occurrences of ID value 'G0babc16e-4911-4cfc-93ab-0b8905afd19e'.
> org.xml.sax.SAXParseException; cvc-id.2: There are multiple occurrences of ID value 'Gd88756c9-dd2e-4db3-9180-5d129a8ad5ce'. 
> This ID element is present in xenc:EncryptedKey element, and I can see that the message has the same Id twice, here is the encrypted message:
> <PurchaseOrder xmlns="urn:example:po">
>   <Items>
>     <Item Code="001-001-001" Quantity="1">
>       spade
>     </Item>
>     <Item Code="001-001-002" Quantity="1">
>       shovel
>     </Item>
>   </Items>
>   <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="Gceae4fd0-c41d-4249-84f4-7edecf0f8343" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
> <xenc:EncryptedKey Id="Gd88756c9-dd2e-4db3-9180-5d129a8ad5ce"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><xenc:CipherData><xenc:CipherValue>j7W67ywBNckkL1yh71aAD6AWoDlVGq2Rs75RBn0dahIcK48GsE4doQcfpg5dfuLGORa4UJ1k5JMA
> juH7ifAjJ+NZB6unxc/rwRPE6vc5YSekuM7wEymvRaABxLcodHh8bna7IsLlyvGcqnH2rhQ9PCCG
> I9cPTsxH4uLv+3CHoEY=
> </xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>TTpW2Gj0eTgOFhyfjzFosVAoIC1KbRUwCUV+hr4lATFM2cIFKVp4W+ffia7B4NXfQiqJqLVOCxUiy+oIG0dHaM97vobJZhrugvUxYH71HRBcKtT2Qr9ZAv4yV5XRM/iUnb1wiMeD+0KizyRArfRRMQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
>   <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="G5ce41c2f-130e-4bc9-8c03-5c52b7c30766" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
> <xenc:EncryptedKey Id="Gd88756c9-dd2e-4db3-9180-5d129a8ad5ce"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><xenc:CipherData><xenc:CipherValue>t8959RpcQ3fpQqsdryU8pE83jNR3QWLgXipjR9JH0IuZP07TB5GXmxkTEQ+Yern6Wv7ZF9EyXvA8
> s8QLVpwso5GRpdHjO9YEVMEQPSm9PDgAihTPzPijHA+28f+V45EU/BxRxUxyHvqRWpvxga6mxeGW
> Fbx1bdThiU5Y35IPw30=
> </xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>FeH0+xawqckGtuwSf2L5b69g9AqrEkfeqwpAray/mK3kxqcT92CtapeL7uGmNpfKMcj6uXHA+FihGssA+Pr6lT/WVlmny+ZulPGbaEuRCMlfuzz3XJSci42w1R5c3KSeGmr4t/qlD/ymejXzISOOAcAx1HJaM1hRtcA/+fO6RAYyG/oyqNpLhLJZYS5dI1kFq92XyVsWLnkDAcG9hDGJJe1g/Qm7mvQOkfXAnmsYo8oVfjk3fQN5uABzN4lseesDEzFXG5LFSHXtUEw3Pdz6pW3E0f6kdVGNyp4lQczLqIbP2qU+quXAKfNxPPZrIj8SaQisbIPk1jLZzIOqh4PP4lkHkmz+wgpDv9SYYbQMy2QbggHcUCgdCIJQUvKPFYU/sIIecr9FhIXlnRCoGyV7pA==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
> </PurchaseOrder>
> I did some investigation and the issue sounds very similar to https://issues.apache.org/jira/browse/WSS-242
> The issue can be simulated by adding one below line to the test case (https://github.com/coheigea/testcases/blob/master/apache/santuario/santuario-xml-encryption/src/test/java/org/apache/coheigea/santuario/xmlencryption/EncryptionStAXTest.java) and executing it;
>  namesToEncrypt.add(new QName("urn:example:po", "ShippingAddress"));
> if you System.out.println(baos.toString()); you can see that xenc:EncryptedKey Id is duplicated across the encrypted tags. I understand that this is key info but i think i am missing the correct xsd for validation.
> I have few queries:
> 1. The third party is using xerces to validate the encrypted xml, Can you please let me know where I can find XSD's that I can provide third party to use so they can correctly validate the encrypted XML?
> 2. if this is not because of XSD can you please guide on how we can perform the validation?
> 3. Also, I think id of encryptedkey is optional element, that is because I manually removed Id from both the tags and performed the decryption, it worked fine. So, how can i configure in the code to not set Id attribute for encryptedkey element?
> Appreciate your response, thanks a lot.



--
This message was sent by Atlassian JIRA
(v6.2#6252)