You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Colm O hEigeartaigh <co...@progress.com> on 2008/11/03 12:08:21 UTC

RE: WSSecurity Encryption Test failure (bug?)

> As you can see, the secure message has a readable body and an ecrypted

> one.

What version of XML security are you using? XML security 1.4.1 had this
bug. You should use XML security 1.4.0 for the time being, until CXF
picks up WSS4J 1.5.5, which uses XML security 1.4.2.

Colm.

-----Original Message-----
From: Cencio [mailto:cencio1980@gmail.com] 
Sent: 29 October 2008 14:01
To: users@cxf.apache.org
Subject: WSSecurity Encryption Test failure (bug?)


Hi all, 

i'm using cxf as a library without the infrastructure. Now i'm
implementing
the Wssec support and i use the test under
rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOut
Test.java
as starting point. When i use Encryption i have wrong results:

this is the source code:




public void testEncryption(SOAPMessage saajMsg) throws Exception {

    
    	System.out.println("ORIGINAL");
    	saajMsg.writeTo(System.out);
    	
        WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
        PhaseInterceptor<SoapMessage> handler =
ohandler.createEndingInterceptor();

        SoapMessage msg = new SoapMessage(new MessageImpl());
        Exchange ex = new ExchangeImpl();
        ex.setInMessage(msg);
        
        SOAPPart part = saajMsg.getSOAPPart();

        msg.setContent(SOAPMessage.class, saajMsg);
        
        msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
        msg.put(WSHandlerConstants.SIG_PROP_FILE,
"outsecurity.properties");
        msg.put(WSHandlerConstants.ENC_PROP_FILE,
"outsecurity.properties");
        msg.put(WSHandlerConstants.USER, "myalias");
        msg.put("password", "myAliasPassword");

        handler.handleMessage(msg);
        
        System.out.println("SECURE");
    	msg.getContent(SOAPMessage.class).writeTo(System.out);
    	
        Document doc = part;

        

        byte[] docbytes = getMessageBytes(doc);
        XMLStreamReader reader = StaxUtils.createXMLStreamReader(new
ByteArrayInputStream(docbytes));

        DocumentBuilderFactory dbf =
DocumentBuilderFactory.newInstance();

        dbf.setValidating(false);
        dbf.setIgnoringComments(false);
        dbf.setIgnoringElementContentWhitespace(true);
        dbf.setNamespaceAware(true);

        DocumentBuilder db = dbf.newDocumentBuilder();
        db.setEntityResolver(new NullResolver());
        doc = StaxUtils.read(db, reader, false);

    	
    	Exchange ex2 = new ExchangeImpl();
    	SoapMessage msg2 = new SoapMessage(new MessageImpl());
    	ex2.setInMessage(msg2);
        WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
        msg.setContent(SOAPMessage.class, saajMsg);
        SoapMessage inmsg = new SoapMessage(new MessageImpl());
        ex.setInMessage(inmsg);
        inmsg.setContent(SOAPMessage.class, saajMsg);

        inHandler.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.ENCRYPT);
        inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
"insecurity.properties");
        inHandler.setProperty(
            WSHandlerConstants.PW_CALLBACK_CLASS, 
            "org.openspcoop.wssecurity.TestPwdCallback"
        );

        inHandler.handleMessage(msg);
        //
        // Check that the EncryptedData is no longer there
        //
        System.out.println("UNSECURE");
    	msg.getContent(SOAPMessage.class).writeTo(System.out);
        
    }







This is the output:



ORIGINAL
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soapenv:Header xmlns="http://prova.openspcoop.it">
        <a:example1 xmlns:a="http://www.openspcoop.org"
soapenv:actor="http://www.prova.it" soapenv:mustUnderstand="0"
>prova</a:example1>
        <b:example2 xmlns:b="http://www.openspcoop.org"
soapenv:actor="http://www.prova.it" soapenv:mustUnderstand="0"
>prova2</b:example2>
        </soapenv:Header>
        <soapenv:Body>
<ns1:getQuote xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote>
<test/>
<test2/>
</soapenv:Body>
</soapenv:Envelope>


SECURE
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soapenv:Header xmlns="http://prova.openspcoop.it">
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"
soapenv:mustUnderstand="1"><xenc:EncryptedKey
Id="EncKeyId-urn:uuid:619559CEB49F1BC31C12252880950082"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"><ds:X509Data
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=myAlias</ds:X509IssuerN
ame>
<ds:X509SerialNumber
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1181668586</ds:X509SerialN
umber>
</ds:X509IssuerSerial>
</ds:X509Data></wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>Fn2JcrP0TQ1SOS63dzthpwHKVRDIZton3IOc8
CRML+Nb1ZHQL5yikWYsFTK7tbeyTYiZ8NPz/rok038FgyJ1YKUP07RXObiR6btTgvnCh0Eil
ihQGy1C/Qc1Vnghbmxi/r4Cfk6/rnFFgh1Jq7p/6c+y5W2sXHfreWvSZWD7uFc=</xenc:Ci
pherValue></xenc:CipherData>
<xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-30796400"/></xenc:ReferenceList></xenc:EncryptedKey></ws
se:Security>
        <a:example1 xmlns:a="http://www.openspcoop.org"
soapenv:actor="http://www.prova.it"
soapenv:mustUnderstand="0">prova</a:example1>
        <b:example2 xmlns:b="http://www.openspcoop.org"
soapenv:actor="http://www.prova.it"
soapenv:mustUnderstand="0">prova2</b:example2>
        </soapenv:Header>
        <soapenv:Body><ns1:getQuote
xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote><test/><test2/><xenc:EncryptedData
Id="EncDataId-30796400"
Type="http://www.w3.org/2001/04/xmlenc#Content"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"><wsse:Reference
URI="#EncKeyId-urn:uuid:619559CEB49F1BC31C12252880950082"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"/></wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:CipherValue
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">C1cn96owTKYnpBzXf5CL+pG4r
nrYqGeruZz6ukK5nTPtzpkBiRY2vxBRZJ5p4BaDMY0obgTMgU1U
c1UQfAvsooz1GDZ4L0hU5oai8d4bbcgihH1aFLIOjowZ3ZFaIKO5LW0kx9vWmmQlFu2ZWbyF
wyXb
vXFNPUbbSO8xKjnaXAO/Qt6rba+H+3J9ebt5Z8wcuema7ihl6BMQUs2bFM1AYJVgiVrsVYd1
BY/9
D6MnjhcuFchTYp29mQ2zfODuv0bIO8vn0/MN4JRZ/1Qa/SxQdlCuMmsB/PE/BgHZmSKkNUgl
fi5Y
CASTXpppTOTFTTjBJn0xNZ35vIvU/zbvshGQxxbQmfRtVVgnY+1k616bd+Wd9KkLxB2IzrFX
yIAK
49fGgYuzv/hOhmk32XQUn/+CsXCKt3duYcgR3mxzK9OKOgIZqkojZb7xN0dVKUOV8tGmlsLH
DTmq
30MXcLWElumsnqs24RHsTJO42+xL1WumoRzxAlngV0kwYgVGee8Iu/AA3HllWs14YVGB4VQ/
caOT
3Xag86GMMwfoADsm3yjqDnQhPVqaCQd6vEkarsoAynIzTcbPjwdg35CzvsWgyYvwbRKZtJ0s
Mw0P
x31emnrBfFaoQhCocLE/tPLxbPD4MhaDgucxbZ8N73v4xPYJXynanb6TJ+rsD5+Ng5FgZx3T
UFzw
B1f1Uy+lr7x6oaN1VBeQU1NkXtmc2nNjbbCSpYh0JA==</xenc:CipherValue></xenc:Ci
pherData></xenc:EncryptedData></soapenv:Body>
</soapenv:Envelope>



UNSECURE
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <soapenv:Header xmlns="http://prova.openspcoop.it">
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"
soapenv:mustUnderstand="1"><xenc:EncryptedKey
Id="EncKeyId-urn:uuid:619559CEB49F1BC31C12252880950082"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse
curity-secext-1.0.xsd"><ds:X509Data
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509IssuerName
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=myAlias</ds:X509IssuerN
ame>
<ds:X509SerialNumber
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1181668586</ds:X509SerialN
umber>
</ds:X509IssuerSerial>
</ds:X509Data></wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>Fn2JcrP0TQ1SOS63dzthpwHKVRDIZton3IOc8
CRML+Nb1ZHQL5yikWYsFTK7tbeyTYiZ8NPz/rok038FgyJ1YKUP07RXObiR6btTgvnCh0Eil
ihQGy1C/Qc1Vnghbmxi/r4Cfk6/rnFFgh1Jq7p/6c+y5W2sXHfreWvSZWD7uFc=</xenc:Ci
pherValue></xenc:CipherData>
<xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-30796400"/></xenc:ReferenceList></xenc:EncryptedKey></ws
se:Security>
        <a:example1 xmlns:a="http://www.openspcoop.org"
soapenv:actor="http://www.prova.it"
soapenv:mustUnderstand="0">prova</a:example1>
        <b:example2 xmlns:b="http://www.openspcoop.org"
soapenv:actor="http://www.prova.it"
soapenv:mustUnderstand="0">prova2</b:example2>
        </soapenv:Header>
        <soapenv:Body><ns1:getQuote
xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote><test/><test2/>
<ns1:getQuote xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote>
<test/>
<test2/>
</soapenv:Body>
</soapenv:Envelope>








As you can see, the secure message has a readable body and an ecrypted
one.
the unsecured message has double body and some wssec headers left (it's
normal to have those headers?)...

It's my fault?


Thx for any help,
Lorenzo

-- 
View this message in context:
http://www.nabble.com/WSSecurity-Encryption-Test-failure-%28bug-%29-tp20
227731p20227731.html
Sent from the cxf-user mailing list archive at Nabble.com.