Attachment signing/encryption and MTOM

Mon, 15 Jun 2015 08:48:19 -0700 

Hello Folks,

I’m running into a problem with url encoding of attachments identifiers. The 
versions i’m using are WSS4j 2.0.3 and CXF 3.0.4 (so if this is solved in 
future versions, please tell me ;-) as i haven’t been able to test it.

I have a web service that returns an encrypted attachment, works fine without 
MTOM, but when i enable MTOM i get an error.

Caused by: org.apache.wss4j.common.ext.WSSecurityException: Attachment not found
        at 
org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:363)
        at 
org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:213)
        at 
org.apache.wss4j.dom.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:121)
        at 
org.apache.wss4j.dom.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:80)

Tracing it, it fails on comparing the attachments Ids between the mime parts 
and the references in the soap code.

In the mime header of the attachment, the attachment id is not encoded
Content-ID: 
<f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http://schubergphilis.com/2015/

However the reference in both the CipherReference and Signature soap part is 
url encoded:
<xenc:CipherReference 
URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd”>

<ds:Reference
        
URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd">
    <ds:Transforms>
        <ds:Transform
                
Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"/>
    </ds:Transforms>
    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <ds:DigestValue>yHytVyICcbG5TDfcL4iZHFyalbI=</ds:DigestValue>
</ds:Reference>


What should be correct? I don’t think the content in the attribute should be 
URL encoded, but should be entitiy encoded. Yet it is encoded in 
AttachmentUtil.createContentID and decoded before creating the mime part in 
AttachmentSerializer.writeHeaders

Happy to help solve this..

Cheers,

Hugo

Reply via email to