[
https://issues.apache.org/jira/browse/WSS-671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17100890#comment-17100890
]
Frédéric Pirson edited comment on WSS-671 at 5/6/20, 3:41 PM:
--------------------------------------------------------------
Here is a test that explains my problem :
{code:java}
@Test
public void test() throws Exception{
org.apache.xml.security.Init.init();
String
attachmentId="998c3362-5b5f-405a-817a-b20f8373c378-5@urn%3Abe%3Acin%3Anip%3Aasync%3Ageneric";
Attachment attachment = new AttachmentImpl(attachmentId);
AttachmentCallbackHandler callbackHandler = new
AttachmentCallbackHandler(Collections.singletonList(attachment));
AttachmentUtils.getBytesFromAttachment("cid:"+attachmentId,
callbackHandler,false);
}
{code}
The decode is done here :
Class AttachmentUtils:
{code:java}
public static String getAttachmentId(String xopUri) throws WSSecurityException {
try {
return URLDecoder.decode(xopUri.substring("cid:".length()),
StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException var2) {
throw new WSSecurityException(ErrorCode.INVALID_SECURITY, "empty", new
Object[]{"Attachment ID cannot be decoded: " + xopUri});
}
}
{code}
It should be generated by the Signature action of wss4j
I can look upon when the signature and the cid are generated
was (Author: frederic.pirson):
Here is a test that explains my problem :
{code:java}
@Test
public void test() throws Exception{
org.apache.xml.security.Init.init();
String
attachmentId="998c3362-5b5f-405a-817a-b20f8373c378-5@urn%3Abe%3Acin%3Anip%3Aasync%3Ageneric";
Attachment attachment = new AttachmentImpl(attachmentId);
AttachmentCallbackHandler callbackHandler = new
AttachmentCallbackHandler(Collections.singletonList(attachment));
AttachmentUtils.getBytesFromAttachment("cid:"+attachmentId,
callbackHandler,false);
}
{code}
The decode is done here :
Class AttachmentUtils:
{code:java}
public static String getAttachmentId(String xopUri) throws WSSecurityException {
try {
return URLDecoder.decode(xopUri.substring("cid:".length()),
StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException var2) {
throw new WSSecurityException(ErrorCode.INVALID_SECURITY, "empty", new
Object[]{"Attachment ID cannot be decoded: " + xopUri});
}
}
{code}
I can look upon when the signature and the cid are generated
> AttachmentId issue
> -------------------
>
> Key: WSS-671
> URL: https://issues.apache.org/jira/browse/WSS-671
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Affects Versions: 2.2.4
> Reporter: Frédéric Pirson
> Assignee: Colm O hEigeartaigh
> Priority: Major
>
> Hello,
> I don't know if it is really a bug, or something I am missing, but I have and
> issue when the attachmend is resolved.
> I have a xopUri like this :
>
> {code:java}
> //
> cid:998c3362-5b5f-405a-817a-b20f8373c378-5@urn%3Abe%3Acin%3Anip%3Aasync%3Ageneric
> {code}
> when it is resolved as attachmentId via the method getAttachmentId(xopUri)
> the value is this :
> {code:java}
> // 998c3362-5b5f-405a-817a-b20f8373c378-5@urn:be:cin:nip:async:generic
> {code}
> We see here that %3A has been replaced by his related characters ':'
>
> After when the attachmentCallbackHandler try to find the correct attachment
> in the list (loadAttachments methods) it compare these 2 values in the do
> while
>
> {code:java}
> // }while(attachmentId != null && !attachmentId.equals(attachment.getId()));
> {code}
> The value of attachmentId is
>
> {code:java}
> // 998c3362-5b5f-405a-817a-b20f8373c378-5@urn:be:cin:nip:async:generic
> {code}
> The value of attachment.getId() is :
> {code:java}
> //
> 998c3362-5b5f-405a-817a-b20f8373c378-5@urn%3Abe%3Acin%3Anip%3Aasync%3Ageneric
> {code}
> So the comparaison fails and attachment is not found => Exception attachment
> not found
>
> Is it some issue, or do I something wrong ?
>
> Version of wss4j : 2.2.4
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
