WSSecurity Encryption Test failure (bug?)

Cencio Wed, 29 Oct 2008 07:01:55 -0700

Hi all, 

i'm using cxf as a library without the infrastructure. Now i'm implementing
the Wssec support and i use the test under
rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
as starting point. When i use Encryption i have wrong results:


this is the source code:




public void testEncryption(SOAPMessage saajMsg) throws Exception {

    
        System.out.println("ORIGINAL");
        saajMsg.writeTo(System.out);
        
        WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
        PhaseInterceptor<SoapMessage> handler =
ohandler.createEndingInterceptor();

        SoapMessage msg = new SoapMessage(new MessageImpl());
        Exchange ex = new ExchangeImpl();
        ex.setInMessage(msg);
        
        SOAPPart part = saajMsg.getSOAPPart();

        msg.setContent(SOAPMessage.class, saajMsg);
        
        msg.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
        msg.put(WSHandlerConstants.SIG_PROP_FILE, "outsecurity.properties");
        msg.put(WSHandlerConstants.ENC_PROP_FILE, "outsecurity.properties");
        msg.put(WSHandlerConstants.USER, "myalias");
        msg.put("password", "myAliasPassword");

        handler.handleMessage(msg);
        
        System.out.println("SECURE");
        msg.getContent(SOAPMessage.class).writeTo(System.out);
        
        Document doc = part;

        

        byte[] docbytes = getMessageBytes(doc);
        XMLStreamReader reader = StaxUtils.createXMLStreamReader(new
ByteArrayInputStream(docbytes));

        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

        dbf.setValidating(false);
        dbf.setIgnoringComments(false);
        dbf.setIgnoringElementContentWhitespace(true);
        dbf.setNamespaceAware(true);

        DocumentBuilder db = dbf.newDocumentBuilder();
        db.setEntityResolver(new NullResolver());
        doc = StaxUtils.read(db, reader, false);

        
        Exchange ex2 = new ExchangeImpl();
        SoapMessage msg2 = new SoapMessage(new MessageImpl());
        ex2.setInMessage(msg2);
        WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
        msg.setContent(SOAPMessage.class, saajMsg);
        SoapMessage inmsg = new SoapMessage(new MessageImpl());
        ex.setInMessage(inmsg);
        inmsg.setContent(SOAPMessage.class, saajMsg);

        inHandler.setProperty(WSHandlerConstants.ACTION,
WSHandlerConstants.ENCRYPT);
        inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
"insecurity.properties");
        inHandler.setProperty(
            WSHandlerConstants.PW_CALLBACK_CLASS, 
            "org.openspcoop.wssecurity.TestPwdCallback"
        );

        inHandler.handleMessage(msg);
        //
        // Check that the EncryptedData is no longer there
        //
        System.out.println("UNSECURE");
        msg.getContent(SOAPMessage.class).writeTo(System.out);
        
    }







This is the output:



ORIGINAL
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
        <soapenv:Header xmlns="http://prova.openspcoop.it";>
        <a:example1 xmlns:a="http://www.openspcoop.org";
soapenv:actor="http://www.prova.it"; soapenv:mustUnderstand="0"
>prova</a:example1>
        <b:example2 xmlns:b="http://www.openspcoop.org";
soapenv:actor="http://www.prova.it"; soapenv:mustUnderstand="0"
>prova2</b:example2>
        </soapenv:Header>
        <soapenv:Body>
<ns1:getQuote xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance";
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/";
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";>
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote>
<test/>
<test2/>
</soapenv:Body>
</soapenv:Envelope>


SECURE
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
        <soapenv:Header xmlns="http://prova.openspcoop.it";>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1"><xenc:EncryptedKey
Id="EncKeyId-urn:uuid:619559CEB49F1BC31C12252880950082"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><ds:X509Data
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerName
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>CN=myAlias</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>1181668586</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data></wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>Fn2JcrP0TQ1SOS63dzthpwHKVRDIZton3IOc8CRML+Nb1ZHQL5yikWYsFTK7tbeyTYiZ8NPz/rok038FgyJ1YKUP07RXObiR6btTgvnCh0EilihQGy1C/Qc1Vnghbmxi/r4Cfk6/rnFFgh1Jq7p/6c+y5W2sXHfreWvSZWD7uFc=</xenc:CipherValue></xenc:CipherData>
<xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-30796400"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security>
        <a:example1 xmlns:a="http://www.openspcoop.org";
soapenv:actor="http://www.prova.it";
soapenv:mustUnderstand="0">prova</a:example1>
        <b:example2 xmlns:b="http://www.openspcoop.org";
soapenv:actor="http://www.prova.it";
soapenv:mustUnderstand="0">prova2</b:example2>
        </soapenv:Header>
        <soapenv:Body><ns1:getQuote xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance";
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";>
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote><test/><test2/><xenc:EncryptedData Id="EncDataId-30796400"
Type="http://www.w3.org/2001/04/xmlenc#Content";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><wsse:Reference
URI="#EncKeyId-urn:uuid:619559CEB49F1BC31C12252880950082"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></wsse:SecurityTokenReference>
</ds:KeyInfo><xenc:CipherData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:CipherValue
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>C1cn96owTKYnpBzXf5CL+pG4rnrYqGeruZz6ukK5nTPtzpkBiRY2vxBRZJ5p4BaDMY0obgTMgU1U
c1UQfAvsooz1GDZ4L0hU5oai8d4bbcgihH1aFLIOjowZ3ZFaIKO5LW0kx9vWmmQlFu2ZWbyFwyXb
vXFNPUbbSO8xKjnaXAO/Qt6rba+H+3J9ebt5Z8wcuema7ihl6BMQUs2bFM1AYJVgiVrsVYd1BY/9
D6MnjhcuFchTYp29mQ2zfODuv0bIO8vn0/MN4JRZ/1Qa/SxQdlCuMmsB/PE/BgHZmSKkNUglfi5Y
CASTXpppTOTFTTjBJn0xNZ35vIvU/zbvshGQxxbQmfRtVVgnY+1k616bd+Wd9KkLxB2IzrFXyIAK
49fGgYuzv/hOhmk32XQUn/+CsXCKt3duYcgR3mxzK9OKOgIZqkojZb7xN0dVKUOV8tGmlsLHDTmq
30MXcLWElumsnqs24RHsTJO42+xL1WumoRzxAlngV0kwYgVGee8Iu/AA3HllWs14YVGB4VQ/caOT
3Xag86GMMwfoADsm3yjqDnQhPVqaCQd6vEkarsoAynIzTcbPjwdg35CzvsWgyYvwbRKZtJ0sMw0P
x31emnrBfFaoQhCocLE/tPLxbPD4MhaDgucxbZ8N73v4xPYJXynanb6TJ+rsD5+Ng5FgZx3TUFzw
B1f1Uy+lr7x6oaN1VBeQU1NkXtmc2nNjbbCSpYh0JA==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body>
</soapenv:Envelope>



UNSECURE
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
        <soapenv:Header xmlns="http://prova.openspcoop.it";>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1"><xenc:EncryptedKey
Id="EncKeyId-urn:uuid:619559CEB49F1BC31C12252880950082"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><ds:X509Data
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerName
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>CN=myAlias</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>1181668586</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data></wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData><xenc:CipherValue>Fn2JcrP0TQ1SOS63dzthpwHKVRDIZton3IOc8CRML+Nb1ZHQL5yikWYsFTK7tbeyTYiZ8NPz/rok038FgyJ1YKUP07RXObiR6btTgvnCh0EilihQGy1C/Qc1Vnghbmxi/r4Cfk6/rnFFgh1Jq7p/6c+y5W2sXHfreWvSZWD7uFc=</xenc:CipherValue></xenc:CipherData>
<xenc:ReferenceList><xenc:DataReference
URI="#EncDataId-30796400"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security>
        <a:example1 xmlns:a="http://www.openspcoop.org";
soapenv:actor="http://www.prova.it";
soapenv:mustUnderstand="0">prova</a:example1>
        <b:example2 xmlns:b="http://www.openspcoop.org";
soapenv:actor="http://www.prova.it";
soapenv:mustUnderstand="0">prova2</b:example2>
        </soapenv:Header>
        <soapenv:Body><ns1:getQuote xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance";
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";>
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote><test/><test2/>
<ns1:getQuote xmlns:ns1="urn:xmethods-delayed-quotes"
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance";
se:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
        <symbol xsi:type="xsd:string">IBM</symbol>
        <prova2>CIAOCIAO</prova2>
        <bo><si>234</si></bo>
</ns1:getQuote>
<test/>
<test2/>
</soapenv:Body>
</soapenv:Envelope>








As you can see, the secure message has a readable body and an ecrypted one.
the unsecured message has double body and some wssec headers left (it's
normal to have those headers?)...

It's my fault?


Thx for any help,
Lorenzo

-- 
View this message in context: 
http://www.nabble.com/WSSecurity-Encryption-Test-failure-%28bug-%29-tp20227731p20227731.html
Sent from the cxf-user mailing list archive at Nabble.com.

WSSecurity Encryption Test failure (bug?)

Reply via email to