Hi all,
I have a web service that responds to me with an encrypted MTOM attachment. The
MTOM attachment is a complex type that contains several fields (base64-encoded
data, a string, integer, and another complex type).
The response is encrypted as follows (I received this from the web service
supplier):
- The response is encrypted using the public key of the certificate that was
used to sign the incoming message
- All bits of the public key are used
- The secret key is encrypted using an RSA cipher with PKCS1 padding; the
secret key itself is 128 bits long, but encrypts to 128 bytes then base64
encodes to 172 bytes
- The initialization vector is the first 16 bytes of the cipher value in the
body; to recover the IV, base64 decode the CipherValue and take the first 16
bytes from it; the remainder is the decrypted message
- The response message encryption scheme is AES cipher with CBC block mechanism
and PKCS5 padding
With all of that said, I have configured the bindingprovider on the client to
enable MTOM support, as follows:
BindingProvider bp = (BindingProvider)port;
SOAPBinding binding = (SOAPBinding) bp.getBinding();
binding.setMTOMEnabled(true);
All of the responses that this web service delivers are encrypted, but this is
the only type that I can't decrypt automatically via CXF's built-in logic. I
receive a WSSecurityException ("The signature or decryption was invalid") when
I run the method on the port that responds with an encrypted MTOM attachment.
By any chance if anybody knows the best way to proceed and configure the
service so that it decrypts this message type properly, I would appreciate any
suggestions.
Thanks
Jennifer
