Hi, WSS4J and MTOM doesn't really work well in CXF currently, please see the related discussion [1] &[2], the coming WSS4J 2.0 should be the final solution
[1]http://cxf.547215.n5.nabble.com/Signature-digest-mismatch-when-NET-supplies-MTOM-attachment-td3270961.html [2]http://mail-archives.apache.org/mod_mbox/cxf-users/201301.mbox/%3CCAB8XdGA-1aUajDdpN=w5jmaxmqebvhghzqn3oycp2q5od3c...@mail.gmail.com%3E ------------- Freeman(Yue) Fang Red Hat, Inc. FuseSource is now part of Red Hat Web: http://fusesource.com | http://www.redhat.com/ Twitter: freemanfang Blog: http://freemanfang.blogspot.com http://blog.sina.com.cn/u/1473905042 weibo: @Freeman小屋 On 2013-8-30, at 上午1:05, Jennifer Ruttan wrote: > Hi all, > > I have a web service that responds to me with an encrypted MTOM attachment. > The MTOM attachment is a complex type that contains several fields > (base64-encoded data, a string, integer, and another complex type). > > The response is encrypted as follows (I received this from the web service > supplier): > - The response is encrypted using the public key of the certificate that was > used to sign the incoming message > - All bits of the public key are used > - The secret key is encrypted using an RSA cipher with PKCS1 padding; the > secret key itself is 128 bits long, but encrypts to 128 bytes then base64 > encodes to 172 bytes > - The initialization vector is the first 16 bytes of the cipher value in the > body; to recover the IV, base64 decode the CipherValue and take the first 16 > bytes from it; the remainder is the decrypted message > - The response message encryption scheme is AES cipher with CBC block > mechanism and PKCS5 padding > > With all of that said, I have configured the bindingprovider on the client to > enable MTOM support, as follows: > BindingProvider bp = (BindingProvider)port; > SOAPBinding binding = (SOAPBinding) bp.getBinding(); > binding.setMTOMEnabled(true); > > All of the responses that this web service delivers are encrypted, but this > is the only type that I can't decrypt automatically via CXF's built-in logic. > I receive a WSSecurityException ("The signature or decryption was invalid") > when I run the method on the port that responds with an encrypted MTOM > attachment. > > By any chance if anybody knows the best way to proceed and configure the > service so that it decrypts this message type properly, I would appreciate > any suggestions. > > Thanks > Jennifer > > >
