Hi, thanks for the info. I had no idea it wasn't completely supported. In the absence of support for MTOM and WS-Security support in CXF, could you recommend an alternative platform to develop on that does support that combination?
> On Aug 29, 2013, at 10:47 PM, Freeman Fang <[email protected]> wrote: > > Hi, > > WSS4J and MTOM doesn't really work well in CXF currently, please see the > related discussion [1] &[2], the coming WSS4J 2.0 should be the final solution > > [1]http://cxf.547215.n5.nabble.com/Signature-digest-mismatch-when-NET-supplies-MTOM-attachment-td3270961.html > [2]http://mail-archives.apache.org/mod_mbox/cxf-users/201301.mbox/%3CCAB8XdGA-1aUajDdpN=w5jmaxmqebvhghzqn3oycp2q5od3c...@mail.gmail.com%3E > ------------- > Freeman(Yue) Fang > > Red Hat, Inc. > FuseSource is now part of Red Hat > Web: http://fusesource.com | http://www.redhat.com/ > Twitter: freemanfang > Blog: http://freemanfang.blogspot.com > http://blog.sina.com.cn/u/1473905042 > weibo: @Freeman小屋 > > > >> On 2013-8-30, at 上午1:05, Jennifer Ruttan wrote: >> >> Hi all, >> >> I have a web service that responds to me with an encrypted MTOM attachment. >> The MTOM attachment is a complex type that contains several fields >> (base64-encoded data, a string, integer, and another complex type). >> >> The response is encrypted as follows (I received this from the web service >> supplier): >> - The response is encrypted using the public key of the certificate that was >> used to sign the incoming message >> - All bits of the public key are used >> - The secret key is encrypted using an RSA cipher with PKCS1 padding; the >> secret key itself is 128 bits long, but encrypts to 128 bytes then base64 >> encodes to 172 bytes >> - The initialization vector is the first 16 bytes of the cipher value in the >> body; to recover the IV, base64 decode the CipherValue and take the first 16 >> bytes from it; the remainder is the decrypted message >> - The response message encryption scheme is AES cipher with CBC block >> mechanism and PKCS5 padding >> >> With all of that said, I have configured the bindingprovider on the client >> to enable MTOM support, as follows: >> BindingProvider bp = (BindingProvider)port; >> SOAPBinding binding = (SOAPBinding) bp.getBinding(); >> binding.setMTOMEnabled(true); >> >> All of the responses that this web service delivers are encrypted, but this >> is the only type that I can't decrypt automatically via CXF's built-in >> logic. I receive a WSSecurityException ("The signature or decryption was >> invalid") when I run the method on the port that responds with an encrypted >> MTOM attachment. >> >> By any chance if anybody knows the best way to proceed and configure the >> service so that it decrypts this message type properly, I would appreciate >> any suggestions. >> >> Thanks >> Jennifer >
