Hello, I am building a WS client that with CXF 2.7.4 and I got stuck getting it to decrypt attachments in response message. The catch here is that response comes in as SwA. So it would look as follows:
--MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014 Content-Type: text/xml; charset=UTF-8 Content-Transfer-Encoding: binary Content-ID: <0.urn:uuid:[email protected]> <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";><soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; xmlns:dsig=" http://www.w3.org/2000/09/xmldsig#"/><dsig:KeyInfo xmlns:dsig=" http://www.w3.org/2000/09/xmldsig#";><wsse:SecurityTokenReference><wsse:KeyIdentifier ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"; EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";>qXzKaOt1jDRiRCnSEvhA8HhI85g=</wsse:KeyIdentifier></wsse:SecurityTokenReference></dsig:KeyInfo><xenc:CipherData xmlns:dsig="http://www.w3.org/2000/09/xmldsig# "><xenc:CipherValue>SdZ9RaxcP3HcXhKpyUclVXDEu244Dp8PyUpJCVpG3mpcxejo5pcrirv ... SINGED AND ENCRYPTED SOAP MESSAGE ... </soapenv:Envelope> --MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014 Content-Type: application/octet-stream Content-Transfer-Encoding: binary Content-ID: <urn:uuid:[email protected]> -- BINARY ATTACHMENTS HERE -- --MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014 Content-Type: application/octet-stream Content-Transfer-Encoding: binary Content-ID: <urn:uuid:[email protected]> .... --MIMEBoundaryurn_uuid_261FBEA55A15F11F531391633801014-- I configured WSS4J interceptor but it errors out with the exception below for this call (it works fine for all other non-SwA calls): 14:00:12,906 DEBUG PhaseInterceptorChain:437 - Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@6c2a78 14:00:12,907 WARN PhaseInterceptorChain:443 - Interceptor for { http://gov.serv.ca}DelService#{http://gov.serv.ca}download has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:96) ... at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133) at com.sun.proxy.$Proxy47.download(Unknown Source) at org.client.ClientTest.testDownload(ClientTest.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) ... at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid at org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:339) at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:420) ... at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) ... 40 more Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Could not find a resolver for URI cid:urn%3Auuid%[email protected] and Base null Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI cid:urn%3Auuid%[email protected] and Base null at org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:134) at org.apache.xml.security.encryption.XMLCipherInput.getBytes(XMLCipherInput.java:103) at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1709) at org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612) at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:980) at org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:337) ... 46 more Caused by: org.apache.xml.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI cid:urn%3Auuid%[email protected] and Base null at org.apache.xml.security.utils.resolver.ResourceResolver.internalGetInstance(ResourceResolver.java:130) at org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(ResourceResolver.java:87) at org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:130) ... 51 more I managed to write a custom resolver to provide attachment data, but then it fails with yet another exception: 14:09:51,849 DEBUG PhaseInterceptorChain:437 - Invoking handleFault on interceptor org.apache.cxf.ws.policy.PolicyInInterceptor@6270b 14:09:51,850 WARN PhaseInterceptorChain:443 - Interceptor for { http://gov.serv.ca}DelService#{http://gov.serv.ca}download has thrown exception, unwinding now org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:778) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:334) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:96) ... at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) Caused by: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid at org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:339) at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:420) at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:368) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:166) at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:65) at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277) ... 40 more Caused by: org.apache.xml.security.encryption.XMLEncryptionException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform Original Exception was org.apache.xml.security.transforms.TransformationException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform Original Exception was org.apache.xml.security.transforms.InvalidTransformException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform at org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:159) at org.apache.xml.security.encryption.XMLCipherInput.getBytes(XMLCipherInput.java:103) at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1709) at org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612) at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:980) at org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:337) ... 46 more Caused by: org.apache.xml.security.transforms.TransformationException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform Original Exception was org.apache.xml.security.transforms.InvalidTransformException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform at org.apache.xml.security.transforms.Transforms.item(Transforms.java:330) at org.apache.xml.security.transforms.Transforms.performTransforms(Transforms.java:275) at org.apache.xml.security.transforms.Transforms.performTransforms(Transforms.java:248) at org.apache.xml.security.encryption.XMLCipherInput.getDecryptBytes(XMLCipherInput.java:157) ... 51 more Caused by: org.apache.xml.security.transforms.InvalidTransformException: Unknown transformation. No handler installed for URI http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform at org.apache.xml.security.transforms.Transform.<init>(Transform.java:156) at org.apache.xml.security.transforms.Transforms.item(Transforms.java:328) ... 54 more Can somebody point me in the right direction, please? Any help is greatly appreciated. Thanks. Nick.
