the content-id in the uri-form i.e. "cid:..." needs to be url-encoded because some characters allowed in the content-id header value are reserved in the URI syntax. see http://www.ietf.org/rfc/rfc2111.txt section 2.
I'm moving this thread to users@cxf. 2015-06-15 17:47 GMT+02:00 Hugo Trippaers <[email protected]>: > Hello Folks, > > I’m running into a problem with url encoding of attachments identifiers. The > versions i’m using are WSS4j 2.0.3 and CXF 3.0.4 (so if this is solved in > future versions, please tell me ;-) as i haven’t been able to test it. > > I have a web service that returns an encrypted attachment, works fine without > MTOM, but when i enable MTOM i get an error. > > Caused by: org.apache.wss4j.common.ext.WSSecurityException: Attachment not > found > at > org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:363) > at > org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:213) > at > org.apache.wss4j.dom.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:121) > at > org.apache.wss4j.dom.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:80) > > Tracing it, it fails on comparing the attachments Ids between the mime parts > and the references in the soap code. > > In the mime header of the attachment, the attachment id is not encoded > Content-ID: > <f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http://schubergphilis.com/2015/ > > However the reference in both the CipherReference and Signature soap part is > url encoded: > <xenc:CipherReference > URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd”> > > <ds:Reference > > URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd"> > <ds:Transforms> > <ds:Transform > > Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"/> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <ds:DigestValue>yHytVyICcbG5TDfcL4iZHFyalbI=</ds:DigestValue> > </ds:Reference> > > > What should be correct? I don’t think the content in the attribute should be > URL encoded, but should be entitiy encoded. Yet it is encoded in > AttachmentUtil.createContentID and decoded before creating the mime part in > AttachmentSerializer.writeHeaders > > Happy to help solve this.. > > Cheers, > > Hugo
