the content-id in the uri-form i.e. "cid:..." needs to be url-encoded
because some characters allowed in the content-id header value are
reserved in the URI syntax.
see http://www.ietf.org/rfc/rfc2111.txt  section 2.

I'm moving this thread to users@cxf.


2015-06-15 17:47 GMT+02:00 Hugo Trippaers <[email protected]>:
> Hello Folks,
>
> I’m running into a problem with url encoding of attachments identifiers. The 
> versions i’m using are WSS4j 2.0.3 and CXF 3.0.4 (so if this is solved in 
> future versions, please tell me ;-) as i haven’t been able to test it.
>
> I have a web service that returns an encrypted attachment, works fine without 
> MTOM, but when i enable MTOM i get an error.
>
> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Attachment not 
> found
>         at 
> org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:363)
>         at 
> org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:213)
>         at 
> org.apache.wss4j.dom.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:121)
>         at 
> org.apache.wss4j.dom.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:80)
>
> Tracing it, it fails on comparing the attachments Ids between the mime parts 
> and the references in the soap code.
>
> In the mime header of the attachment, the attachment id is not encoded
> Content-ID: 
> <f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http://schubergphilis.com/2015/
>
> However the reference in both the CipherReference and Signature soap part is 
> url encoded:
> <xenc:CipherReference 
> URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd”>
>
> <ds:Reference
>         
> URI="cid:f2eeb606-bca8-4c0b-8cc8-1f0f4d6e930d-4@http%3A%2F%2Fschubergphilis.com%2F2015%2F03%2Fmidlayer-schema-20150319.xsd">
>     <ds:Transforms>
>         <ds:Transform
>                 
> Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"/>
>     </ds:Transforms>
>     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>     <ds:DigestValue>yHytVyICcbG5TDfcL4iZHFyalbI=</ds:DigestValue>
> </ds:Reference>
>
>
> What should be correct? I don’t think the content in the attribute should be 
> URL encoded, but should be entitiy encoded. Yet it is encoded in 
> AttachmentUtil.createContentID and decoded before creating the mime part in 
> AttachmentSerializer.writeHeaders
>
> Happy to help solve this..
>
> Cheers,
>
> Hugo

Reply via email to