Error validating signature of MTOM message

Sun, 13 Aug 2023 19:58:19 -0700 

@Colm, this one is aimed at you… unless anyone else can point me in the
right direction. I have the same issue as CXF-7172
<https://issues.apache.org/jira/browse/CXF-7172> where CXF / WSS4J
calculates a different signature digest than what the client/sender did.

Expected digest: kf8QZn3uftSsUGVl3k5Qwrso4uZ9eZEQU108dy+q+vk=
Actual digest: RatyBa0Q1QdRKX4aDN+RrmKiT7vx+r0W80eiDVnH4ig=

The message looks something like this (stripped back to basics):

Content-Type: multipart/related;
boundary=75f8c80a-317b-47a2-946c-440c60e508f1;
start-info="application/soap+xml"; charset=utf-8;
type="application/xop+xml"

--75f8c80a-317b-47a2-946c-440c60e508f1
Content-Type: application/xop+xml; type="application/soap+xml"
Content-Transfer-Encoding: binary

<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";
... snip ... Security header with signature here somewhere...

<soap:Body
  
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
  wsu:Id="SoapBody-e0fa7b5d-e6ef-4ce4-be49-440c60e5ff95">
  <RetrieveMedicalExaminationResultsAttachmentResponse
xmlns="http://xxx/Namespace/Health/Service/V1.0";>
    <ns0:HealthAttachmentIdentifierResponseMsg
xmlns:ns0="http://xxx/Namespace/Health/Messaging/Service/V1.0";>
      <ns0:HealthAttachmentIdentifierMsg>
          ... snip ...
      </ns0:HealthAttachmentIdentifierMsg>
      <ns2:BodyContentReference
xmlns:ns2="http://www.immi.gov.au/Namespace/InformationRecord/Core/V1.0";>
        <ns2:BodyReference>
          <xop:Include
xmlns:xop="http://www.w3.org/2004/08/xop/include";
href="cid:d02ba62b-5788-41a5-a56a-440c60e510f2"></xop:Include>
        </ns2:BodyReference>
      </ns2:BodyContentReference>
    </ns0:HealthAttachmentIdentifierResponseMsg>
  </RetrieveMedicalExaminationResultsAttachmentResponse>
</soap:Body>

</soap:Envelope>
--75f8c80a-317b-47a2-946c-440c60e508f1
--- Content suppressed ---

I have tried forcing ws-security.expand.xop.include
<https://cxf.apache.org/docs/ws-securitypolicy.html> to true, no change.

In CXF-7172 <https://issues.apache.org/jira/browse/CXF-7172> you state:

Please see the explanation given in this thread:
http://cxf.547215.n5.nabble.com/CXF-3-0-6-MTOM-WS-Security-Exception-td5774657.html

Colm.

The problem is that the site is dead, and I can’t find any answers anywhere
else on the Internet (I’ve been searching for a while). *Are you able to
shed any light on what “the explanation” was?*. Is it actually supported
properly?

My setup is:

   - CXF 3.6.1
   - WSS4J 2.4.1
   - Using WS-SecurityPolicy (therefore WSS4J*Interceptor)

Thanks,
Mark

Reply via email to