cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Shakirin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-5381) SAAJStreamWriter transforms DigestValue of custom signature
Date Mon, 11 Nov 2013 13:43:18 GMT

    [ https://issues.apache.org/jira/browse/CXF-5381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13818963#comment-13818963
] 

Andrei Shakirin commented on CXF-5381:
--------------------------------------

One additional finding: SAAJInInterceptor not only concatenates digest value in signatures,
but it also composes two security header to single one with actor id from the first one, that
causes problem to interpret SAML assertion header.

Original and proceeded requests are attached.

> SAAJStreamWriter transforms DigestValue of custom signature
> -----------------------------------------------------------
>
>                 Key: CXF-5381
>                 URL: https://issues.apache.org/jira/browse/CXF-5381
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 2.7.7
>            Reporter: Andrei Shakirin
>         Attachments: saaj_test.zip
>
>
> I observe strange effect by processing custom signature in service inbound chain. End
exception is: "Caused by: org.apache.xml.security.exceptions.Base64DecodingException: Error
while decoding".
> After a bit analyze I found that DigestValue of Signature is concatinated with DigestValue
of another signature and therefore cannot be proceed by xml security (santuario).
> Additional debugging shows that signature is broken by StaxUtils.copy(node, new SAAJStreamWriter(part));
in SAAJInInterceptor. 
> Value in node is still correct, but value in SOAPMessage is broken.
> I attach a small project to illustrate the issue. Run mvn clean test for the project
and compare DigestValue of Signature SIG-7D02FBC5A7AED81312138383830534822 in original request.xml
and in output.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message