cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Avijit <paulavi...@yahoo.com>
Subject Re: MTOM with WS-Security (X.509)
Date Fri, 25 Apr 2014 17:35:51 GMT
Hi,

Please help on this topic.

When CXF is not at both ends of the wire, MTOM upload is not working with WS-Security. I am
testing a CXF Web service with SoapUI. It works fine when CXF is at both ends of the wire.

Is this a CXF issue or a SoapUI issue. I can see SoapUI constructing a valid input SOAP message
but Service after receiving request is not able to read the MTOM attachment.

Regards
Paul
On Wednesday, April 23, 2014 2:45 PM, Paul Avijit <paulavijit@yahoo.com> wrote:
 
Hi,

I have a CXF Web Service with MTOM (separate operations for upload and download) and WS-Security
(UsernameToken Timestamp Signature Encrypt).

Both upload and download operation with MTOM works fine when tested using CXF client.

When testing with SoapUI, download operation works fine.

There are no errors even for upload operation but the Web Service is not able to read the
attached file. SoapUI is sending a well formed SOAP message with MTOM attachment. When SOAP
message is sent by SoapUI to CXF Service, the service is able to:

1. Decrypt the message
2. Verify signature
3. Verify Timestamp
4. Verify Username token
5. Read all data elements in the SOAP body
6. Response back with a SOAP message (with Timestamp Signature Encrypt)

SoapUI is able to Decrypt, verify signature and timestamp.

Following are my CXF service In/Out Interceptors:

<bean id="UT_TimestampSignEncrypt_Request" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
    <constructor-arg>
        <map>
            <entry key="action" value="UsernameToken Timestamp Signature Encrypt"/>
            <entry key="passwordType" value="PasswordDigest"/>
            <entry key="passwordCallbackRef" value-ref="myKeystorePasswordCallback"/>
            <entry key="signaturePropFile" value="serviceKeystore.properties"/>
            <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <entry key="decryptionPropFile" value="serviceKeystore.properties"/>
            <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
        </map>
    </constructor-arg>
</bean>

<bean id="TimestampSignEncrypt_Response" class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
    <constructor-arg>
        <map>
            <entry key="action" value="Timestamp Signature Encrypt"/>
            <entry key="timeToLive" value="10" />
            <entry key="passwordCallbackRef" value-ref="myKeystorePasswordCallback"/>
            <entry key="user" value="myservicekey"/>
            <entry key="signaturePropFile" value="serviceKeystore.properties"/>
            <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://www.w3.org/2003/05/soap-envelope}Body"/>
            <entry key="signatureAlgorithm" value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <entry key="encryptionPropFile" value="serviceKeystore.properties"/>
            <entry key="encryptionUser" value="useReqSigCert"/>
            <entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://www.w3.org/2003/05/soap-envelope}Body"/>
            <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
            <entry key="encryptionKeyTransportAlgorithm" value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
        </map>
    </constructor-arg>
    <property name="allowMTOM" value="true"/>
</bean>

But the CXF service is not able to read the file content which was uploaded as MTOM attachment.
Is this a bug in CXF. Can the CXF experts in this mailing list, please help. Thanks in advance.


The SOAP message sent by SoapUI is present below:

INFO: Inbound Message
----------------------------
ID: 12
Address: http://localhost:7001/bes-hc-poc-caqhcore-web/services/Core
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: multipart/related; type="application/soap+xml"; start="<rootpart@soapui.org>";
boundary="----=_Part_16_808161854.1398278190760"
Headers: {accept-encoding=[gzip,deflate], connection=[Keep-Alive], Content-Length=[9093],
content-type=[multipart/related; type="application/soap+xml"; start="<rootpart@soapui.org>";
boundary="----=_Part_16_808161854.1398278190760"], Host=[localhost:7001], MIME-Version=[1.0],
User-Agent=[Apache-HttpClient/4.1.1 (java 1.5)]}
Payload: 
------=_Part_16_808161854.1398278190760
Content-Type: application/soap+xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-ID: <rootpart@soapui.org>

<soap:Envelope xmlns:cor="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd" xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
   <soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedKey
Id="EK-E2522E1F1FA164BE57139827819075593" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
 ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIBnzCCAQigAwIBAgIEU05SjzANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTQwNDE2MDk1MTExWhcNMTYwNDE1MDk1MTExWjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAImydZjGWfawadlhFR5DCXEA704TmG9NVbIkmGZugNDH9NHOrnEpk9SAaaZ63lpy9Buow0dJZnlVvZao/LEGJSyFdHrL+gNQU0F1UF+dGsHSKV0PZw/7miH0qWEb9x7aSpK7RAsWAdLUGRbSQgQ3NgfJuExLjEc1ThXWEWO/DmENAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAg7aSHDXDuOgUU2qeg7T+VwCisz1EtJUSCS8Zb958+lRBpe2kbphqbcFsrLVB10/05ogx7s8G8w+73v6+HBUksf9GbPM/C9yaSdg1JmJ6mNO9NwxvJzD1HrAZ7bVCLy1YzXAmcF4QCny+tRrzTceEC4lI1cw+PqmjXPeGetw0YmI=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>CUVqfx2tci9+qt9k2KQjWSjoUcAWU35jozfAqmGwy6B2PuolHuVPBuHmV1lF58sLlH0dFXr1twywlJfOdwg/wIem5qfPENxNB9U8A+gAqDUpRrOE88kvJ4LUk0ksplhp+rcpSCm3Kt0EvIe9RMSCbJLTwkp6LUT87cvE63kT87E=<
/xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
URI="#ED-133"/><xenc:DataReference URI="#ED-134"/></xenc:ReferenceList></xenc:EncryptedKey><xenc:EncryptedData
Id="ED-133" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:Reference
 URI="#EK-E2522E1F1FA164BE57139827819075593"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>gKCxK4+oKTcIelErCFz/EljSnr3IQ0XUZmt/WW0fl5AntuJOFQxFQg7gbGwUYpeI1o5vAFyyANS4jcOSJEna9HQmpVG5ZQsmkp8yoimyANdP4MteGWT3OPPlXjDxOkD3Th9k+QojobToSAiVaC+EEHeENycDJF0qg/IxFxu7E/+MMjaK7oeNnHING5CiyRyNqGI+N/PUmrVFp4AhgpKpyv4PddkKxsm7/aR1A2vF2t6BO7TSrkKyrLeTvGcC7zZspkPXNlT2WD7nYKEO25TLMge3EEmQYCDIHrKOx+cOIpOOp+Oh1b5QV5/hTdObLHxVtkabCl9+ggJelghoT2zBrPl4C8GCpLGPP9CqSxie19uSP4eIg6qnJ/mdlg/grY/bX1qdV7GNLkj0lGst4gMJ0Z6rrrveRMszhP4J4O3E5OrKaXLo455aQEpOX8BV4cjXnXcwS+mLd4M7KOus402sCEE8LbX8/D4Wa+qgmyZ4FElRIdkbERL29UxFbN8FgjLUMHugCppZyutgHUdJor6TazixqlAfKxOYtkjp35+KEQtIiOfPbr+v8e73DmvJOi4kSY8RyVFfm6fR2WWpzy/QW1zt12jPVo7tIwjDepGIMDrQ50r8rErWSAoWLn6zSVZb+B+LntvK8i5sMwaHEasedsI8lGEtfj6WySUTGDw4NYsBLYEXrsZX2RCp9FzGlmjLc5CkHi5AeYczqF3QP7i5IvsJFakzC770zyYPnIWDjUfIsOKzZAtP9K1KmU6KMw6t8bAYNUiWxgHcQqvbgRf8O8HUHrUYI/3GG959mKm1OvodFuAq
MQK7DHQ6dY2Ltfkzfi/ZYx5oFciGiH8WTcJmOHFoqR/llOHeFhuuJx6E3hDr1v6UjWjLt17VTbaAuu917wsc36sMffgcDBafxsL2I/XM8FbwUUGkI+jvot14QIdkguuiHehSvulLWaC6Fg8uAZnvFFlV8hyJ9axL+YTk7Kj01/uW93b3NMd3kECiirdJmZjrJQP1zthrLB834xUVjp6xOJ8UooB859IMOS+RlgWfZRKJ/aQJKYQGydrAsn8zO5M0gRtgVpWLajqPI0adEX8JXoRkmganr9zwQc6aXcoroWnwRkw1yY118JprXtW4SXbvPF2t2cv9/mJ0Wi/GQ50yxqUncvlSxiRcdfrvGCsz6TEeu1Dm99t73rscTq3yHCxJJVZ5bffaN36ApeT7IGLKPkDLxECoSkiVItdqpfI1hjXUvcIg7R+Sg8OtVTGshny7di6p7wlfWmThcrMph4IoRazzmAXrs3bsTiGM4Gk1YXjos5655Rf2/UAjkxilAAYW/pHAyqEMckwnNj3jhP9azuq0vNL9334LEuiQY+VDJ59d9oonfaCw88EdkZYJcYKFgXv/SOL+mncXeFwnH3CWGhu+todn4Av/QyWJ4SVAttAgwR85IctTMSt7b0wPhX3CDQ/8HvPuYTW4hco7Zp3TNzGId0YXxJaKeuakGxWAk6Sh8d9lRISjLgZRDndq7Zw2fiIUkI6jlKGR2uiNJoK5vqx6CuBvfEOOkP9V+881H1qXD4Xu6LQqz3427P0tyL2Zs/XVzuFY9uS44nriOHHskHOSIlOcijEdyarE0yZTnrJD3Vbb7Vnp9VCHIq6UWzhb48Rth1HSQzrD7CMMB8BBmCPfScYXoUgfdvSaN+7tFKLiNdWDi3fbFfmFA5oJKJ6zV4dzF9M0gWWK0QHINDzdrZUJIx/cGgsODZvG1z6VATmY9EGbDi3Iw1J/RnKgJ1r9IQlf7Gs
7wYL+UZVcSLy5IG4Ny5dcvQyPFN3OzWx7HwNNPYiW9sEBE8UNT3+gIgkRYxHCkRa1ZZ66BrRQ/Nj17gAELu48DTR2mRYMvvIeoXS9e6xHD0HcfqCNzBo9QATzEVghrptcQY9qCcpEOGd6jQ6nEWp/3je1pk0umMAT5ls3iDsAvj5D1MCLKA5BjU/4OGltSJBlEjouC7r442xPI9X9QqvE1PLT1ScKRUG+l7o9CJf08NjK23SFdbml4ZYNfL1Go/CbMrWJmy5qRgmkD2/BUj6WewVUfd0yEhYM1qhVYkZPX3dLbBTltoj6GjK4cr1Rwostz+zwYF9DbnltFOANPSAkNdZmkXo1gBfBt+GKis/diftnSgflKm2tQqH27mUdzfZkOex3pEdh5yaiZbxO7bYQwveDvpCnzBn8CfaWWDwi4kZ79ND1A75hvW+z6pqlEgavm4C9X+xgobjfhOe9xQtzY8P5NEMEvIFDXorGWciz5y6RJk6SVlvADF53+8VGWkt62OBXIP6QhoF9u2Q1i429rgUDJRJ/XA2yX9u9cf7WpXWzp+5pxBiP54MhD9AVUnZ0W48iKTIiKACgteq+no0qprQRXhT47EdWxfnjbaEd4AyM6xioFLzuTOz6E5EkDw0hEIzmukJIDJiY48E+ggJEiuUhCKeyjIy1SXiL1FqYFFSKsAswwt9v+yDCDZGM8HpEn4bTugFOnqRT5x98iHn8IBTY6nb+BVyluGLIJtBLncZHKiPFlk7khDswrEpc3zeoXw+PPU1h8SAQiOK8XwARN9GNQA+QYKeFt5j8favMdqzNdBKPPs0FXnrhq3I7iCYeu6w9mAtnfkCIouRQSshMGtQ3uRGH06eGxFwPiSiBx/MKCx2Z9P31nuNLnyhHkwCym9yd4qrY8TLewpb4SEMjXZ5RbfFGN2muLDMeC4MAbj8cezgIZNDiwE4zTZjESjnw3B3AR1
ZoGtY+rLwi8AtyV5eT9tDYbLLq2e5QHIKoyg8ZilEcWkW1jRyiuqLAvjI//urz6O6MvX5G4XQhhaT5MF52BWcdE5WUwYBLY8Qdst4Y9qioj1r8WytNtTJTceqEImuFTImcL8GhbDLnX72CFRkMVM24sUprMPDpvISB60DOid+KsYSgmWnGOC+pgkylDMVLcmIMTSESGOtrFFvemltbv3LwAjj5qNEi6cwsZjhPNra9I4UU+Za430NKYBugVAlRR738UrOtktmRwY7DSXpc1MWQVoBJUpggIoL1kbQ1wSirP8TWerBxGB1rincrSNOec56iAq+Jzfxz3g2ijjdwJ8dJTG7SQbsCA8wUYbssH0KVKPNnOeb2YbfGGDQYQYGpXnq4DOfU4rvD4uw2dazNy4kp301ewZ+i7nS+d9IaO53Bgr0g/iVR+NUw5XZQ/H08Z7You8tVCfnNQE6+CzZasGiqmfyK22ANJF5zHQChA9RIr2hXPzd0brfoxfHv81Mqnf70w93zq7tEP/AdeWfhq19HzjcubibADVrXfutcbG4jlyY2bP/2nmPzDv8PfRNnNp/8t43UHbzPE6e4y/BPtdoyxCRNikubbqU0W1y54YcTHHg5qai6oQYldaTtw3uaRwZSBeV/+cB7mjmQdHUImvXKpE60jN61dj5eQumFBOC9y0sYBrYH7NljMJMkFE9RojJhGQbHxsXmM5C+a9DPYnCQpYkusCCgyc4iQyUIC3XMr+PrvnLf8nQQo7Ub8YCVYkuS7TRj3gNtfuOMd64ibMUR9Eb5EDksm7ft/Y4m+0qYaiw7vxtAWgjeTGJ7Ginf3nFS7BRDfgTMk+04LwjiwwqK6+ex28RYoKdjpLNwabIxic0SqaI0EC9LEzGIe34CsrsXg8gqBMA1tr5b8eNIkU504SRXcvfRhUKHPwFEhjcuoJWeO/r9xSi2Ng4B/bTp/0CneT9dj
jG7agfnDnknA8s+Sn+Sw3gx7WnV</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><wsu:Timestamp
wsu:Id="TS-130"><wsu:Created>2014-04-23T18:36:30.742Z</wsu:Created><wsu:Expires>2014-04-23T18:36:35.742Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken
wsu:Id="UsernameToken-129"><wsse:Username>POC-Username</wsse:Username><wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">tCrB/vJpre8aByMQKsrZ3I6e//M=</wsse:Password><wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">1ytxvtj+pZkkAP65sxkoQg==</wsse:Nonce><wsu:Created>2014-04-23T18:36:30.741Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header>
   <soap:Body wsu:Id="id-131" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><xenc:EncryptedData
Id="ED-134" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference
wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:Reference
 URI="#EK-E2522E1F1FA164BE57139827819075593"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Q3xcabuAsMPxc623YPtXNXPewOg1Zew2i5lc6pCZSFW93gu8t8Q2S5GsP+J0sHFXbHVdU2KwiBSZGReK0oAa3U73oHs5T2YB2Ib0x7C9Ygi2amt1WU3mP782znUWdAaKlsS7U+/hY6PJOHc6WGUQP/sqW6ncZ20VquVsw7ZGBAcxYluUAahzxGlyDD2v9rmBSK7hX+uFe93avwg4vJbsCqhaBrN1gkvbWBC0gDg+Pybm1CIgf3tfOmfNmY0qESuw3ljljMy8zMpRb/qfHdf2wLDkrs+0vs26C0qotXhKKS+4i9qUGg3HaGM/sCl4rcCM+/HNYL9c1am+vJsKfhBu8fEewCQEJui+spPUxIRYM2cp9GpZOL0pK2M9V3BT/9inuJzxj8V3ckp1f3S9fuFk8vgZNfYCHtQXmajtJ4MWOlMeHE2KtcSpRLuFbLDGn0DNtugZx7aonheKIRpXNYqBskAwSETWpIxGMvoLYnH9PIjB3T4HUB+4mwc724PJ1wVMDwu45zVeO4pUNeL7XQ98gfMC+C0tfitDIBOv75d/YsgigMnc+sGKBtoX4Y7F6j1tEM4BdqA58S/AEyRoMdOoRVP4YJq+VTRbetIVIutpBK+nJGJ7MweDlkLZT7+sxEHoptqLLDfZg7Y/cwL7ro0S4UxVz7I2H2dZo26D5r/nhGzhzLei5VvNYvEG/YYSUyE1uuR/sGxzxavFQ2ssA72RltMqy5C9z5y5</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData><
/soap:Body>
</soap:Envelope>
------=_Part_16_808161854.1398278190760
Content-Type: text/plain; charset=us-ascii; name=test.txt
Content-Transfer-Encoding: 7bit
Content-ID: <85277029681>
Content-Disposition: attachment; name="test.txt"; filename="test.txt"

This is Test file for testing MTOM File Upload...
------=_Part_16_808161854.1398278190760--

--------------------------------------


Regards
Paul
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message