cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gina Choi <ginacho...@gmail.com>
Subject Re: Difference between CXF Fediz UT_Port and UTEncrypted_Port
Date Wed, 18 Jul 2012 13:50:49 GMT
Hi Colm,

<<<
What error are you seeing? The default value is rsa-1_5 so it shouldn't
make any difference whether it's specified or not.
>>>
No doubt that rsa01_5 is default value. When I comment out
"encryptionProperties", client sends following SOAP request to WSP. I
abbreviated some part of request to save space. The other thing that I
noticed is encryption algorithm for Body is
"*aes256-cbc<http://www.w3.org/2001/04/xmlenc#aes256-cbc>
",* I think this is because I set SymmetricKey key size to* "256"* in WSP
wsdl file..

So, I tried following combinations, but I am getting same error message(*The
signature or decryption was invalid*) that I was getting at the
begging(detailed error message is at the end of this email).

    <bean id="encProperties"
class="org.apache.cxf.sts.service.EncryptionProperties">
        <property name="encryptionAlgorithm" value="
http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
        <property name="keyWrapAlgorithm" value="
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
    </bean>

or

    <bean id="encProperties"
class="org.apache.cxf.sts.service.EncryptionProperties">
        <property name="encryptionAlgorithm" value="
http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
        <property name="keyWrapAlgorithm" value="
http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
    </bean>


<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Header>

    <Action xmlns="http://www.w3.org/2005/08/addressing"

……………………………..

      <Address>

      http://www.w3.org/2005/08/addressing/anonymous</Address>

    </ReplyTo>

    <wsse:Security xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"

    xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"

    soap:mustUnderstand="1">

      <wsu:Timestamp wsu:Id="TS-9">

        <wsu:Created>2012-07-18T13:27:33.561Z</wsu:Created>

        <wsu:Expires>2012-07-18T13:32:33.561Z</wsu:Expires>

      </wsu:Timestamp>

      <saml1:Assertion xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion"

      xmlns:xs="http://www.w3.org/2001/XMLSchema"

      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

      AssertionID="_8FD304F766D8EC9F4913426180531752"

      IssueInstant="2012-07-18T13:27:33.135Z"

      Issuer="DoubleItSTSIssuer" MajorVersion="1" MinorVersion="1"

      xsi:type="saml1:AssertionType">

        <saml1:Conditions NotBefore="2012-07-18T13:27:33.192Z"

        NotOnOrAfter="2012-07-18T13:57:33.192Z">

          <saml1:AudienceRestrictionCondition>

            <saml1:Audience>


https://wkengchoi.global.sdl.corp:8443/doubleit/services/doubleit</saml1:Audience
>

          </saml1:AudienceRestrictionCondition>

        </saml1:Conditions>

        <saml1:AttributeStatement>

          <saml1:Subject>

            <saml1:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

            NameQualifier="http://cxf.apache.org/sts">

            gchoi</saml1:NameIdentifier>

            <saml1:SubjectConfirmation>

              <saml1:ConfirmationMethod>


urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml1:ConfirmationMethod>

              <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">



                <xenc:EncryptedKey xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#"

                Id="EK-8FD304F766D8EC9F4913426180521881">

                  *<xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#rsa-1_5" />*

                  <ds:KeyInfo>

                    <wsse:SecurityTokenReference xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">

                      <ds:X509Data>

…………………………………………..

      </ds:Signature>

    </wsse:Security>

  </soap:Header>

  <soap:Body xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"

  wsu:Id="Id-33117811">

    <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"

    Id="ED-11" Type="http://www.w3.org/2001/04/xmlenc#Content">

      *<xenc:EncryptionMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#aes256-cbc" />*

      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

        <ns3:SecurityTokenReference xmlns:ns3="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"

        xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"

        wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">

          <ns3:KeyIdentifier ValueType="
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
">

          #_8FD304F766D8EC9F4913426180531752</ns3:KeyIdentifier>

        </ns3:SecurityTokenReference>

      </ds:KeyInfo>

      <xenc:CipherData>

        <xenc:CipherValue>


N2Uccex7TOVh2BpffQu1e0KSyxSp3CAWh0iVkNeQ2FjB4GClOpd56C6zk6p39j5L8n/DoOqbBMmoufG848qQUACKfikmjqfmKQXBcaLZlFYk05BBr5myToUl7FnyJpChLlAJNNdERM2R5Z2eHz1GhYEIm3uS3Xz5UFzX/M0bE9KtaLkhP4CfQWTP/hskcDmg</xenc:CipherValue>

      </xenc:CipherData>

    </xenc:EncryptedData>

  </soap:Body>

</soap:Envelope>



Following is error message on WSP side.


Jul 18, 2012 9:24:55 AM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessage
WARNING:
*org.apache.ws.security.WSSecurityException: The signature or decryption
was invalid*
        at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:314)
        at
org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:172)
        at
org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:100)
        at
org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:60)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
        at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
        at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
        at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
*Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
Given final block not properly padded*
Original Exception was javax.crypto.BadPaddingException: Given final block
not properly padded
        at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1766)
        at
org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612)
        at
org.apache.xml.security.encryption.XMLCipher.decryptElementContent(XMLCipher.java:1650)
        at
org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:978)
        at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:312)
        ... 32 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1762)
        ... 36 more
Jul 18, 2012 9:24:55 AM org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for {
http://www.example.org/contract/DoubleIt}DoubleItService has thrown
exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
invalid
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:780)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
        at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
        at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
        at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
        at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid
        at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:314)
        at
org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:172)
        at
org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:100)
        at
org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:60)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
        ... 27 more
*Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
Given final block not properly padded*
Original Exception was javax.crypto.BadPaddingException: Given final block
not properly padded
        at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1766)
        at
org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612)
        at
org.apache.xml.security.encryption.XMLCipher.decryptElementContent(XMLCipher.java:1650)
        at
org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:978)
        at
org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:312)
        ... 32 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1762)
        ... 36 more
Jul 18, 2012 9:24:55 AM
org.apache.cxf.services.DoubleItService.DoubleItPort.DoubleItPortType
INFO: Outbound Message

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message