cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: Receiving and Decrypting Encrypted MTOM Attachments
Date Fri, 30 Aug 2013 02:47:03 GMT
Hi,

WSS4J and MTOM doesn't really work well in CXF currently, please see the related discussion
[1] &[2], the coming WSS4J 2.0 should be the final solution

[1]http://cxf.547215.n5.nabble.com/Signature-digest-mismatch-when-NET-supplies-MTOM-attachment-td3270961.html
[2]http://mail-archives.apache.org/mod_mbox/cxf-users/201301.mbox/%3CCAB8XdGA-1aUajDdpN=w5JMaxmQEbvHgHZQN3OYcp2q5od3Cmgw@mail.gmail.com%3E
-------------
Freeman(Yue) Fang

Red Hat, Inc. 
FuseSource is now part of Red Hat
Web: http://fusesource.com | http://www.redhat.com/
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: @Freeman小屋



On 2013-8-30, at 上午1:05, Jennifer Ruttan wrote:

> Hi all,
> 
> I have a web service that responds to me with an encrypted MTOM attachment. The MTOM
attachment is a complex type that contains several fields (base64-encoded data, a string,
integer, and another complex type).
> 
> The response is encrypted as follows (I received this from the web service supplier):
> - The response is encrypted using the public key of the certificate that was used to
sign the incoming message
> - All bits of the public key are used
> - The secret key is encrypted using an RSA cipher with PKCS1 padding; the secret key
itself is 128 bits long, but encrypts to 128 bytes then base64 encodes to 172 bytes
> - The initialization vector is the first 16 bytes of the cipher value in the body; to
recover the IV, base64 decode the CipherValue and take the first 16 bytes from it; the remainder
is the decrypted message
> - The response message encryption scheme is AES cipher with CBC block mechanism and PKCS5
padding
> 
> With all of that said, I have configured the bindingprovider on the client to enable
MTOM support, as follows:
> BindingProvider bp = (BindingProvider)port;
> SOAPBinding binding = (SOAPBinding) bp.getBinding();
> binding.setMTOMEnabled(true);
> 
> All of the responses that this web service delivers are encrypted, but this is the only
type that I can't decrypt automatically via CXF's built-in logic. I receive a WSSecurityException
("The signature or decryption was invalid") when I run the method on the port that responds
with an encrypted MTOM attachment.
> 
> By any chance if anybody knows the best way to proceed and configure the service so that
it decrypts this message type properly, I would appreciate any suggestions.
> 
> Thanks
> Jennifer
> 
> 
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message