Skip to main content

[XWSS] Encrypt attachments problems

16 replies [Last post]
Anonymous

Hi all,

I'm trying to encrypt/decrypt a soap message with attachments with
xwss using them as api.

I try doing it to the soap:body and it works.

If i try to do also to attachments i have some problems.

Encrypt works, but when i decrypt it gives me an exception..
It first call
com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
then
com.sun.xml.wss.impl.callback.DecryptionKeyCallback$X509CertificateBasedRequest

and both find the keys but it gives

com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:146)
at
org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
....
....
Caused by: com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:514)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:468)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:150)

If i try to encrypt only attachments it calls only
com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
then raise the same exception.

Seems that it don't call the DecryptionKeyCallback for the attachments..

This is the config for client:

{http://schemas.xmlsoap.org/soap/
envelope/}Body
cid:*

This is the config for server:

Any suggestion?

Thx!
/Lorenzo

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p151...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
V B Kumar Jayanti

Cencio wrote:

>Still stuck with this issue...
>
>I upgrade to xwss3.0 but still have same problems.
>Encrypt/Verify of the body works perfectly.
>The Simmetric Key is null because no callback is called so no key is
>searched and setted...
>
>
There does not need to be a callback for symmetric-key because the
symmetric-key is generally inside the EncryptedKey element. For the sake
of decryption what is required is the private key of the recipient
(server). Not sure why you are running into this for such a simple
scenario, I will check and getback. If possible please give me a full
testcase ( i am assuming you are using JAXWS right ?).

Thanks.

>I can't find the reason :(
>
>Encript config:
>
> >xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>
>
> cid:*
>

>

>
>
>Verify config:
> >xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">
>
>
>
>
>Message before Encryption:
>
>
>------=_Part_0_24119769.1201878104014
>Content-Type: text/xml; charset=utf-8
>
> >xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> >xmlns="http://spcoop.it/cart/pdd-test"><persona nome="mario"
>cognome="rossi"/>
>href="cid:957BA049ABF6C76B1C7CE40B75B422D8"/> >href="cid:2DA4921C6FFA7EE197D1E56DF6211040"/>

>------=_Part_0_24119769.1201878104014
>Content-Type: text/plain
>Content-ID: <957BA049ABF6C76B1C7CE40B75B422D8>
>content-transfer-encoding: binary
>
>testtesttest
>
>------=_Part_0_24119769.1201878104014--
>
>
>
>
>
>
>
>
>Descryption:
>
>
>
>------=_Part_1_12695543.1201877785955
>Content-Type: text/xml; charset=utf-8
>
> >xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>soapenv:mustUnderstand="1"> >xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
>wsu:Id="XWSSGID-1201877782152-1051078036"
>xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGluay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNVBAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAzMTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0wCwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQDEwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXTU6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBuIwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lRAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>Id="XWSSGID-1201877782436-1535906564"> >Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
>xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> >xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
> >ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
>
> >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">MNtUkz1K0T9saxa4uKvqtOt9+x+tzurswlhOuW3oMeTk0SJjf4UfW3lpg4ADl7lCnFsepLRU4ZfS
>xt79WuxNC6rH9DmJsIsZOAxkqN42TbzSautgDoYhc2WQZ6tXTOvyd5ZVkrjIFm1/NjpPX94CGeV3
>7cCFsmbzx7DZ/q8P9cc= >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>Id="XWSSGID-1201877782829363992180" MimeType="text/plain"
>Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
> >Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> >URI="cid:9B680EBA316B21134A86950556929075"
>xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

>
>
>xmlns="http://spcoop.it/cart/pdd-test"><persona nome="mario"
>cognome="rossi"/>
>href="cid:9B680EBA316B21134A86950556929075"/> >href="cid:32D134BA4B72EBEFC0BA897A455D46AA"/>

>------=_Part_1_12695543.1201877785955
>Content-Type: application/octet-stream
>Content-ID: <9B680EBA316B21134A86950556929075>
>content-transfer-encoding: base64
>Content-Length: 24
>
>4mHFB852e9heBIchlNAnlus52wYFxC/x
>------=_Part_1_12695543.1201877785955--==== Received Message End ====
>15:56:26,008 ERROR [STDERR] 1-feb-2008 15.56.26
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor processEncryptedData
>GRAVE: WSS1231.null.SymmetricKey
>15:56:26,008 INFO [STDOUT] ERRORE!!!!!!
>15:56:26,008 INFO [STDOUT] com.sun.xml.wss.XWSSecurityException:
>com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>15:56:26,009 INFO [STDOUT] at
>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
>15:56:26,009 INFO [STDOUT] at
>org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:90)
>15:56:26,009 INFO [STDOUT] at
>sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>15:56:26,009 INFO [STDOUT] at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>15:56:26,009 INFO [STDOUT] at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>15:56:26,009 INFO [STDOUT] at
>java.lang.reflect.Method.invoke(Method.java:585)
>15:56:26,009 INFO [STDOUT] at
>org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:124)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:82)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:100)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:68)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:56)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:92)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:208)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:77)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:79)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:264)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:123)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:170)
>15:56:26,010 INFO [STDOUT] at
>org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:148)
>15:56:26,011 INFO [STDOUT] at
>javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>15:56:26,011 INFO [STDOUT] at
>javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
>15:56:26,011 INFO [STDOUT] at
>org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
>15:56:26,011 INFO [STDOUT] at
>org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
>15:56:26,011 INFO [STDOUT] at
>org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
>15:56:26,011 INFO [STDOUT] at
>org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>15:56:26,012 INFO [STDOUT] at
>org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
>15:56:26,012 INFO [STDOUT] at
>org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
>15:56:26,012 INFO [STDOUT] at
>org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
>15:56:26,012 INFO [STDOUT] at
>org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
>15:56:26,012 INFO [STDOUT] at
>org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
>15:56:26,012 INFO [STDOUT] at
>org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
>15:56:26,012 INFO [STDOUT] at
>org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
>15:56:26,012 INFO [STDOUT] at java.lang.Thread.run(Thread.java:595)
>15:56:26,012 INFO [STDOUT] Caused by: com.sun.xml.wss.XWSSecurityException:
>Symmetric Key is null
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:489)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:419)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:131)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:421)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:81)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:251)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:849)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:801)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:242)
>15:56:26,013 INFO [STDOUT] at
>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:134)
>15:56:26,013 INFO [STDOUT] ... 40 more
>
>
>
>
>Thx for any help
>/Lorenzo
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Cencio

V B Kumar Jayanti wrote:
>
>
> Not sure why you are running into this for such a simple
> scenario, I will check and getback.
>
> If possible please give me a full
> testcase ( i am assuming you are using JAXWS right ?).
>
>

No, i'm using xwss api in a standalone client.

Here my test_case : http://www.nabble.com/file/p15264479/xwss-test.tar
xwss-test.tar

Just edit run.sh and set the api's classpath.

Thx, for your help
Lorenzo

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p152...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Cencio

Err.. well.. The message BEFORE the encoding don't have the
Content-Transfer-Encoding set:

------=_Part_0_17900022.1201697816920
Content-Type: text/xml; charset=utf-8

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

xmlns:tru="http://fabrikam123.com/payloads">QQQ

------=_Part_0_17900022.1201697816920
Content-Type: text/plain
Content-ID: asdfghjkl

provaContenutoprova
------=_Part_0_17900022.1201697816920--

ant it appear after encryption.

If i remove that mime header the encrypt don't works on attachment (the dump
show strange characters this time) then raise the "requirements not met"
error.

i show you again the source of my test:

public static void main(String[] args) throws Exception {
FileInputStream pdConfig = null;
FileInputStream paConfig = null;
try {
SOAPMessage request = MessageFactory.newInstance().createMessage();
SOAPBody body = request.getSOAPBody();
SOAPBodyElement sbe = body.addBodyElement(
SOAPFactory.newInstance().createName(
"StockSymbol",
"tru",
"http://fabrikam123.com/payloads"));
sbe.addTextNode("QQQ");

AttachmentPart ap = request.createAttachmentPart();
ap.setMimeHeader("Content-Type", "application/xml");
ap.setContent("provaContenutoprova", "text/plain");
ap.setContentId("asdfghjkl");
request.addAttachmentPart(ap);
//request.writeTo(System.out);

pdConfig = new java.io.FileInputStream(new
java.io.File("/etc/openspcoop/pd.properties"));
XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance();
XWSSProcessor pdprocessor =
factory.createProcessorForSecurityConfiguration(
pdConfig, new SecurityEnvironmentHandler("pd"));
pdConfig.close();
ProcessingContext pdcontext = new ProcessingContext();
pdcontext.setSOAPMessage(request);
//secure the message.
SOAPMessage encrypted = pdprocessor.secureOutboundMessage(pdcontext);

//((AttachmentPart)
encrypted.getAttachments().next()).removeMimeHeader("Content-Transfer-Encoding");

paConfig = new java.io.FileInputStream(new
java.io.File("/etc/openspcoop/pa.properties"));

ProcessingContext pacontext = new ProcessingContext();
XWSSProcessor paprocessor =
factory.createProcessorForSecurityConfiguration(
paConfig, new SecurityEnvironmentHandler("pa"));
paConfig.close();

pacontext.setSOAPMessage(encrypted);
SOAPMessage unsecureMsg = paprocessor.verifyInboundMessage(pacontext);

}
catch (Exception e) {
System.out.println("ERRORE!!!!!!");
e.printStackTrace(System.out);
}

}

Thx for ur help,
/Lorenzo

V B Kumar Jayanti wrote:
>
> Hi,
>
> I see that Content-Transfer-Encoding Mime Header is set in your
> attachment.
>
> Content-Transfer-Encoding: base64
>
>
> I am not sure we handle this. Basically we would have to first base64
> decode the bytes to obtain the encrypted attachment and then try to
> decrypt the result.
>
> So is there a way you can disable Content-Tranfer-Encoding (just to see
> if everything works fine then). And you can file an RFE at
> xwss.dev.java.net for handling Content-Transfer-Encoding. Going by that
> if you had signed the attachment then probably the verification of
> signature should fail as well. Can you confirm ?.
>
> regards,
> kumar
>
>

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p151...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

V B Kumar Jayanti

Hi,

this is Issue#17 :
https://xwss.dev.java.net/issues/show_bug.cgi?id=17 and this is fixed
(although it did not make it to FCS). So you can download either XWSS2.0
or XWSS3.0 from the link below and you should see the issue resolved :

https://xwss.dev.java.net/servlets/ProjectDocumentList?folderID=5501&exp...

Let us know.

regards,
kumar

Cencio wrote:

>I'm tryed both 2.0 and 3.0 with same results.
>
>i use some CXF api, so i try with only metro's api and now i get another
>error:
>
>29-gen-2008 13.45.06 com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor
>processEncryptedKey
>GRAVE: Error occurred while decrypting
>java.lang.NullPointerException
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:453)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:292)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:213)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:116)
> at
>com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:210)
> at
>com.sun.xml.wss.impl.SecurityRecipient.pProcessOnce(SecurityRecipient.java:1034)
> at
>com.sun.xml.wss.impl.SecurityRecipient.pProcess(SecurityRecipient.java:1101)
> at
>com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:724)
> at
>com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:216)
> at
>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:113)
> at
>test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
>
>
>
>i saw that the reference is but it
>should be cid:testCid ... that may cause the null pointer??
>
>This is the code:
>
> FileInputStream pdConfig = null;
> FileInputStream paConfig = null;
> //request.removeAllAttachments();
> try {
> SOAPMessage request =
>MessageFactory.newInstance().createMessage();
> SOAPBody body = request.getSOAPBody();
> SOAPBodyElement sbe = body.addBodyElement(
> SOAPFactory.newInstance().createName(
> "StockSymbol",
> "tru",
> "http://fabrikam123.com/payloads"));
> sbe.addTextNode("QQQ");
> AttachmentPart ap = request.createAttachmentPart();
> ap.setMimeHeader("Content-Type", "application/xml");
> ap.setContent("provaContenutoprova", "text/plain");
> ap.setContentId("testId");
> request.addAttachmentPart(ap);
>
> pdConfig = new java.io.FileInputStream(new
>
>java.io.File("/etc/openspcoop/pd.properties"));
>
> XWSSProcessorFactory factory =
>XWSSProcessorFactory.newInstance();
>
> XWSSProcessor pdprocessor =
>
>factory.createProcessorForSecurityConfiguration(
> pdConfig, new
>SecurityEnvironmentHandler("pd"));
> pdConfig.close();
> ProcessingContext pdcontext = new
>ProcessingContext();
> pdcontext.setSOAPMessage(request);
>
> //secure the message.
> SOAPMessage encrypted =
>pdprocessor.secureOutboundMessage(pdcontext);
>
> paConfig = new java.io.FileInputStream(new
>
>java.io.File("/etc/openspcoop/pa.properties"));
>
> ProcessingContext pacontext = new
>ProcessingContext();
> XWSSProcessor paprocessor =
>
>factory.createProcessorForSecurityConfiguration(
> paConfig, new
>SecurityEnvironmentHandlerSwA());
> paConfig.close();
>
>
> pacontext.setSOAPMessage(encrypted);
>
> SOAPMessage unsecureMsg =
>paprocessor.verifyInboundMessage(pacontext);
>
> unsecureMsg.writeTo(System.out);
>
>thx
>/Lorenzo
>
>
>
>
>
>
>
>
>V B Kumar Jayanti wrote:
>
>
>>We do have Attachment Tests that pass. Are you using XWSS 2.0 or 3.0
>>?. Can you set DumpMessages=true and try and see if the message was
>>generated correctly in the first place ?.
>>
>>Would it be possible to provide us a reproducable testcase. If so
>>please do, otherwise i will try to make a sample of my own.
>>
>>Thanks.
>>
>>Cencio wrote:
>>
>>
>>
>>>Hi all,
>>>
>>>I'm trying to encrypt/decrypt a soap message with attachments with
>>>xwss using them as api.
>>>
>>>I try doing it to the soap:body and it works.
>>>
>>>If i try to do also to attachments i have some problems.
>>>
>>>Encrypt works, but when i decrypt it gives me an exception..
>>>It first call
>>>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>>then
>>>com.sun.xml.wss.impl.callback.DecryptionKeyCallback$X509CertificateBasedRequest
>>>
>>>and both find the keys but it gives
>>>
>>>com.sun.xml.wss.XWSSecurityException:
>>>com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>>> at
>>>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:146)
>>> at
>>>org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:82)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>>>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>....
>>>....
>>>Caused by: com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>>> at
>>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:514)
>>> at
>>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:468)
>>> at
>>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:150)
>>>
>>>
>>>
>>>If i try to encrypt only attachments it calls only
>>>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>>then raise the same exception.
>>>
>>>Seems that it don't call the DecryptionKeyCallback for the attachments..
>>>
>>>This is the config for client:
>>>
>>> >>>xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>>
>>>
>>> {http://schemas.xmlsoap.org/soap/
>>>envelope/}Body

>>>cid:*
>>>

>>>

>>>
>>>
>>>This is the config for server:
>>>
>>> >>>xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>>
>>>
>>>

>>>
>>>
>>>Any suggestion?
>>>
>>>Thx!
>>>/Lorenzo
>>>
>>>
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
>>For additional commands, e-mail: users-help@metro.dev.java.net
>>
>>
>>
>>
>>
>
>
>

[att1.html]

Cencio

Thank you both for your reply,

i download the snapshotBuild suggested by Kumar and that ReferenceID problem
is solved.

I Still have problems with decryption.

I successful encrypt the body and the attachment of a message.

When the message is decrypted it doesn't raise any error, but the attachment
is still encrypted, but it's content is different from the source. Like it
use a bad key or algorytm..

I tryed to set the RequireEcryption option in the server config, and it
gives me this error:

GRAVE: Error occurred while decrypting
com.sun.xml.wss.XWSSecurityException: Receiver requirement for
URI#XWSSGID-1201688574830-1457903393 is not met
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
....
....

That URI is the attachment's one.

This one encrypted/decripted message:

30-gen-2008 11.44.25 com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Received Message Start ====
------=_Part_1_4519815.1201689865656
Content-Type: text/xml; charset=utf-8

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
SOAP-ENV:mustUnderstand="1"> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="XWSSGID-12016898644171035328393">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGlu
ay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNV
BAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAz
MTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0w
CwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQD
EwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXT
U6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBu
IwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lR
AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ
6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6
gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

VPiyLucOEDiNXrZH3Edrsr/asecSajFTprZZusSvGLzg/r//O6E00aqPM0RFo+cCBMz/umh02HN3
H4p53UU+VzsQeZLNWPo2ksitZMhbURIrjjbKqOMLm3Qrp0dOpyI5+r/DnMYnqGZPEORSMJ2eIpVP
Cyhi/jpdKd+OG+KeTbw=
URI="#XWSSGID-12016898652811149308437"/> URI="#XWSSGID-12016898652661913039664"/> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="XWSSGID-12016898652661913039664" MimeType="text/plain"
Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
URI="cid:asdfghjkl"> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="XWSSGID-12016898652811149308437"
Type="http://www.w3.org/2001/04/xmlenc#Content"> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>jmPB5XYxrrfbOts/JkcIeR8vmY4qUqcovMiMmrd1mAvBNGOb3oLxhRO6+tHRulfAdP/CQiEOV66B
XtiqZi3w5yIQvemPjoUAXoJ5HgRaGssf+tlsFup2oAual7J4thojW+CHxqekbdMHTS11JefRs27p
U6dLu3IGP4xZaxW2XfRPkr8WVreq0sYp8Ux8xAa2njMiGAyAu+I=

------=_Part_1_4519815.1201689865656
Content-Type: application/octet-stream
Content-ID: asdfghjkl
Content-Length: 32
Content-Transfer-Encoding: base64

a4YuFDMU2vgVXLdcTx3r/VpPoD+yyNeSvzSHvrJ7uok=
------=_Part_1_4519815.1201689865656--==== Received Message End ====

-------------------------------------
----- Decrypted Message -----------
-------------------------------------

------=_Part_2_1440568.1201689865805
Content-Type: text/xml; charset=utf-8

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

xmlns:tru="http://fabrikam123.com/payloads">QQQ

------=_Part_2_1440568.1201689865805
Content-Type: text/plain
Content-ID: asdfghjkl
Content-Length: 19
Content-Transfer-Encoding: base64

cHJvdmFDb250ZW51dG9wcm92YQ==
------=_Part_2_1440568.1201689865805--

This is the output if i enable RequireEncryption

30-gen-2008 11.45.32 com.sun.xml.wss.impl.filter.DumpFilter process
INFO: ==== Received Message Start ====
------=_Part_1_4519815.1201689932412
Content-Type: text/xml; charset=utf-8

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
SOAP-ENV:mustUnderstand="1"> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="XWSSGID-1201689931114491862688">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGlu
ay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNV
BAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAz
MTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0w
CwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQD
EwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXT
U6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBu
IwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lR
AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ
6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6
gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

hPKmPHbwLwrtsGtmapARFDGjcyzuWbydelDgeunBqk2NFLUF61naWWsd64k9xnXeF4DkGcA0h8si
V875AUPzjMOO/dyepaTToeKAdfygJbktsZsNWKRr1pTqhDxuVYS6Bdi7urrN5KxUbOZh3aVKjf11
XDC04oMLlMQmJT/6to8=
URI="#XWSSGID-1201689931993-1276511314"/> URI="#XWSSGID-1201689931978-2102658658"/> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="XWSSGID-1201689931978-2102658658" MimeType="text/plain"
Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
URI="cid:asdfghjkl"> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="XWSSGID-1201689931993-1276511314"
Type="http://www.w3.org/2001/04/xmlenc#Content"> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>yKM0YBQdbJGfDXUJdR4WUNIuW0bWK30mwRgYdwnoRQJjcwPT6o8wWhFRPj0qNtxqWR06lzjn4EOc
LOfuqw+P/9eMNjq3gXle7YINC1jkXv3Tnl+0dXjaiMTgy8Dk5NhnPAD9tl8dsO5n/5bSBECtEmGN
rcSoLje86qUeR8uppPEF+ytuHtKpLw7g4YCdRwvHyQGlV4WyeMM=

------=_Part_1_4519815.1201689932412
Content-Type: application/octet-stream
Content-ID: asdfghjkl
Content-Length: 32
Content-Transfer-Encoding: base64

41qY06H0QugHNPAx8kznQPWWCx66gsQCFf9nFcQhfZE=
------=_Part_1_4519815.1201689932412--==== Received Message End ====

30-gen-2008 11.45.32 com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor
processEncryptedKey
GRAVE: Error occurred while decrypting
com.sun.xml.wss.XWSSecurityException: Receiver requirement for
URI#XWSSGID-1201689931978-2102658658 is not met
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:232)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:135)
at
com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:229)
at
com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:85)
at
com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
at
com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:826)
at
com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:777)
at
com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:235)
at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
at
test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
ERRORE!!!!!!
com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Receiver requirement for
URI#XWSSGID-1201689931978-2102658658 is not met
at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:138)
at
test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
Caused by: com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Receiver requirement for
URI#XWSSGID-1201689931978-2102658658 is not met
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:238)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:135)
at
com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:229)
at
com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:85)
at
com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
at
com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:826)
at
com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:777)
at
com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:235)
at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
... 1 more
Caused by: com.sun.xml.wss.XWSSecurityException: Receiver requirement for
URI#XWSSGID-1201689931978-2102658658 is not met
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:232)
... 9 more

Thx for any help,
/Lorenzo
--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p151...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

V B Kumar Jayanti

Hi,

I see that Content-Transfer-Encoding Mime Header is set in your
attachment.

Content-Transfer-Encoding: base64

I am not sure we handle this. Basically we would have to first base64 decode the bytes to obtain the encrypted attachment and then try to decrypt the result.

So is there a way you can disable Content-Tranfer-Encoding (just to see if everything works fine then). And you can file an RFE at xwss.dev.java.net for handling Content-Transfer-Encoding. Going by that if you had signed the attachment then probably the verification of signature should fail as well. Can you confirm ?.

regards,
kumar

Cencio wrote:

>Thank you both for your reply,
>
>i download the snapshotBuild suggested by Kumar and that ReferenceID problem
>is solved.
>
>I Still have problems with decryption.
>
>I successful encrypt the body and the attachment of a message.
>
>When the message is decrypted it doesn't raise any error, but the attachment
>is still encrypted, but it's content is different from the source. Like it
>use a bad key or algorytm..
>
>I tryed to set the RequireEcryption option in the server config, and it
>gives me this error:
>
>GRAVE: Error occurred while decrypting
>com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>URI#XWSSGID-1201688574830-1457903393 is not met
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
>....
>....
>
>That URI is the attachment's one.
>
>This one encrypted/decripted message:
>
>
>30-gen-2008 11.44.25 com.sun.xml.wss.impl.filter.DumpFilter process
>INFO: ==== Received Message Start ====
>------=_Part_1_4519815.1201689865656
>Content-Type: text/xml; charset=utf-8
>
> >xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
> >xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>SOAP-ENV:mustUnderstand="1"> >xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
>wsu:Id="XWSSGID-12016898644171035328393">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGlu
>ay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNV
>BAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAz
>MTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0w
>CwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQD
>EwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXT
>U6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBu
>IwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lR
>AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ
>6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6
>gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> >xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>
> >ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
>

>VPiyLucOEDiNXrZH3Edrsr/asecSajFTprZZusSvGLzg/r//O6E00aqPM0RFo+cCBMz/umh02HN3
>H4p53UU+VzsQeZLNWPo2ksitZMhbURIrjjbKqOMLm3Qrp0dOpyI5+r/DnMYnqGZPEORSMJ2eIpVP
>Cyhi/jpdKd+OG+KeTbw=
>URI="#XWSSGID-12016898652811149308437"/> >URI="#XWSSGID-12016898652661913039664"/> >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>Id="XWSSGID-12016898652661913039664" MimeType="text/plain"
>Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
> >Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> >URI="cid:asdfghjkl"> >xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

>
>
>xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>Id="XWSSGID-12016898652811149308437"
>Type="http://www.w3.org/2001/04/xmlenc#Content"> >Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>jmPB5XYxrrfbOts/JkcIeR8vmY4qUqcovMiMmrd1mAvBNGOb3oLxhRO6+tHRulfAdP/CQiEOV66B
>XtiqZi3w5yIQvemPjoUAXoJ5HgRaGssf+tlsFup2oAual7J4thojW+CHxqekbdMHTS11JefRs27p
>U6dLu3IGP4xZaxW2XfRPkr8WVreq0sYp8Ux8xAa2njMiGAyAu+I=

>------=_Part_1_4519815.1201689865656
>Content-Type: application/octet-stream
>Content-ID: asdfghjkl
>Content-Length: 32
>Content-Transfer-Encoding: base64
>
>a4YuFDMU2vgVXLdcTx3r/VpPoD+yyNeSvzSHvrJ7uok=
>------=_Part_1_4519815.1201689865656--==== Received Message End ====
>
>
>
>
>-------------------------------------
>----- Decrypted Message -----------
>-------------------------------------
>
>
>
>------=_Part_2_1440568.1201689865805
>Content-Type: text/xml; charset=utf-8
>
> >xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
>

>xmlns:tru="http://fabrikam123.com/payloads">QQQ

>------=_Part_2_1440568.1201689865805
>Content-Type: text/plain
>Content-ID: asdfghjkl
>Content-Length: 19
>Content-Transfer-Encoding: base64
>
>cHJvdmFDb250ZW51dG9wcm92YQ==
>------=_Part_2_1440568.1201689865805--
>
>
>
>
>
>
>
>
>
>
>
>
>
>This is the output if i enable RequireEncryption
>
>
>
>
>30-gen-2008 11.45.32 com.sun.xml.wss.impl.filter.DumpFilter process
>INFO: ==== Received Message Start ====
>------=_Part_1_4519815.1201689932412
>Content-Type: text/xml; charset=utf-8
>
> >xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
> >xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>SOAP-ENV:mustUnderstand="1"> >xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
>wsu:Id="XWSSGID-1201689931114491862688">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGlu
>ay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNV
>BAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAz
>MTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0w
>CwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQD
>EwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXT
>U6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBu
>IwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lR
>AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ
>6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6
>gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> >xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>
> >ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
>

>hPKmPHbwLwrtsGtmapARFDGjcyzuWbydelDgeunBqk2NFLUF61naWWsd64k9xnXeF4DkGcA0h8si
>V875AUPzjMOO/dyepaTToeKAdfygJbktsZsNWKRr1pTqhDxuVYS6Bdi7urrN5KxUbOZh3aVKjf11
>XDC04oMLlMQmJT/6to8=
>URI="#XWSSGID-1201689931993-1276511314"/> >URI="#XWSSGID-1201689931978-2102658658"/> >xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>Id="XWSSGID-1201689931978-2102658658" MimeType="text/plain"
>Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
> >Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
> >URI="cid:asdfghjkl"> >xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

>
>
>xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>Id="XWSSGID-1201689931993-1276511314"
>Type="http://www.w3.org/2001/04/xmlenc#Content"> >Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>yKM0YBQdbJGfDXUJdR4WUNIuW0bWK30mwRgYdwnoRQJjcwPT6o8wWhFRPj0qNtxqWR06lzjn4EOc
>LOfuqw+P/9eMNjq3gXle7YINC1jkXv3Tnl+0dXjaiMTgy8Dk5NhnPAD9tl8dsO5n/5bSBECtEmGN
>rcSoLje86qUeR8uppPEF+ytuHtKpLw7g4YCdRwvHyQGlV4WyeMM=

>------=_Part_1_4519815.1201689932412
>Content-Type: application/octet-stream
>Content-ID: asdfghjkl
>Content-Length: 32
>Content-Transfer-Encoding: base64
>
>41qY06H0QugHNPAx8kznQPWWCx66gsQCFf9nFcQhfZE=
>------=_Part_1_4519815.1201689932412--==== Received Message End ====
>
>30-gen-2008 11.45.32 com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor
>processEncryptedKey
>GRAVE: Error occurred while decrypting
>com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>URI#XWSSGID-1201689931978-2102658658 is not met
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:232)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:135)
> at
>com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:229)
> at
>com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:85)
> at
>com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
> at
>com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:826)
> at
>com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:777)
> at
>com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:235)
> at
>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
> at
>test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
>ERRORE!!!!!!
>com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException:
>com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>URI#XWSSGID-1201689931978-2102658658 is not met
> at
>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:138)
> at
>test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
>Caused by: com.sun.xml.wss.XWSSecurityException:
>com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>URI#XWSSGID-1201689931978-2102658658 is not met
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:238)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:135)
> at
>com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:229)
> at
>com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:85)
> at
>com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
> at
>com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:826)
> at
>com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:777)
> at
>com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:235)
> at
>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
> ... 1 more
>Caused by: com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>URI#XWSSGID-1201689931978-2102658658 is not met
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:232)
> ... 9 more
>
>
>
>
>
>
>Thx for any help,
>/Lorenzo
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

V B Kumar Jayanti

Here is what the BSP Says :
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0-2004-05-12.html

12.2.3 Encoding

R6103 A MIME Part signed using WSS MUST have a Content-Transfer-Encoding
of binary in effect at the time of WSS processing at both the SENDER and
RECEIVER. This does not preclude use of another form of
Content-Transfer-Encoding after a message is signed as long as it is
removed before the message is verified.

So i believe somehow the message supplied to XWSS runtime was a Base64
encoded one ?. Not sure what is going on...

regards,
kumar

V B Kumar Jayanti wrote:

> Hi,
>
> I see that Content-Transfer-Encoding Mime Header is set in your
> attachment.
> Content-Transfer-Encoding: base64
>
>
> I am not sure we handle this. Basically we would have to first base64
> decode the bytes to obtain the encrypted attachment and then try to
> decrypt the result.
> So is there a way you can disable Content-Tranfer-Encoding (just to
> see if everything works fine then). And you can file an RFE at
> xwss.dev.java.net for handling Content-Transfer-Encoding. Going by
> that if you had signed the attachment then probably the verification
> of signature should fail as well. Can you confirm ?.
>
> regards,
> kumar
>
>
>
>
> Cencio wrote:
>
>> Thank you both for your reply,
>>
>> i download the snapshotBuild suggested by Kumar and that ReferenceID
>> problem
>> is solved.
>> I Still have problems with decryption.
>>
>> I successful encrypt the body and the attachment of a message.
>>
>> When the message is decrypted it doesn't raise any error, but the
>> attachment
>> is still encrypted, but it's content is different from the source.
>> Like it
>> use a bad key or algorytm..
>>
>> I tryed to set the RequireEcryption option in the server config, and it
>> gives me this error:
>>
>> GRAVE: Error occurred while decrypting
>> com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>> URI#XWSSGID-1201688574830-1457903393 is not met
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
>>
>> ....
>> ....
>>
>> That URI is the attachment's one.
>>
>> This one encrypted/decripted message:
>>
>>
>> 30-gen-2008 11.44.25 com.sun.xml.wss.impl.filter.DumpFilter process
>> INFO: ==== Received Message Start ====
>> ------=_Part_1_4519815.1201689865656
>> Content-Type: text/xml; charset=utf-8
>>
>> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
>>
>> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>>
>> SOAP-ENV:mustUnderstand="1"> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>
>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>>
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
>>
>> wsu:Id="XWSSGID-12016898644171035328393">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGlu
>>
>> ay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNV
>>
>> BAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAz
>>
>> MTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0w
>>
>> CwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQD
>>
>> EwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXT
>>
>> U6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBu
>>
>> IwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lR
>>
>> AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ
>>
>> 6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6
>>
>> gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= >>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>
>> >> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
>>
>>

>> VPiyLucOEDiNXrZH3Edrsr/asecSajFTprZZusSvGLzg/r//O6E00aqPM0RFo+cCBMz/umh02HN3
>>
>> H4p53UU+VzsQeZLNWPo2ksitZMhbURIrjjbKqOMLm3Qrp0dOpyI5+r/DnMYnqGZPEORSMJ2eIpVP
>>
>> Cyhi/jpdKd+OG+KeTbw=
>>
>> URI="#XWSSGID-12016898652811149308437"/> >> URI="#XWSSGID-12016898652661913039664"/>
>>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> Id="XWSSGID-12016898652661913039664" MimeType="text/plain"
>> Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
>>
>> >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>> >> URI="cid:asdfghjkl"> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

>>
>>
>>
>>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> Id="XWSSGID-12016898652811149308437"
>> Type="http://www.w3.org/2001/04/xmlenc#Content"> >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>jmPB5XYxrrfbOts/JkcIeR8vmY4qUqcovMiMmrd1mAvBNGOb3oLxhRO6+tHRulfAdP/CQiEOV66B
>>
>> XtiqZi3w5yIQvemPjoUAXoJ5HgRaGssf+tlsFup2oAual7J4thojW+CHxqekbdMHTS11JefRs27p
>>
>> U6dLu3IGP4xZaxW2XfRPkr8WVreq0sYp8Ux8xAa2njMiGAyAu+I=

>>
>> ------=_Part_1_4519815.1201689865656
>> Content-Type: application/octet-stream
>> Content-ID: asdfghjkl
>> Content-Length: 32
>> Content-Transfer-Encoding: base64
>>
>> a4YuFDMU2vgVXLdcTx3r/VpPoD+yyNeSvzSHvrJ7uok=
>> ------=_Part_1_4519815.1201689865656--==== Received Message End ====
>>
>>
>>
>>
>> -------------------------------------
>> ----- Decrypted Message -----------
>> -------------------------------------
>>
>>
>>
>> ------=_Part_2_1440568.1201689865805
>> Content-Type: text/xml; charset=utf-8
>>
>> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
>>
>>

>> xmlns:tru="http://fabrikam123.com/payloads">QQQ

>>
>> ------=_Part_2_1440568.1201689865805
>> Content-Type: text/plain
>> Content-ID: asdfghjkl
>> Content-Length: 19
>> Content-Transfer-Encoding: base64
>>
>> cHJvdmFDb250ZW51dG9wcm92YQ==
>> ------=_Part_2_1440568.1201689865805--
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> This is the output if i enable RequireEncryption
>>
>>
>>
>>
>> 30-gen-2008 11.45.32 com.sun.xml.wss.impl.filter.DumpFilter process
>> INFO: ==== Received Message Start ====
>> ------=_Part_1_4519815.1201689932412
>> Content-Type: text/xml; charset=utf-8
>>
>> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
>>
>> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>>
>> SOAP-ENV:mustUnderstand="1"> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>>
>> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
>>
>> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
>>
>> wsu:Id="XWSSGID-1201689931114491862688">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGlu
>>
>> ay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNV
>>
>> BAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAz
>>
>> MTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0w
>>
>> CwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQD
>>
>> EwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXT
>>
>> U6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBu
>>
>> IwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lR
>>
>> AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ
>>
>> 6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6
>>
>> gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= >>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> >> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>>
>> >> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
>>
>>

>> hPKmPHbwLwrtsGtmapARFDGjcyzuWbydelDgeunBqk2NFLUF61naWWsd64k9xnXeF4DkGcA0h8si
>>
>> V875AUPzjMOO/dyepaTToeKAdfygJbktsZsNWKRr1pTqhDxuVYS6Bdi7urrN5KxUbOZh3aVKjf11
>>
>> XDC04oMLlMQmJT/6to8=
>>
>> URI="#XWSSGID-1201689931993-1276511314"/> >> URI="#XWSSGID-1201689931978-2102658658"/>
>>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> Id="XWSSGID-1201689931978-2102658658" MimeType="text/plain"
>> Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
>>
>> >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
>> >> URI="cid:asdfghjkl"> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

>>
>>
>>
>>
>> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
>> Id="XWSSGID-1201689931993-1276511314"
>> Type="http://www.w3.org/2001/04/xmlenc#Content"> >> Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>yKM0YBQdbJGfDXUJdR4WUNIuW0bWK30mwRgYdwnoRQJjcwPT6o8wWhFRPj0qNtxqWR06lzjn4EOc
>>
>> LOfuqw+P/9eMNjq3gXle7YINC1jkXv3Tnl+0dXjaiMTgy8Dk5NhnPAD9tl8dsO5n/5bSBECtEmGN
>>
>> rcSoLje86qUeR8uppPEF+ytuHtKpLw7g4YCdRwvHyQGlV4WyeMM=

>>
>> ------=_Part_1_4519815.1201689932412
>> Content-Type: application/octet-stream
>> Content-ID: asdfghjkl
>> Content-Length: 32
>> Content-Transfer-Encoding: base64
>>
>> 41qY06H0QugHNPAx8kznQPWWCx66gsQCFf9nFcQhfZE=
>> ------=_Part_1_4519815.1201689932412--==== Received Message End ====
>>
>> 30-gen-2008 11.45.32
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor
>> processEncryptedKey
>> GRAVE: Error occurred while decrypting
>> com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>> URI#XWSSGID-1201689931978-2102658658 is not met
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
>>
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:232)
>>
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:135)
>>
>> at
>> com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:229)
>>
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:85)
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:826)
>>
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:777)
>>
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:235)
>>
>> at
>> com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
>>
>> at
>> test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
>>
>> ERRORE!!!!!!
>> com.sun.xml.wss.XWSSecurityException:
>> com.sun.xml.wss.XWSSecurityException:
>> com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>> URI#XWSSGID-1201689931978-2102658658 is not met
>> at
>> com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:138)
>>
>> at
>> test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
>>
>> Caused by: com.sun.xml.wss.XWSSecurityException:
>> com.sun.xml.wss.XWSSecurityException: Receiver requirement for
>> URI#XWSSGID-1201689931978-2102658658 is not met
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:238)
>>
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:135)
>>
>> at
>> com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:229)
>>
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:85)
>> at
>> com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:826)
>>
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:777)
>>
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:235)
>>
>> at
>> com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
>>
>> ... 1 more
>> Caused by: com.sun.xml.wss.XWSSecurityException: Receiver requirement
>> for
>> URI#XWSSGID-1201689931978-2102658658 is not met
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:329)
>>
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:232)
>>
>> ... 9 more
>>
>>
>>
>>
>>
>>
>> Thx for any help,
>> /Lorenzo
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
> For additional commands, e-mail: users-help@metro.dev.java.net
>

[att1.html]

Cencio

Still stuck with this issue...

I upgrade to xwss3.0 but still have same problems.
Encrypt/Verify of the body works perfectly.
The Simmetric Key is null because no callback is called so no key is
searched and setted...
I can't find the reason :(

Encript config:

xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">


cid:*

Verify config:
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">

Message before Encryption:

------=_Part_0_24119769.1201878104014
Content-Type: text/xml; charset=utf-8

xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> xmlns="http://spcoop.it/cart/pdd-test"><persona nome="mario"
cognome="rossi"/>
href="cid:957BA049ABF6C76B1C7CE40B75B422D8"/> href="cid:2DA4921C6FFA7EE197D1E56DF6211040"/>

------=_Part_0_24119769.1201878104014
Content-Type: text/plain
Content-ID: <957BA049ABF6C76B1C7CE40B75B422D8>
content-transfer-encoding: binary

testtesttest

------=_Part_0_24119769.1201878104014--

Descryption:

------=_Part_1_12695543.1201877785955
Content-Type: text/xml; charset=utf-8

xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
soapenv:mustUnderstand="1"> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="XWSSGID-1201877782152-1051078036"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">MIICXDCCAcUCBEYADOMwDQYJKoZIhvcNAQEFBQAwdTEcMBoGCSqGSIb3DQEJARYNbWFuY2FAbGluay5pdDELMAkGA1UEBhMCSVQxDTALBgNVBAcTBFBpc2ExEDAOBgNVBAoTB0xpbmsuaXQxEDAOBgNVBAsTB0RldiBMYWIxFTATBgNVBAMTDEFuZHJlYSBNYW5jYTAeFw0wNzAzMjAxNjMzMzlaFw0wODAzMTQxNjMzMzlaMHUxHDAaBgkqhkiG9w0BCQEWDW1hbmNhQGxpbmsuaXQxCzAJBgNVBAYTAklUMQ0wCwYDVQQHEwRQaXNhMRAwDgYDVQQKEwdMaW5rLml0MRAwDgYDVQQLEwdEZXYgTGFiMRUwEwYDVQQDEwxBbmRyZWEgTWFuY2EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK+FkDsyWwZISIDbcoXTU6yYeTd5SVo5DSyS5AHnaoHRLPdXZ4cEWBS9egtZxvuqRwyd3cV+uG+uBXZSFiEGZIkc+ybIzBBuIwbrwaMJbZeSNTJA6+wL4ECVvnoVxEHbP9AMI2ydtfpPGvrVsSvv+o8RFsAWA2I3EG4klHr1i1lRAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAhFXWTJsig6rrxUXe2QcIDFg2HgGQSfGd60R2KiLNNhsQ6NdxjpHF1vJPlmiI38gUvvOwrseMo7zKaf5FAij3oK9Od4JHjSHPVpxYPbzPakbN0vix3TCtZUd6gs04q95tQaA8cf6ItTMuTGNmEAe0y0uz066hBaaRMTLE9kdS9U4= xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="XWSSGID-1201877782436-1535906564"> Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>

xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">MNtUkz1K0T9saxa4uKvqtOt9+x+tzurswlhOuW3oMeTk0SJjf4UfW3lpg4ADl7lCnFsepLRU4ZfS
xt79WuxNC6rH9DmJsIsZOAxkqN42TbzSautgDoYhc2WQZ6tXTOvyd5ZVkrjIFm1/NjpPX94CGeV3
7cCFsmbzx7DZ/q8P9cc= xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="XWSSGID-1201877782829363992180" MimeType="text/plain"
Type="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only">
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
URI="cid:9B680EBA316B21134A86950556929075"
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-swa-profile-1.0#Attachment-Content-Only-Transform"/>

xmlns="http://spcoop.it/cart/pdd-test"><persona nome="mario"
cognome="rossi"/>
href="cid:9B680EBA316B21134A86950556929075"/> href="cid:32D134BA4B72EBEFC0BA897A455D46AA"/>

------=_Part_1_12695543.1201877785955
Content-Type: application/octet-stream
Content-ID: <9B680EBA316B21134A86950556929075>
content-transfer-encoding: base64
Content-Length: 24

4mHFB852e9heBIchlNAnlus52wYFxC/x
------=_Part_1_12695543.1201877785955--==== Received Message End ====
15:56:26,008 ERROR [STDERR] 1-feb-2008 15.56.26
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor processEncryptedData
GRAVE: WSS1231.null.SymmetricKey
15:56:26,008 INFO [STDOUT] ERRORE!!!!!!
15:56:26,008 INFO [STDOUT] com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
15:56:26,009 INFO [STDOUT] at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
15:56:26,009 INFO [STDOUT] at
org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:90)
15:56:26,009 INFO [STDOUT] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:56:26,009 INFO [STDOUT] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
15:56:26,009 INFO [STDOUT] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
15:56:26,009 INFO [STDOUT] at
java.lang.reflect.Method.invoke(Method.java:585)
15:56:26,009 INFO [STDOUT] at
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:124)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:82)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:100)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:68)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:56)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:92)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:208)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:77)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.transport.servlet.ServletDestination.doMessage(ServletDestination.java:79)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:264)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:123)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:170)
15:56:26,010 INFO [STDOUT] at
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:148)
15:56:26,011 INFO [STDOUT] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
15:56:26,011 INFO [STDOUT] at
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
15:56:26,011 INFO [STDOUT] at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
15:56:26,011 INFO [STDOUT] at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
15:56:26,011 INFO [STDOUT] at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
15:56:26,011 INFO [STDOUT] at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
15:56:26,012 INFO [STDOUT] at
org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
15:56:26,012 INFO [STDOUT] at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
15:56:26,012 INFO [STDOUT] at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
15:56:26,012 INFO [STDOUT] at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
15:56:26,012 INFO [STDOUT] at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
15:56:26,012 INFO [STDOUT] at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
15:56:26,012 INFO [STDOUT] at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
15:56:26,012 INFO [STDOUT] at java.lang.Thread.run(Thread.java:595)
15:56:26,012 INFO [STDOUT] Caused by: com.sun.xml.wss.XWSSecurityException:
Symmetric Key is null
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:489)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:419)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:131)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:421)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:81)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:251)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:849)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:801)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:242)
15:56:26,013 INFO [STDOUT] at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:134)
15:56:26,013 INFO [STDOUT] ... 40 more

Thx for any help
/Lorenzo

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p152...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Cencio

Cencio wrote:
>
> Still stuck with this issue...
> Verify config:
> > xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">
>
>
>
>

I tryed to change config in
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">

cid:*

And the error change into this

16:37:23,101 ERROR [STDERR] 1-feb-2008 16.37.23
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor processEncryptedData
GRAVE: WSS1201: Verification requirement cid:* is not supported when
EncryptedData is not included into a ReferenceList
16:37:23,102 ERROR [STDERR] 1-feb-2008 16.37.23
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor processEncryptedData
GRAVE: WSS1231.null.SymmetricKey
16:37:23,102 INFO [STDOUT] com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
16:37:23,102 INFO [STDOUT] at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
.....

If i ancrypt also the Body (and add it to the target of RequestEncrypt) the
error change again (notice the print i add to callback handlers...
DecryptionKeyCallback wasn't call before):

16:42:21,007 INFO [STDOUT] Callback called:
com.sun.xml.wss.impl.callback.DecryptionKeyCallback@8c0e89
16:42:21,076 ERROR [STDERR] 1-feb-2008 16.42.21
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor decryptReferenceList
GRAVE: WSS1238.failed.receiverReq.attachments
16:42:21,077 INFO [STDOUT] com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Receiver requirement cid:* is not
met,only 0 attachments out of 1 were encrypted
16:42:21,077 INFO [STDOUT] at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:136)
16:42:21,077 INFO [STDOUT] at
org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:101)
16:42:21,077 INFO [STDOUT] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
....
....

I'm really getting crazy with configs and error :)

Thx for any help
/Lorenzo
--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p152...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Cencio

Err.. well.. The message BEFORE the encoding don't have the
Content-Transfer-Encoding set:

------=_Part_0_17900022.1201697816920
Content-Type: text/xml; charset=utf-8

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

xmlns:tru="http://fabrikam123.com/payloads">QQQ

------=_Part_0_17900022.1201697816920
Content-Type: text/plain
Content-ID: asdfghjkl

provaContenutoprova
------=_Part_0_17900022.1201697816920--

and it appear after encryption.

If i remove that mime header the dencrypt don't works on attachment (the
dump show strange characters this time) then raise the "requirements not
met" error.

i show you again the source of my test:

public static void main(String[] args) throws Exception {
FileInputStream pdConfig = null;
FileInputStream paConfig = null;
try {
SOAPMessage request = MessageFactory.newInstance().createMessage();
SOAPBody body = request.getSOAPBody();
SOAPBodyElement sbe = body.addBodyElement(
SOAPFactory.newInstance().createName(
"StockSymbol",
"tru",
"http://fabrikam123.com/payloads"));
sbe.addTextNode("QQQ");

AttachmentPart ap = request.createAttachmentPart();
ap.setMimeHeader("Content-Type", "application/xml");
ap.setContent("provaContenutoprova", "text/plain");
ap.setContentId("asdfghjkl");
request.addAttachmentPart(ap);
//request.writeTo(System.out);

pdConfig = new java.io.FileInputStream(new
java.io.File("/etc/openspcoop/pd.properties"));
XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance();
XWSSProcessor pdprocessor =
factory.createProcessorForSecurityConfiguration(
pdConfig, new SecurityEnvironmentHandler("pd"));
pdConfig.close();
ProcessingContext pdcontext = new ProcessingContext();
pdcontext.setSOAPMessage(request);
//secure the message.
SOAPMessage encrypted = pdprocessor.secureOutboundMessage(pdcontext);

//((AttachmentPart)
encrypted.getAttachments().next()).removeMimeHeader("Content-Transfer-Encoding");

paConfig = new java.io.FileInputStream(new
java.io.File("/etc/openspcoop/pa.properties"));

ProcessingContext pacontext = new ProcessingContext();
XWSSProcessor paprocessor =
factory.createProcessorForSecurityConfiguration(
paConfig, new SecurityEnvironmentHandler("pa"));
paConfig.close();

pacontext.setSOAPMessage(encrypted);
SOAPMessage unsecureMsg = paprocessor.verifyInboundMessage(pacontext);

}
catch (Exception e) {
System.out.println("ERRORE!!!!!!");
e.printStackTrace(System.out);
}

}

Thx for ur help,
/Lorenzo

V B Kumar Jayanti wrote:
>
> Hi,
>
> I see that Content-Transfer-Encoding Mime Header is set in your
> attachment.
>
> Content-Transfer-Encoding: base64
>
>
> I am not sure we handle this. Basically we would have to first base64
> decode the bytes to obtain the encrypted attachment and then try to
> decrypt the result.
>
> So is there a way you can disable Content-Tranfer-Encoding (just to see
> if everything works fine then). And you can file an RFE at
> xwss.dev.java.net for handling Content-Transfer-Encoding. Going by that
> if you had signed the attachment then probably the verification of
> signature should fail as well. Can you confirm ?.
>
> regards,
> kumar
>
>

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p151...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Shyam Rao

Hi,

Following is your client/server configuration file. Right ? This
configuration is wrong. You should put RequireEncryption element in the
server config file, when "Encrypt" element is present in the client
config file and vice versa. Same thing for Signature. Please have a look
at the "Semantics of Security Configuration File Elements" in this link
(http://java.sun.com/webservices/docs/1.5/tutorial/doc/XWS-Security3.html...)

client config :
==================================================



{http://schemas.xmlsoap.org/soap/envelope/}Body
cid:*


==================================================

server config :
==================================================



==================================================

Thanks
-- Shyam

Cencio wrote:
> Err.. well.. The message BEFORE the encoding don't have the
> Content-Transfer-Encoding set:
>
> ------=_Part_0_17900022.1201697816920
> Content-Type: text/xml; charset=utf-8
>
> > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
>
>
>
> xmlns:tru="http://fabrikam123.com/payloads">QQQ >

>
> ------=_Part_0_17900022.1201697816920
> Content-Type: text/plain
> Content-ID: asdfghjkl
>
> provaContenutoprova
> ------=_Part_0_17900022.1201697816920--
>
> and it appear after encryption.
>
> If i remove that mime header the dencrypt don't works on attachment (the
> dump show strange characters this time) then raise the "requirements not
> met" error.
>
> i show you again the source of my test:
>
>
>
> public static void main(String[] args) throws Exception {
> FileInputStream pdConfig = null;
> FileInputStream paConfig = null;
> try {
> SOAPMessage request = MessageFactory.newInstance().createMessage();
> SOAPBody body = request.getSOAPBody();
> SOAPBodyElement sbe = body.addBodyElement(
> SOAPFactory.newInstance().createName(
> "StockSymbol",
> "tru",
> "http://fabrikam123.com/payloads"));
> sbe.addTextNode("QQQ");
>
> AttachmentPart ap = request.createAttachmentPart();
> ap.setMimeHeader("Content-Type", "application/xml");
> ap.setContent("provaContenutoprova", "text/plain");
> ap.setContentId("asdfghjkl");
> request.addAttachmentPart(ap);
> //request.writeTo(System.out);
>
> pdConfig = new java.io.FileInputStream(new
> java.io.File("/etc/openspcoop/pd.properties"));
> XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance();
> XWSSProcessor pdprocessor =
> factory.createProcessorForSecurityConfiguration(
> pdConfig, new SecurityEnvironmentHandler("pd"));
> pdConfig.close();
> ProcessingContext pdcontext = new ProcessingContext();
> pdcontext.setSOAPMessage(request);
> //secure the message.
> SOAPMessage encrypted = pdprocessor.secureOutboundMessage(pdcontext);
>
> //((AttachmentPart)
> encrypted.getAttachments().next()).removeMimeHeader("Content-Transfer-Encoding");
>
> paConfig = new java.io.FileInputStream(new
> java.io.File("/etc/openspcoop/pa.properties"));
>
> ProcessingContext pacontext = new ProcessingContext();
> XWSSProcessor paprocessor =
> factory.createProcessorForSecurityConfiguration(
> paConfig, new SecurityEnvironmentHandler("pa"));
> paConfig.close();
>
> pacontext.setSOAPMessage(encrypted);
> SOAPMessage unsecureMsg = paprocessor.verifyInboundMessage(pacontext);
>
> }
> catch (Exception e) {
> System.out.println("ERRORE!!!!!!");
> e.printStackTrace(System.out);
> }
>
> }
>
>
>
>
>
> Thx for ur help,
> /Lorenzo
>
>
>
>
>
>
>
>
> V B Kumar Jayanti wrote:
>
>> Hi,
>>
>> I see that Content-Transfer-Encoding Mime Header is set in your
>> attachment.
>>
>> Content-Transfer-Encoding: base64
>>
>>
>> I am not sure we handle this. Basically we would have to first base64
>> decode the bytes to obtain the encrypted attachment and then try to
>> decrypt the result.
>>
>> So is there a way you can disable Content-Tranfer-Encoding (just to see
>> if everything works fine then). And you can file an RFE at
>> xwss.dev.java.net for handling Content-Transfer-Encoding. Going by that
>> if you had signed the attachment then probably the verification of
>> signature should fail as well. Can you confirm ?.
>>
>> regards,
>> kumar
>>
>>
>>
>
>

[att1.html]

Cencio

Hi Shyam,

Those are my config file:
encrypt:

xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">


type="qname">{http://schemas.xmlsoap.org/soap/envelope/}Body
cid:*

decrypt:

xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" dumpMessages="true">

Anyway in the jwsdp 2.0 SwA samples i found this for the decrypt:




There isn't the RequireEncrypt... i assume that works (can't verify..)

thx again,
/Lorenzo

Shyam Rao wrote:
>
> Hi,
>
> Following is your client/server configuration file. Right ? This
> configuration is wrong. You should put RequireEncryption element in the
> server config file, when "Encrypt" element is present in the client
> config file and vice versa. Same thing for Signature. Please have a look
> at the "Semantics of Security Configuration File Elements" in this link
> (http://java.sun.com/webservices/docs/1.5/tutorial/doc/XWS-Security3.html...)
>
> client config :
> ==================================================
> > xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>
>
>
> {http://schemas.xmlsoap.org/soap/envelope/}Body

> cid:*
>

>

> ==================================================
>
> server config :
> ==================================================
> > xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>
>

> ==================================================
>
> Thanks
> -- Shyam
>
> Cencio wrote:
>> Err.. well.. The message BEFORE the encoding don't have the
>> Content-Transfer-Encoding set:
>>
>> ------=_Part_0_17900022.1201697816920
>> Content-Type: text/xml; charset=utf-8
>>
>> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
>>
>>
>>
>> xmlns:tru="http://fabrikam123.com/payloads">QQQ >>

>>
>> ------=_Part_0_17900022.1201697816920
>> Content-Type: text/plain
>> Content-ID: asdfghjkl
>>
>> provaContenutoprova
>> ------=_Part_0_17900022.1201697816920--
>>
>> and it appear after encryption.
>>
>> If i remove that mime header the dencrypt don't works on attachment (the
>> dump show strange characters this time) then raise the "requirements not
>> met" error.
>>
>> i show you again the source of my test:
>>
>>
>>
>> public static void main(String[] args) throws Exception {
>> FileInputStream pdConfig = null;
>> FileInputStream paConfig = null;
>> try {
>> SOAPMessage request = MessageFactory.newInstance().createMessage();
>> SOAPBody body = request.getSOAPBody();
>> SOAPBodyElement sbe = body.addBodyElement(
>> SOAPFactory.newInstance().createName(
>> "StockSymbol",
>> "tru",
>> "http://fabrikam123.com/payloads"));
>> sbe.addTextNode("QQQ");
>>
>> AttachmentPart ap = request.createAttachmentPart();
>> ap.setMimeHeader("Content-Type", "application/xml");
>> ap.setContent("provaContenutoprova", "text/plain");
>> ap.setContentId("asdfghjkl");
>> request.addAttachmentPart(ap);
>> //request.writeTo(System.out);
>>
>> pdConfig = new java.io.FileInputStream(new
>> java.io.File("/etc/openspcoop/pd.properties"));
>> XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance();
>> XWSSProcessor pdprocessor =
>> factory.createProcessorForSecurityConfiguration(
>> pdConfig, new SecurityEnvironmentHandler("pd"));
>> pdConfig.close();
>> ProcessingContext pdcontext = new ProcessingContext();
>> pdcontext.setSOAPMessage(request);
>> //secure the message.
>> SOAPMessage encrypted = pdprocessor.secureOutboundMessage(pdcontext);
>>
>> //((AttachmentPart)
>> encrypted.getAttachments().next()).removeMimeHeader("Content-Transfer-Encoding");
>>
>> paConfig = new java.io.FileInputStream(new
>> java.io.File("/etc/openspcoop/pa.properties"));
>>
>> ProcessingContext pacontext = new ProcessingContext();
>> XWSSProcessor paprocessor =
>> factory.createProcessorForSecurityConfiguration(
>> paConfig, new SecurityEnvironmentHandler("pa"));
>> paConfig.close();
>>
>> pacontext.setSOAPMessage(encrypted);
>> SOAPMessage unsecureMsg = paprocessor.verifyInboundMessage(pacontext);
>>
>> }
>> catch (Exception e) {
>> System.out.println("ERRORE!!!!!!");
>> e.printStackTrace(System.out);
>> }
>>
>> }
>>
>>
>>
>>
>>
>> Thx for ur help,
>> /Lorenzo
>>
>>
>>
>>
>>
>>
>>
>>
>> V B Kumar Jayanti wrote:
>>
>>> Hi,
>>>
>>> I see that Content-Transfer-Encoding Mime Header is set in your
>>> attachment.
>>>
>>> Content-Transfer-Encoding: base64
>>>
>>>
>>> I am not sure we handle this. Basically we would have to first base64
>>> decode the bytes to obtain the encrypted attachment and then try to
>>> decrypt the result.
>>>
>>> So is there a way you can disable Content-Tranfer-Encoding (just to see
>>> if everything works fine then). And you can file an RFE at
>>> xwss.dev.java.net for handling Content-Transfer-Encoding. Going by that
>>> if you had signed the attachment then probably the verification of
>>> signature should fail as well. Can you confirm ?.
>>>
>>> regards,
>>> kumar
>>>
>>>
>>>
>>
>>
>
>
>

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p151...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

V B Kumar Jayanti

We do have Attachment Tests that pass. Are you using XWSS 2.0 or 3.0
?. Can you set DumpMessages=true and try and see if the message was
generated correctly in the first place ?.

Would it be possible to provide us a reproducable testcase. If so
please do, otherwise i will try to make a sample of my own.

Thanks.

Cencio wrote:

>Hi all,
>
>I'm trying to encrypt/decrypt a soap message with attachments with
>xwss using them as api.
>
>I try doing it to the soap:body and it works.
>
>If i try to do also to attachments i have some problems.
>
>Encrypt works, but when i decrypt it gives me an exception..
>It first call
>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>then
>com.sun.xml.wss.impl.callback.DecryptionKeyCallback$X509CertificateBasedRequest
>
>and both find the keys but it gives
>
>com.sun.xml.wss.XWSSecurityException:
>com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
> at
>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:146)
> at
>org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:82)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
>....
>....
>Caused by: com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:514)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:468)
> at
>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:150)
>
>
>
>If i try to encrypt only attachments it calls only
>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>then raise the same exception.
>
>Seems that it don't call the DecryptionKeyCallback for the attachments..
>
>This is the config for client:
>
> >xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>
>
> {http://schemas.xmlsoap.org/soap/
>envelope/}Body

>cid:*
>

>

>
>
>This is the config for server:
>
> >xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>
>
>

>
>
>Any suggestion?
>
>Thx!
>/Lorenzo
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Cencio

I'm tryed both 2.0 and 3.0 with same results.

i use some CXF api, so i try with only metro's api and now i get another
error:

29-gen-2008 13.45.06 com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor
processEncryptedKey
GRAVE: Error occurred while decrypting
java.lang.NullPointerException
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:453)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:292)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:213)
at
com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:116)
at
com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:210)
at
com.sun.xml.wss.impl.SecurityRecipient.pProcessOnce(SecurityRecipient.java:1034)
at
com.sun.xml.wss.impl.SecurityRecipient.pProcess(SecurityRecipient.java:1101)
at
com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:724)
at
com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:216)
at
com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:113)
at
test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)

i saw that the reference is but it
should be cid:testCid ... that may cause the null pointer??

This is the code:

FileInputStream pdConfig = null;
FileInputStream paConfig = null;
//request.removeAllAttachments();
try {
SOAPMessage request =
MessageFactory.newInstance().createMessage();
SOAPBody body = request.getSOAPBody();
SOAPBodyElement sbe = body.addBodyElement(
SOAPFactory.newInstance().createName(
"StockSymbol",
"tru",
"http://fabrikam123.com/payloads"));
sbe.addTextNode("QQQ");
AttachmentPart ap = request.createAttachmentPart();
ap.setMimeHeader("Content-Type", "application/xml");
ap.setContent("provaContenutoprova", "text/plain");
ap.setContentId("testId");
request.addAttachmentPart(ap);

pdConfig = new java.io.FileInputStream(new

java.io.File("/etc/openspcoop/pd.properties"));

XWSSProcessorFactory factory =
XWSSProcessorFactory.newInstance();

XWSSProcessor pdprocessor =

factory.createProcessorForSecurityConfiguration(
pdConfig, new
SecurityEnvironmentHandler("pd"));
pdConfig.close();
ProcessingContext pdcontext = new
ProcessingContext();
pdcontext.setSOAPMessage(request);

//secure the message.
SOAPMessage encrypted =
pdprocessor.secureOutboundMessage(pdcontext);

paConfig = new java.io.FileInputStream(new

java.io.File("/etc/openspcoop/pa.properties"));

ProcessingContext pacontext = new
ProcessingContext();
XWSSProcessor paprocessor =

factory.createProcessorForSecurityConfiguration(
paConfig, new
SecurityEnvironmentHandlerSwA());
paConfig.close();

pacontext.setSOAPMessage(encrypted);

SOAPMessage unsecureMsg =
paprocessor.verifyInboundMessage(pacontext);

unsecureMsg.writeTo(System.out);

thx
/Lorenzo

V B Kumar Jayanti wrote:
>
> We do have Attachment Tests that pass. Are you using XWSS 2.0 or 3.0
> ?. Can you set DumpMessages=true and try and see if the message was
> generated correctly in the first place ?.
>
> Would it be possible to provide us a reproducable testcase. If so
> please do, otherwise i will try to make a sample of my own.
>
> Thanks.
>
> Cencio wrote:
>
>>Hi all,
>>
>>I'm trying to encrypt/decrypt a soap message with attachments with
>>xwss using them as api.
>>
>>I try doing it to the soap:body and it works.
>>
>>If i try to do also to attachments i have some problems.
>>
>>Encrypt works, but when i decrypt it gives me an exception..
>>It first call
>>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>then
>>com.sun.xml.wss.impl.callback.DecryptionKeyCallback$X509CertificateBasedRequest
>>
>>and both find the keys but it gives
>>
>>com.sun.xml.wss.XWSSecurityException:
>>com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>> at
>>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:146)
>> at
>>org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:82)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>>....
>>....
>>Caused by: com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>> at
>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:514)
>> at
>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:468)
>> at
>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:150)
>>
>>
>>
>>If i try to encrypt only attachments it calls only
>>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>then raise the same exception.
>>
>>Seems that it don't call the DecryptionKeyCallback for the attachments..
>>
>>This is the config for client:
>>
>> >>xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>
>>
>> {http://schemas.xmlsoap.org/soap/
>>envelope/}Body

>>cid:*
>>

>>

>>
>>
>>This is the config for server:
>>
>> >>xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>
>>
>>

>>
>>
>>Any suggestion?
>>
>>Thx!
>>/Lorenzo
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
> For additional commands, e-mail: users-help@metro.dev.java.net
>
>
>

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p151...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Cencio

I found an old thread that talk about this issue (wrong reference id and null
pointer exception..) but it's not resolved..

any idea?

Thx,
Lorenzo

Cencio wrote:
>
> I'm tryed both 2.0 and 3.0 with same results.
>
> i use some CXF api, so i try with only metro's api and now i get another
> error:
>
> 29-gen-2008 13.45.06 com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor
> processEncryptedKey
> GRAVE: Error occurred while decrypting
> java.lang.NullPointerException
> at
> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:453)
> at
> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:292)
> at
> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:213)
> at
> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:116)
> at
> com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:210)
> at
> com.sun.xml.wss.impl.SecurityRecipient.pProcessOnce(SecurityRecipient.java:1034)
> at
> com.sun.xml.wss.impl.SecurityRecipient.pProcess(SecurityRecipient.java:1101)
> at
> com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:724)
> at
> com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:216)
> at
> com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:113)
> at
> test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
>
>
>
> i saw that the reference is but it
> should be cid:testCid ... that may cause the null pointer??
>
> This is the code:
>
> FileInputStream pdConfig = null;
> FileInputStream paConfig = null;
> //request.removeAllAttachments();
> try {
> SOAPMessage request =
> MessageFactory.newInstance().createMessage();
> SOAPBody body = request.getSOAPBody();
> SOAPBodyElement sbe = body.addBodyElement(
> SOAPFactory.newInstance().createName(
> "StockSymbol",
> "tru",
> "http://fabrikam123.com/payloads"));
> sbe.addTextNode("QQQ");
> AttachmentPart ap =
> request.createAttachmentPart();
> ap.setMimeHeader("Content-Type",
> "application/xml");
> ap.setContent("provaContenutoprova",
> "text/plain");
> ap.setContentId("testId");
> request.addAttachmentPart(ap);
>
> pdConfig = new java.io.FileInputStream(new
>
> java.io.File("/etc/openspcoop/pd.properties"));
>
> XWSSProcessorFactory factory =
> XWSSProcessorFactory.newInstance();
>
> XWSSProcessor pdprocessor =
>
> factory.createProcessorForSecurityConfiguration(
> pdConfig, new
> SecurityEnvironmentHandler("pd"));
> pdConfig.close();
> ProcessingContext pdcontext = new
> ProcessingContext();
> pdcontext.setSOAPMessage(request);
>
> //secure the message.
> SOAPMessage encrypted =
> pdprocessor.secureOutboundMessage(pdcontext);
>
> paConfig = new java.io.FileInputStream(new
>
> java.io.File("/etc/openspcoop/pa.properties"));
>
> ProcessingContext pacontext = new
> ProcessingContext();
> XWSSProcessor paprocessor =
>
> factory.createProcessorForSecurityConfiguration(
> paConfig, new
> SecurityEnvironmentHandlerSwA());
> paConfig.close();
>
>
> pacontext.setSOAPMessage(encrypted);
>
> SOAPMessage unsecureMsg =
> paprocessor.verifyInboundMessage(pacontext);
>
> unsecureMsg.writeTo(System.out);
>
> thx
> /Lorenzo
>
>
>
>
>
>
>
>
> V B Kumar Jayanti wrote:
>>
>> We do have Attachment Tests that pass. Are you using XWSS 2.0 or 3.0
>> ?. Can you set DumpMessages=true and try and see if the message was
>> generated correctly in the first place ?.
>>
>> Would it be possible to provide us a reproducable testcase. If so
>> please do, otherwise i will try to make a sample of my own.
>>
>> Thanks.
>>
>> Cencio wrote:
>>
>>>Hi all,
>>>
>>>I'm trying to encrypt/decrypt a soap message with attachments with
>>>xwss using them as api.
>>>
>>>I try doing it to the soap:body and it works.
>>>
>>>If i try to do also to attachments i have some problems.
>>>
>>>Encrypt works, but when i decrypt it gives me an exception..
>>>It first call
>>>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>>then
>>>com.sun.xml.wss.impl.callback.DecryptionKeyCallback$X509CertificateBasedRequest
>>>
>>>and both find the keys but it gives
>>>
>>>com.sun.xml.wss.XWSSecurityException:
>>>com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>>> at
>>>com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:146)
>>> at
>>>org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:82)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>>>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>....
>>>....
>>>Caused by: com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>>> at
>>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:514)
>>> at
>>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:468)
>>> at
>>>com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:150)
>>>
>>>
>>>
>>>If i try to encrypt only attachments it calls only
>>>com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>>then raise the same exception.
>>>
>>>Seems that it don't call the DecryptionKeyCallback for the attachments..
>>>
>>>This is the config for client:
>>>
>>> >>>xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>>
>>>
>>> {http://schemas.xmlsoap.org/soap/
>>>envelope/}Body

>>>cid:*
>>>

>>>

>>>
>>>
>>>This is the config for server:
>>>
>>> >>>xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>>
>>>
>>>

>>>
>>>
>>>Any suggestion?
>>>
>>>Thx!
>>>/Lorenzo
>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
>> For additional commands, e-mail: users-help@metro.dev.java.net
>>
>>
>>
>
>

--
View this message in context: http://www.nabble.com/-XWSS--Encrypt-attachments-problems-tp15157718p151...
Sent from the Metro - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
For additional commands, e-mail: users-help@metro.dev.java.net

Shyam Rao

Can you give a link of this old thread ? Are you using latest xwss2.0
or xwss3.0 build from https://xwss.dev.java.net ? I remember, i fixed
this issue a long back (
https://xwss.dev.java.net/issues/show_bug.cgi?id=17).

Please verify it once with latest xwss build and let me know if you
still see this issue.

Thanks
-- Shyam

Cencio wrote:
> I found an old thread that talk about this issue (wrong reference id and null
> pointer exception..) but it's not resolved..
>
> any idea?
>
> Thx,
> Lorenzo
>
>
>
>
> Cencio wrote:
>
>> I'm tryed both 2.0 and 3.0 with same results.
>>
>> i use some CXF api, so i try with only metro's api and now i get another
>> error:
>>
>> 29-gen-2008 13.45.06 com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor
>> processEncryptedKey
>> GRAVE: Error occurred while decrypting
>> java.lang.NullPointerException
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:453)
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptReferenceList(DecryptionProcessor.java:292)
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedKey(DecryptionProcessor.java:213)
>> at
>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:116)
>> at
>> com.sun.xml.wss.impl.filter.EncryptionFilter.process(EncryptionFilter.java:210)
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.pProcessOnce(SecurityRecipient.java:1034)
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.pProcess(SecurityRecipient.java:1101)
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:724)
>> at
>> com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:216)
>> at
>> com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:113)
>> at
>> test.RicezioneContenutiApplicativiWS.main(RicezioneContenutiApplicativiWS.java:87)
>>
>>
>>
>> i saw that the reference is but it
>> should be cid:testCid ... that may cause the null pointer??
>>
>> This is the code:
>>
>> FileInputStream pdConfig = null;
>> FileInputStream paConfig = null;
>> //request.removeAllAttachments();
>> try {
>> SOAPMessage request =
>> MessageFactory.newInstance().createMessage();
>> SOAPBody body = request.getSOAPBody();
>> SOAPBodyElement sbe = body.addBodyElement(
>> SOAPFactory.newInstance().createName(
>> "StockSymbol",
>> "tru",
>> "http://fabrikam123.com/payloads"));
>> sbe.addTextNode("QQQ");
>> AttachmentPart ap =
>> request.createAttachmentPart();
>> ap.setMimeHeader("Content-Type",
>> "application/xml");
>> ap.setContent("provaContenutoprova",
>> "text/plain");
>> ap.setContentId("testId");
>> request.addAttachmentPart(ap);
>>
>> pdConfig = new java.io.FileInputStream(new
>>
>> java.io.File("/etc/openspcoop/pd.properties"));
>>
>> XWSSProcessorFactory factory =
>> XWSSProcessorFactory.newInstance();
>>
>> XWSSProcessor pdprocessor =
>>
>> factory.createProcessorForSecurityConfiguration(
>> pdConfig, new
>> SecurityEnvironmentHandler("pd"));
>> pdConfig.close();
>> ProcessingContext pdcontext = new
>> ProcessingContext();
>> pdcontext.setSOAPMessage(request);
>>
>> //secure the message.
>> SOAPMessage encrypted =
>> pdprocessor.secureOutboundMessage(pdcontext);
>>
>> paConfig = new java.io.FileInputStream(new
>>
>> java.io.File("/etc/openspcoop/pa.properties"));
>>
>> ProcessingContext pacontext = new
>> ProcessingContext();
>> XWSSProcessor paprocessor =
>>
>> factory.createProcessorForSecurityConfiguration(
>> paConfig, new
>> SecurityEnvironmentHandlerSwA());
>> paConfig.close();
>>
>>
>> pacontext.setSOAPMessage(encrypted);
>>
>> SOAPMessage unsecureMsg =
>> paprocessor.verifyInboundMessage(pacontext);
>>
>> unsecureMsg.writeTo(System.out);
>>
>> thx
>> /Lorenzo
>>
>>
>>
>>
>>
>>
>>
>>
>> V B Kumar Jayanti wrote:
>>
>>> We do have Attachment Tests that pass. Are you using XWSS 2.0 or 3.0
>>> ?. Can you set DumpMessages=true and try and see if the message was
>>> generated correctly in the first place ?.
>>>
>>> Would it be possible to provide us a reproducable testcase. If so
>>> please do, otherwise i will try to make a sample of my own.
>>>
>>> Thanks.
>>>
>>> Cencio wrote:
>>>
>>>
>>>> Hi all,
>>>>
>>>> I'm trying to encrypt/decrypt a soap message with attachments with
>>>> xwss using them as api.
>>>>
>>>> I try doing it to the soap:body and it works.
>>>>
>>>> If i try to do also to attachments i have some problems.
>>>>
>>>> Encrypt works, but when i decrypt it gives me an exception..
>>>> It first call
>>>> com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>>> then
>>>> com.sun.xml.wss.impl.callback.DecryptionKeyCallback$X509CertificateBasedRequest
>>>>
>>>> and both find the keys but it gives
>>>>
>>>> com.sun.xml.wss.XWSSecurityException:
>>>> com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>>>> at
>>>> com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:146)
>>>> at
>>>> org.openspcoop.pdd.services.RicezioneContenutiApplicativiWS.invoke(RicezioneContenutiApplicativiWS.java:82)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>> ....
>>>> ....
>>>> Caused by: com.sun.xml.wss.XWSSecurityException: Symmetric Key is null
>>>> at
>>>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:514)
>>>> at
>>>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.processEncryptedData(DecryptionProcessor.java:468)
>>>> at
>>>> com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decrypt(DecryptionProcessor.java:150)
>>>>
>>>>
>>>>
>>>> If i try to encrypt only attachments it calls only
>>>> com.sun.xml.wss.impl.callback.SignatureKeyCallback$DefaultPrivKeyCertRequest
>>>> then raise the same exception.
>>>>
>>>> Seems that it don't call the DecryptionKeyCallback for the attachments..
>>>>
>>>> This is the config for client:
>>>>
>>>> >>>> xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>>>
>>>>
>>>> {http://schemas.xmlsoap.org/soap/
>>>> envelope/}Body

>>>> cid:*
>>>>

>>>>

>>>>
>>>>
>>>> This is the config for server:
>>>>
>>>> >>>> xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
>>>>
>>>>
>>>>

>>>>
>>>>
>>>> Any suggestion?
>>>>
>>>> Thx!
>>>> /Lorenzo
>>>>
>>>>
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@metro.dev.java.net
>>> For additional commands, e-mail: users-help@metro.dev.java.net
>>>
>>>
>>>
>>>
>>
>
>

[att1.html]