Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
Unknown
Description
If there is no EncryptedKey can be used,try the key directly to decrypt message as fallback
As both message
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/><xenc:CipherData><xenc:CipherValue>/5nDlLI7jrETNrNG/5Nsw3qB9dSnZVwyj5OZZsUvZaHb/8oIayoMeg==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>yP17O2otQdraY+W42w8i8U/pQQac1g84vWaGWqbS1tgCduFfjhnIz2ZqbFJ6n7Ow1cIeF5HyAoHRGaoDd4gbVw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
<xenc:EncryptedData Id="StaticKeyEncryption"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"> <KeySize>168</KeySize> </xenc:EncryptionMethod> <ds:KeyInfo> <ds:KeyName>mykey</ds:KeyName> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>yP17O2otQdraY+W42w8i8U/pQQac1g84vWaGWqbS1tgCduFfjhnIz2ZqbFJ6n7Ow1cIeF5HyAoHRGaoDd4gbVw==</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData>
are valid per the spec.
Currently camel-xmlsecurity can handle the first case but not the second