Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-2963

Signature coverage of signed XML Encryption elements created using standard WSS4J elements cannot be verified with WS-SP configuration or the CryptoCoverageChecker

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.2.10, 2.3
    • 2.3, 2.2.11
    • WS-* Components
    • None

    Description

      When using manual configuration of WSS4J on the client outbound interceptor chain, the resulting message contains extraneous Id attributes on the signed XML Encryption elements. The signature is computed using a different attribute value than that reported by the encryption results from WSS4J on the server side.

      For instance, the following signed element is referenced in different ways:

      <xenc:EncryptedData xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-659" Type="http://www.w3.org/2001/04/xmlenc#Element" wsu:Id="id-663">

      Signature: <ds:Reference URI="#id-663">
      Encryption: <xenc:DataReference URI="#EncDataId-659" />

      The extra ID invalidates the XML Encryption schema and troubles the logic that determines signed encrypted content.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. WSS-242 Signing EncryptedData or EncryptedKey elements creates extraneous Id attributes

          • Major - Major loss of function.
          • Closed

          Activity

            People

              davaleri David Valeri
              davaleri David Valeri
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: