Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-5381

SAAJStreamWriter transforms DigestValue of custom signature

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7.7
    • Fix Version/s: 2.7.8, 2.6.11
    • Component/s: Core
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      I observe strange effect by processing custom signature in service inbound chain. End exception is: "Caused by: org.apache.xml.security.exceptions.Base64DecodingException: Error while decoding".

      After a bit analyze I found that DigestValue of Signature is concatinated with DigestValue of another signature and therefore cannot be proceed by xml security (santuario).

      Additional debugging shows that signature is broken by StaxUtils.copy(node, new SAAJStreamWriter(part)); in SAAJInInterceptor.
      Value in node is still correct, but value in SOAPMessage is broken.

      I attach a small project to illustrate the issue. Run mvn clean test for the project and compare DigestValue of Signature SIG-7D02FBC5A7AED81312138383830534822 in original request.xml and in output.

        Attachments

        1. request.xml
          19 kB
          Andrei Shakirin
        2. request-transformed.xml
          17 kB
          Andrei Shakirin
        3. saaj_test.zip
          11 kB
          Andrei Shakirin

          Activity

            People

            • Assignee:
              dkulp Daniel Kulp
              Reporter:
              ashakirin Andrei Shakirin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: