[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: Re: Decryption of a complex Axis2 SOAP message fails in WSS4J/XmlSec
From: "Ruchith Fernando" <ruchith.fernando () gmail ! com>
Date: 2006-05-23 20:40:17
Message-ID: 559c463d0605231328m1ec4592aq50cc03d2b70cc697 () mail ! gmail ! com
[Download RAW message or body]
Werner,
Yes ... we do have the problem you mentioned in the case of "Signarureafter \
Encryption" but ... this case we are trying is Encrypt _after_Signature (actions - \
"Timestamp Signature Encrypt" ). This is provento work with MTOM and we have two test \
cases and the security samplein axis2 to test this scenario. :-) I was able to \
reproduce the problem stated in the original mail with aslightly larger payload being \
encrypted. The problem seems to be with creating the base64 content from thebinary \
content of the MTOM optmized msg only when the binary contentis slightly large. I \
will look in to this more in the next few days. Thanks,Ruchith
On 5/24/06, Werner Dittmann <Werner.Dittmann@t-online.de> wrote:> Roy, Ruchith,>> as \
far as I can remember the problem occured if the optimization> was together with \
base64 encoded strings and if the signature> was after encryption.>> The encryption \
produces a bas64 encoded string with _no_ line break,> this was then signed. MTOM \
converts is back into binary to save> bandwidth. The receiver coverts it back into \
base64 but now inserts> line breaks - this modification now breaks the Signature \
because> of the added line breaks. This I meant with: MTOM optimization cannt> \
reliably restore base64 strings because MTOM optimization always inserts> line breaks \
at position 72 AFAIK. In normal cases this is not a problem> but if the base64 string \
was signed then this could be disastrous for> the Signature.>> Regards,> Werner>> \
Ruchith Fernando wrote:> > Hi Roy,> >> > Thanks a lot for the feedback ... seems like \
a bug in MTOM with> > _large_ base64 text.> >> > I'm trying to reproduce your \
scenario ... I just checked the security> > sample with the similar configuration \
(added wsa headers as parts to> > be signed) and it worked with out a problem _with_ \
MTOM optimization> > (both ways).> >> > I will try with more complex/larger encrypted \
response.> >> > Thanks,> > Ruchith> >> > On 5/22/06, Reshef Roy \
<roy_reshef@yahoo.com> wrote:> >>> >> Ruchith, Werner.> >>> >> Werner was right! I \
have switched off MTOM> >> optimization in the services.xml (service->client> >> \
message), and it works without problems. I did leave> >> MTOM optimization on the \
client Axis2 repository> >> configuration (client->service), this is also not a> >> \
problem (the client->service messages - I have two> >> operations - are small and \
have a rather "flat" XML> >> structure).> >>> >> If you need any more information, \
please let me know.> >>> >> Thanks again,> >>> >> / Roy> >>> >>> >> the --- Reshef \
Roy <roy_reshef@yahoo.com> wrote:> >>> >> >> >> > Ruchith, Werner.> >> >> >> > Thanks \
for your (again, fast :) replies.> >> > Unfortunately I was already celebrating the \
weekend> >> > when I read them :) Monday morning (CET, I'm in> >> > Holland), I'll \
turn off the MTOM optimization and> >> > see> >> > where it leads. I'll post the \
results of course.> >> >> >> > As for thoughts: what Werner says does make some> >> > \
sense> >> > to me. I do not know the MTOM optimization mechanism> >> > but the \
client->service SOAP message (see my> >> > original> >> > post, here it's truncated \
already) is rather small.> >> > It> >> > includes actually the identification of the \
action> >> > and> >> > one or two parameters only.> >> > The service->client message \
is much larger and> >> > depends> >> > on the exact data one is querying for (the \
entities> >> > we> >> > ask for have children entities and the message can> >> > \
include these ones as well).> >> > Again, I am not familiar with the MTOM \
optimization> >> > algorithm but if it resembles other encoding and> >> > compression \
algorithms I do know, maybe it is more> >> > "forgiving" for small amounts of data; \
or for a a> >> > less> >> > complex XML strructure?> >> >> >> > When Brian complained \
about it in March he also> >> > complained about sending a complex XML document.> >> \
> Like> >> > him, my original message also included in the first> >> > place as a \
> CDATA an embedded XML document (generated> >> > by a POJO object) but I have \
> removed that and now I> >> > only work with AXIOM to generate the SOAP message.> >> \
> >> >> > Friday at midnight I don't have any brighter ideas,> >> > more will follow \
> > > > > > Monday :)> >> >> >> > Nice weekend,> >> >> >> > / Roy> >> >> >> > --- \
> > > > > > Ruchith Fernando <ruchith.fernando@gmail.com>> >> > wrote:> >> >> >> > > \
> > > > > > Werner, Roy,> >> > >> >> > > Yes ... I think can give it a try by turning \
> > > > > > off> >> > > MTOM optimization ...> >> > > however the thing that troubles \
> > > > > > me is that the> >> > > client -> service> >> > > configuration seems to \
> > > > > > be the same as service> >> > > ->client config and it> >> > > (client -> \
> > > > > > service) worked with MTOM optimization,> >> > > where is seems to> >> > > \
> > > > > > be replacing the binary content properly to be> >> > > decrypted at the> \
> > > > > > >> > > service.> >> > >> >> > > Thoughts??> >> > >> >> > > Thanks,> >> > \
> > > > > > > > > > > Ruchith> >> > >> >> > > On 5/19/06, Dittmann, Werner> >> > > \
> > > > > > > > > > > <werner.dittmann@siemens.com> wrote:> >> > > > Roy,> >> > > >> \
> > > > > > > > > > > >> > > > Axis2 has a feature that optimizes transmission> >> > \
> > > > > > > > > > > > > > > > of> >> > > binary> >> > > > data, AFAIK it convert \
> > > > > > > > > > > > > > > > base64 into real binary> >> > and> >> > > send it> >> \
> > > > > > > > > > > > > > > > > > > over the wire. That save some bandwith. The> >> \
> > > > > > > > > > > > > > > > > > > > > problem is that> >> > > > the receiver \
> > > > > > > > > > > > > > > > > > > > > cannot restore the base64 from the> >> > > \
> > > > > > > > > > > > > > > > > > > > > binary in> >> > > > exactly the same way as \
> > > > > > > > > > > > > > > > > > > > > it was. Thus decryption> >> > > and also> \
> > > > > > > > > > > > > > > > > > > > > >> > > > signatuire processing have \
> > > > > > > > > > > > > > > > > > > > > > > > > > problems.> >> > > >> >> > > > You \
> > > > > > > > > > > > > > > > > > > > > > > > > > may switch off this optimization \
> > > > > > > > > > > > > > > > > > > > > > > > > > an try> >> > again,> >> > > > no \
> > > > > > > > > > > > > > > > > > > > > > > > > > "optimizeParts" parameter.> >> > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > >> >> > > > Regards,> >> > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Werner> >> > > >> \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic