'[jira] [Updated] (WSS-475) Issue with multiple processing of ReferenceList in EncryptedKey element'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-dev
Subject:    [jira] [Updated] (WSS-475) Issue with multiple processing of ReferenceList in EncryptedKey element
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2013-08-16 15:48:48
Message-ID: JIRA.12663451.1376411699406.80770.1376668128331 () arcas
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh updated WSS-475:
------------------------------------

    Fix Version/s: 1.6.12
    
> Issue with multiple processing of ReferenceList in EncryptedKey element
> -----------------------------------------------------------------------
> 
> Key: WSS-475
> URL: https://issues.apache.org/jira/browse/WSS-475
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.6.9
> Reporter: Alessio Soldano
> Assignee: Colm O hEigeartaigh
> Fix For: 1.6.12
> 
> 
> I have an incoming request message looking as follows:
> {noformat}
> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" \
>                 soap:mustUnderstand="1">
> ...
> <wsse:BinarySecurityToken \
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" \
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" \
> wsu:Id="BST-23456">...</wsse:BinarySecurityToken> <dsig:Signature \
>                 xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="XSIG-7896">
> ...
> <dsig:KeyInfo>
> <wsse:SecurityTokenReference>
> <wsse:Reference URI="#EK-ABCDE" \
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
>  </wsse:SecurityTokenReference>
> </dsig:KeyInfo>
> </dsig:Signature>
> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
> ...
> </dsig:Signature>
> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-ABCDE">
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
> <dsig:DigestMethod xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" \
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </xenc:EncryptionMethod>
> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference \
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
> wsu:Id="STR-8901"> <wsse:KeyIdentifier \
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" \
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">...</wsse:KeyIdentifier>
>  </wsse:SecurityTokenReference>
> </dsig:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue xmlns:xmime="http://www.w3.org/2005/05/xmlmime" \
> xmime:contentType="application/octet-stream">...</xenc:CipherValue> \
> </xenc:CipherData> <xenc:ReferenceList>
> <xenc:DataReference URI="#_REF123"/>
> </xenc:ReferenceList>
> </xenc:EncryptedKey>
> </wsse:Security>
> </soap:Header>
> <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" \
> wsu:Id="Body-5678"> <xenc:EncryptedData \
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" \
> Type="http://www.w3.org/2001/04/xmlenc#Content" Id="_REF123"> \
> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> \
> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> \
> <wsse:SecurityTokenReference \
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
>  <wsse:Reference URI="#EK-ABCDE" \
> ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"/>
>  </wsse:SecurityTokenReference>
> </dsig:KeyInfo>
> <xenc:CipherData>
> <xenc:CipherValue xmlns:xmime="http://www.w3.org/2005/05/xmlmime" \
> xmime:contentType="application/octet-stream">...</xenc:CipherValue> \
> </xenc:CipherData> </xenc:EncryptedData>
> </soapenv:Body>
> </soapenv:Envelope>
> {noformat}
> WSS4J fails on processing this as the ReferenceList within the EncryptedKey is \
> processed twice (the first time when dealing with XSIG-7896 Signature element and \
> the second time when actually dealing with the EncryptedKey element). The second \
> time the ReferenceList is processed, the reference to Id="_REF123" can't be \
> resolved, as the EncryptedData has likely been decrypted in the previous pass.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic