Signature coverage of signed XML Encryption elements created using standard
WSS4J elements cannot be verified with WS-SP configuration or the
CryptoCoverageChecker
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: CXF-2963
URL: https://issues.apache.org/jira/browse/CXF-2963
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 2.2.10, 2.3
Reporter: David Valeri
Priority: Minor
When using manual configuration of WSS4J on the client outbound interceptor
chain, the resulting message contains extraneous Id attributes on the signed
XML Encryption elements. The signature is computed using a different attribute
value than that reported by the encryption results from WSS4J on the server
side.
For instance, the following signed element is referenced in different ways:
<xenc:EncryptedData
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Id="EncDataId-659"
Type="http://www.w3.org/2001/04/xmlenc#Element"; wsu:Id="id-663">
Signature: <ds:Reference URI="#id-663">
Encryption: <xenc:DataReference URI="#EncDataId-659" />
The extra ID invalidates the XML Encryption schema and troubles the logic that
determines signed encrypted content.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
