[
https://issues.apache.org/jira/browse/CXF-5983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-5983.
--------------------------------------
Resolution: Fixed
> Security processing failed (actions mismatch) occurs due to ENCR action
> appearing twice
> ---------------------------------------------------------------------------------------
>
> Key: CXF-5983
> URL: https://issues.apache.org/jira/browse/CXF-5983
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 2.7.11
> Environment: Windows 7
> Windows Vista
> Reporter: Ben Preston
> Assignee: Colm O hEigeartaigh
> Fix For: 3.0.2, 3.1.0
>
> Attachments: MismatchResponse.xml
>
>
> I am receiving a response from a server which has the following actions:
> Timestamp Encrypt Signature.
> However when the response hits the inbound interceptor (WSS4JInInterceptor)
> it is throwing the following exception:
> Sep 01, 2014 2:07:49 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> checkActions
> WARNING: Security processing failed (actions mismatch)
> Sep 01, 2014 2:07:49 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
> WARNING:
> org.apache.ws.security.WSSecurityException: An error was discovered
> processing the <wsse:Security> header
> at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.checkActions(WSS4JInInterceptor.java:354)
> The inbound configuration aspects are as follows:
> //Inbound Policy Rules
> inProps.put("action", "Timestamp Encrypt Signature");
> inProps.put("passwordCallbackClass",
> "reply.solidsoft.emvs.common.EmvsPasswordCallback");
> inProps.put("decryptionPropFile", EmvsProperties.val(propPrefix +
> "resp.propFile"));
> inProps.put("signaturePropFile", EmvsProperties.val(propPrefix +
> "enc.propFile"));
> inProps.put("encryptionKeyIdentifier", "Thumbprint");
> inProps.put("signatureKeyIdentifier", "DirectReference");
> inProps.put("encryptionKeyTransportAlgorithm",
> "http://www.w3.org/2001/04/xmlenc#rsa-1_5";);
> inProps.put("signatureAlgorithm",
> "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";);
> inProps.put("signatureDigestAlgorithm",
> "http://www.w3.org/2001/04/xmlenc#sha256";);
> inProps.put("encryptionSymAlgorithm",
> "http://www.w3.org/2001/04/xmlenc#aes256-cbc";);
> client.getInInterceptors().add(new WSS4JInInterceptor(inProps));
> I have debugged the code in Netbeans and the issue stems from CXF erroneously
> misreading the actions on the incoming message. The WSS4JInInterceptor (or
> rather the classes/methods it calls) determines that the message has the
> following actions (see WSConstants.java):
> hex constant/tag value
> 4/ENCR
> 2/SIGN
> 4/ENCR
> 1000/BST
> 20/TS
> It can be seen that the security engine determines that ENCR occurs twice.
> This causes WSHandler.java - checkReceiverResultsAnyOrder() to throw the
> mismatch error. I have managed a temporary work around by creating my own
> version of this code and ignoring the first/erroneous ENCR action. This lets
> the code execute without error and all parts are decrypted perfectly. As such
> I don't believe that the response message is at fault.
> I have attached MismatchResponse.xml which is the data which is causing the
> error
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
