[
https://issues.apache.org/jira/browse/WSS-714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Haeusler updated WSS-714:
---------------------------------
Description:
When processing the attached Soap Message, the decryption will fail because no
recipient certificate is found.
it works if the X509SKI is transformed into a SecurityTokenReference
I checked the code in EncryptedKeyProcessor and found that the handling for
X509SKI is not existing.
while investigating the code I found some more problems in the processor:
# only one child element of RecipientKeyInfo is considered for resolving the
certificate.
# when a KeyValue element is used instead of X509Data element, it will fail
with a MarshallingException because XMLSignatureFactory cannot parse a
RecipientKeyInfo because it expects a KeyInfo element
was:
When processing the attached Soap Message, the decryption will fail because no
recipient certificate is found.
it works if the X509SKI is transformed into a SecurityTokenReference
I checked the code EncryptedKeyProcessor and found that the handling for
X509SKI is not existing.
while investigating the code I found some more problems in the processor:
# only one child element of RecipientKeyInfo is considered for resolving the
certificate.
# when a KeyValue element is used instead of X509Data element, it will fail
with a MarshallingException because XMLSignatureFactory cannot parse a
RecipientKeyInfo because it expects a KeyInfo element
> processing of Soap Message with AgreementMethod ECDH-ES fails when X509SKI
> is used in RecipientKeyInfo
> -------------------------------------------------------------------------------------------------------
>
> Key: WSS-714
> URL: https://issues.apache.org/jira/browse/WSS-714
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 3.0.4
> Reporter: Michael Haeusler
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Attachments: recipientKeyInfoBroken.xml
>
>
> When processing the attached Soap Message, the decryption will fail because
> no recipient certificate is found.
> it works if the X509SKI is transformed into a SecurityTokenReference
> I checked the code in EncryptedKeyProcessor and found that the handling for
> X509SKI is not existing.
> while investigating the code I found some more problems in the processor:
> # only one child element of RecipientKeyInfo is considered for resolving the
> certificate.
> # when a KeyValue element is used instead of X509Data element, it will fail
> with a MarshallingException because XMLSignatureFactory cannot parse a
> RecipientKeyInfo because it expects a KeyInfo element
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
