Hi all
I've got a soap request (see below) with two EncryptedKey elements
(different public keys).
My application is in the possession of only one private key which means
that it can only process some of the encrypted elements. If I process the
security header the following exception is thrown:
Caused by: org.apache.ws.security.WSSecurityException: Cannot
encrypt/decrypt data; nested exception is:
java.lang.Exception: alias is null
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey
(EncryptedKeyProcessor.java:287)
How can I tell WSS4J to ignore the EncryptedKey elements which are not
intended to be decrypted?
This is the code to decrypt the soap message:
String message = ... ;
String cert = .... ;
try {
InputStream inStream = new ByteArrayInputStream(message.getBytes());
SOAPMessage soapmsg = MessageFactory.newInstance().createMessage());
null, inStream);
Document doc = (Document) soapmsg.getSOAPPart();
Crypto crypto = CryptoFactory.getInstance(cert);
secEngine.processSecurityHeader(doc, null, new MyCallbackHandler(),;
crypto);
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
DOMSource source = new DOMSource(doc);
StringWriter sw = new StringWriter();;
StreamResult result = new StreamResult(sw);
transformer.transform(source, result);
return sw.toString();
} catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(ex);
}
Here is the input soap request:;
<?xml version="1.0" encoding="UTF-8"?>
<>SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";;
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:m2="http://ecm.zurich.com/svc/ws/types";
xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";;
xmlns:m1="http://ecm.zurich.com/svc/ws/document_v1_0";>
<SOAP-ENV:Header>
<m3:Security
xmlns:m3=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
SOAP-ENV:mustUnderstand.="1">
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EncKeyId-712593">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
>
<wsse:SecurityTokenReference
xmlns:wsse=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
[EMAIL PROTECTED],CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
446
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
gL4WtugirLpupgr7i9I6VVHyDu2H6sS1phCX8zY9+65dTf8LtsDSjVFNLaBHmIrfMLXgC1gREA
+WnUGoObNV5Ek1VePLrCzYp4TGzVR0wxbhF6m1Zzc81wKArtLHflcXKsn5v7rUvArC3bh4o7QqBs6o1W13EmI244r9ZA30gqY=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
URI="#EncDataId-31188783" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedKey
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="EncKeyId-30675222">
<xenc:EncryptionMethod
Algorithm=
"http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
>
<wsse:SecurityTokenReference
xmlns:wsse=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
>
<ds:X509Data
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerSerial
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
<ds:X509IssuerName
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
[EMAIL PROTECTED],CN=SDC
Internal
CA,OU=ING,O=Swiss Data
Center,L=Zurich
Insurance,ST=Zurich,C=CH
</ds:X509IssuerName>
<ds:X509SerialNumber
xmlns:ds=
"http://www.w3.org/2000/09/xmldsig#";>
447
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
RVKDb7RnEPf1/566a4kSEy0Q8Rq2cglbyEcoxHy7YtFQfQdEs
+Dx3iC29r2LhYzQidp51ZuLNptJGvFz5eQrFivgqlTfdgxPBC
+LVXN1zMu9N5f0PVRk8BGsoxK9Jwum05TvEnXu+IbwWpM70roh9H6KlQU5azZfYnTUMossrYo=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
URI="#EncDataId-28179427" />
<xenc:DataReference
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
URI="#EncDataId-24390742" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<m3:UsernameToken xsi:type="m3:UsernameTokenType">
<m3:Username>YSV101676</m3:Username>
<m3:Password
Type=
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
xsi:type="m3:PasswordString">
r8328hFs
</m3:Password>
</m3:UsernameToken>
</:m3:Security>
</:SOAP-ENV:Header>
<SOAP-ENV:Body>
<m1:updateMetadata>
<m1:docIDs>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
Type=
"http://www.w3.org/2001/04/xmlenc#Content";
Id="EncDataId-31188783">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
lfVNeqOdi8BjOqdWZ
+Vniu3oXf9h8sjP2FG7wLHVlrxd/w3Gaj8tpW3r83HhSQk87Ta1CFGPN1VG
IWBZW6VQOg==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:docIDs>
<m1:metadata>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
Type=
"http://www.w3.org/2001/04/xmlenc#Content";
Id="EncDataId-28179427">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
YxeTDZRvhDlAAYmTvMoyp2l3u1fywZJ8uMgI3M
+hmEEqOoAQwmrWTeG8JEyDFymlycnEoT7siMR9
dOkauixPm7OIb6uW/2WlpK106/3RqRe/Rwj98zne2WiG6otfM5gWICpc7i2bf97opS2MFcM85v13
6bCXXbEybWw
+erNexIEUcVg56L50dup4d2PqVNHUSZurdKYwKmR944QjydN25zTO9XjvhoppHCDT
nuoUz1UuIHiDXtDgFpSknHoGzMA8tWebb4PNy6fBViqfoT39EGNMF7C2N+aVygR2xl3OY63Lbix
+
xbxq3g
+3BHlDbsDaCtVaC4BIM637xr75xQGUp/sHVEx/mY6KUoxcLHQgQbe0vrXKFdWIQ7zHRjQq
o04PRIJTOWW9hruD+2HS3UEo0v8t
+G2jHsirqmv17vr1uPcq0NZzRJVSpVAxS1KOIaSBtJeBbxui
EvB1ZAb9hxOXQ8NYT0xrzp3SFrvkcLLT0h1Skvg50A4r6yBDWFeHUDCX
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:metadata>
<m1:context>
<xenc:EncryptedData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
Type=
"http://www.w3.org/2001/04/xmlenc#Content";
Id="EncDataId-24390742">
<xenc:EncryptionMethod
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";
Algorithm=
"http://www.w3.org/2001/04/xmlenc#aes128-cbc"; />
<xenc:CipherData
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
<xenc:CipherValue
xmlns:xenc=
"http://www.w3.org/2001/04/xmlenc#";>
M960LIC0KgOVcGTbB0CvRaV7ONx2wjjFRhMVrBYW9G61v
+esYY2mP6p4k9gJWrDyfqthgYDfLyPp
eRjSpgSAlXNGMwrMW8/9QUlDmKloKQvTLGTSJG5ySpSkrY5NLyTDp1LSnjvWvRoaPYuHEBKHdw==
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</m1:context>
</:m1:updateMetadata>
</:SOAP-ENV:Body>
</SOAP-ENV:Envelope>
******************* BITTE BEACHTEN *******************
Diese Nachricht (wie auch allfällige Anhänge dazu) beinhaltet
möglicherweise vertrauliche oder gesetzlich geschützte Daten oder
Informationen. Zum Empfang derselben ist (sind) ausschliesslich die
genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht
irrtümlicherweise erreicht hat, sind Sie höflich gebeten, diese unter
Ausschluss jeder Reproduktion zu zerstören und die absendende Person
umgehend zu benachrichtigen. Vielen Dank für Ihre Hilfe.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
