Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-450

Inbound Processing code fails with an Encrypted Signature

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0
    • None
    • None

    Description

      The streaming inbound processing case fails on a message like the below (generated using the streaming code, with an Asymmetric Binding + sp:EncryptSignature):

      BinarySecurityToken
      EncryptedKey (ref BST above)
      EncryptedData (encrypted Sig, ref EncryptedKey above)
      BinarySecurityToken (referenced via the encrypted Signature)
      (Encrypted/signed SOAP Body)

      Error is:

      java.lang.IllegalStateException: javax.xml.stream.XMLStreamException: org.apache.wss4j.common.ext.WSSecurityException: Referenced Token "G3618ed5a-e569-4fd6-af3b-6255353dd2b7" not found
      at org.apache.xml.security.stax.impl.XMLSecurityStreamReader.getEventType(XMLSecurityStreamReader.java:386)

      Can the Signature processing code not find a signing BST if it is after the Signature?

      Attachments

        Activity

          People

            giger Marc Giger
            coheigea Colm O hEigeartaigh
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: