DSIG not working for attachments
I encounter signature bugs when using attachments in version 3.5.1.
When inlining an attachment as base64Binary content, the signature is calculated on the original request in the input window instead of the enriched request with the inlined data. I did a test with 2 exact same requests: one with attachment, one without an attachment. In both cases the body digest is the same. I verified the digest manually using xml-sec and it clearly corresponds to the body with <BinaryContent>cid:160744256771</BinaryContent>.
DIGEST VNzCUBm26uXKjAEmnllC063IEGg=
<soapenv:Body wsu:Id="id" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><v1:HelloWorldRequest><Value>?</Value><BinaryContent>cid:160744256771</BinaryContent></v1:HelloWorldRequest></soapenv:Body>
DIGEST VNzCUBm26uXKjAEmnllC063IEGg=
<soapenv:Body wsu:Id="id" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><v1:HelloWorldRequest><Value>?</Value><BinaryContent>R0lGODlhCg..stripped base 64 data..KjIIJBeBADs=</BinaryContent></v1:HelloWorldRequest></soapenv:Body>
- Can someone confirm this bug?
- I encounter the same issues using MTOM
When inlining an attachment as base64Binary content, the signature is calculated on the original request in the input window instead of the enriched request with the inlined data. I did a test with 2 exact same requests: one with attachment, one without an attachment. In both cases the body digest is the same. I verified the digest manually using xml-sec and it clearly corresponds to the body with <BinaryContent>cid:160744256771</BinaryContent>.
DIGEST VNzCUBm26uXKjAEmnllC063IEGg=
<soapenv:Body wsu:Id="id" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><v1:HelloWorldRequest><Value>?</Value><BinaryContent>cid:160744256771</BinaryContent></v1:HelloWorldRequest></soapenv:Body>
DIGEST VNzCUBm26uXKjAEmnllC063IEGg=
<soapenv:Body wsu:Id="id" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><v1:HelloWorldRequest><Value>?</Value><BinaryContent>R0lGODlhCg..stripped base 64 data..KjIIJBeBADs=</BinaryContent></v1:HelloWorldRequest></soapenv:Body>
- Can someone confirm this bug?
- I encounter the same issues using MTOM