Sign message with mutiple parts - CRLF characters getting added

We are connecting to a third party webservice and we need to sign the message and with multiple parts. We see signature generates

characters in BinarySecurityToken and the backend is treating as sql injection attack.

The SignatureValue element contains the actual value of the digital
signature and it is encoded using base64 and seems to be valid as per below rfc but looks third party webservice is treating differently..

https://www.ietf.org/rfc/rfc2045.txt

We use wss4j 2.2.1 with jdk1.8 and having issues while sending via apigee..

Is there a way to get rid or better way to do it? Please suggest.

Attached java snippet for reference..

Thankyou.

Solved Solved
0 2 86
1 ACCEPTED SOLUTION

Updated to latest version of wss4j 2.2.4 and added below to get rid and issue got resolved.

==

String lineBreakPropName = "org.apache.xml.security.ignoreLineBreaks"; if (System.getProperty(lineBreakPropName) == null) { System.setProperty(lineBreakPropName, "true"); }

==

View solution in original post

2 REPLIES 2

@Dino-at-Google @Dino

Looking forward for some help..

Updated to latest version of wss4j 2.2.4 and added below to get rid and issue got resolved.

==

String lineBreakPropName = "org.apache.xml.security.ignoreLineBreaks"; if (System.getProperty(lineBreakPropName) == null) { System.setProperty(lineBreakPropName, "true"); }

==