You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/07/31 10:22:16 UTC
git commit: Trying to fix the SAMLP response decryption issue
Repository: cxf
Updated Branches:
refs/heads/master 8c331929e -> 730cdf2e6
Trying to fix the SAMLP response decryption issue
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/730cdf2e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/730cdf2e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/730cdf2e
Branch: refs/heads/master
Commit: 730cdf2e639bbd3319b1f50c1c9e444d508b721e
Parents: 8c33192
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Jul 31 11:21:57 2014 +0300
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Jul 31 11:21:57 2014 +0300
----------------------------------------------------------------------
.../security/saml/sso/SAMLProtocolResponseValidator.java | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/730cdf2e/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 08b906e..42e2aab 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -115,10 +115,9 @@ public class SAMLProtocolResponseValidator {
// Decrypt any encrypted Assertions and add them to the Response (note that this will break any
// signature on the Response)
for (org.opensaml.saml2.core.EncryptedAssertion assertion : samlResponse.getEncryptedAssertions()) {
- EncryptedData encryptedData = assertion.getEncryptedData();
- Element encryptedDataDOM = encryptedData.getDOM();
- Element decAssertion = decryptAssertion(encryptedDataDOM, sigCrypto, callbackHandler);
+ Element decAssertion =
+ decryptAssertion(assertion, sigCrypto, callbackHandler);
SamlAssertionWrapper wrapper = new SamlAssertionWrapper(decAssertion);
samlResponse.getAssertions().add(wrapper.getSaml2());
@@ -409,9 +408,9 @@ public class SAMLProtocolResponseValidator {
}
private Element decryptAssertion(
- Element encryptedDataDOM, Crypto sigCrypto, CallbackHandler callbackHandler
+ org.opensaml.saml2.core.EncryptedAssertion assertion, Crypto sigCrypto, CallbackHandler callbackHandler
) throws WSSecurityException {
- Element encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey", 0);
+ Element encKeyElement = getNode(assertion.getDOM(), WSConstants.ENC_NS, "EncryptedKey", 0);
if (encKeyElement == null) {
LOG.log(Level.FINE, "EncryptedKey element is not available");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
@@ -459,6 +458,8 @@ public class SAMLProtocolResponseValidator {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
+ EncryptedData encryptedData = assertion.getEncryptedData();
+ Element encryptedDataDOM = encryptedData.getDOM();
String symKeyAlgo = getEncodingMethodAlgorithm(encryptedDataDOM);
byte[] decryptedPayload = null;