You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2021/05/14 09:26:55 UTC
[ws-wss4j] branch master updated: WSS-685 - Signature before
timestamp results in signing after encryption
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 17bdae9 WSS-685 - Signature before timestamp results in signing after encryption
17bdae9 is described below
commit 17bdae9be307537738f2d19e49804619b1ccf39e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri May 14 10:26:31 2021 +0100
WSS-685 - Signature before timestamp results in signing after encryption
---
.../org/apache/wss4j/dom/handler/WSHandler.java | 28 ++++++++++++----------
.../apache/wss4j/dom/message/SignatureTest.java | 4 ++++
2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
index 8781cc4..39bbbca 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
@@ -20,15 +20,7 @@
package org.apache.wss4j.dom.handler;
import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
+import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
@@ -218,11 +210,21 @@ public abstract class WSHandler {
if (signingAction != null) {
actionsToPerform = new ArrayList<>(actions);
- Collections.copy(actionsToPerform, actions);
- int signatureIndex = actions.indexOf(signingAction);
- actionsToPerform.remove(signingAction);
- actionsToPerform.add(signingAction);
+ // Find TimestampAction
+ int timestampIndex = -1;
+ for (int i = 0; i < actionsToPerform.size(); i++) {
+ if (actionsToPerform.get(i).getAction() == WSConstants.TS) {
+ timestampIndex = i;
+ break;
+ }
+ }
+
+ int signatureIndex = actionsToPerform.indexOf(signingAction);
+ if (timestampIndex >= 0) {
+ actionsToPerform.set(signatureIndex, actionsToPerform.get(timestampIndex));
+ actionsToPerform.set(timestampIndex, signingAction);
+ }
reqData.setAppendSignatureAfterTimestamp(true);
reqData.setOriginalSignatureActionPosition(signatureIndex);
}
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
index 9506b10..070d6f2 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/message/SignatureTest.java
@@ -864,6 +864,8 @@ public class SignatureTest {
LOG.debug("Signed message:");
LOG.debug(outputString);
}
+
+ secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
}
@Test
@@ -901,6 +903,8 @@ public class SignatureTest {
LOG.debug("Signed message:");
LOG.debug(outputString);
}
+
+ secEngine.processSecurityHeader(doc, null, callbackHandler, crypto);
}
@Test