You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by ru...@apache.org on 2006/06/06 10:25:30 UTC

svn commit: r412042 - /webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java

Author: ruchithf
Date: Tue Jun  6 01:25:30 2006
New Revision: 412042

URL: http://svn.apache.org/viewvc?rev=412042&view=rev
Log:
fix for WSS-44: Handle sigConf of the response when there's no signature in the request

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=412042&r1=412041&r2=412042&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Tue Jun  6 01:25:30 2006
@@ -291,19 +291,28 @@
             byte[] sigVal = ((WSSecurityEngineResult)sigConf.get(i)).getSigConf().getSignatureValue();
             if (sigVal != null) {
                 if (sigv == null || sigv.size() == 0) {
-                    throw new WSSecurityException("WSHandler: Check Signature confirmation: got a SC element, but no stored SV");
-                }
-                boolean found = false;
-                for (int ii = 0; ii < sigv.size(); ii++) {
-                    byte[] storedValue = (byte[])sigv.get(i);
-                    if (Arrays.equals(sigVal, storedValue)) {
-                        found = true;
-                        sigv.remove(ii);
-                        break;
+                    //If there are no store signature values
+                    if(sigVal.length != 0) {
+                        //If there's no value in the case where there are no
+                        //stored SV it is valid. Therefore if there IS a value 
+                        //in the sig confirmation element
+                        throw new WSSecurityException("WSHandler: Check Signature confirmation: got a SC element, but no stored SV");
                     }
-                }
-                if (!found) {
-                    throw new WSSecurityException("WSHandler: Check Signature confirmation: got SC element, but no matching SV");
+                } else {
+                    //If we have stored signature values
+                    boolean found = false;
+                    for (int ii = 0; ii < sigv.size(); ii++) {
+                        byte[] storedValue = (byte[]) sigv.get(i);
+                        if (Arrays.equals(sigVal, storedValue)) {
+                            found = true;
+                            sigv.remove(ii);
+                            break;
+                        }
+                    }
+                    if (!found) {
+                        throw new WSSecurityException(
+                                "WSHandler: Check Signature confirmation: got SC element, but no matching SV");
+                    } 
                 }
             }
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org