You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by ru...@apache.org on 2006/06/06 10:25:30 UTC
svn commit: r412042 -
/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
Author: ruchithf
Date: Tue Jun 6 01:25:30 2006
New Revision: 412042
URL: http://svn.apache.org/viewvc?rev=412042&view=rev
Log:
fix for WSS-44: Handle sigConf of the response when there's no signature in the request
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=412042&r1=412041&r2=412042&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java Tue Jun 6 01:25:30 2006
@@ -291,19 +291,28 @@
byte[] sigVal = ((WSSecurityEngineResult)sigConf.get(i)).getSigConf().getSignatureValue();
if (sigVal != null) {
if (sigv == null || sigv.size() == 0) {
- throw new WSSecurityException("WSHandler: Check Signature confirmation: got a SC element, but no stored SV");
- }
- boolean found = false;
- for (int ii = 0; ii < sigv.size(); ii++) {
- byte[] storedValue = (byte[])sigv.get(i);
- if (Arrays.equals(sigVal, storedValue)) {
- found = true;
- sigv.remove(ii);
- break;
+ //If there are no store signature values
+ if(sigVal.length != 0) {
+ //If there's no value in the case where there are no
+ //stored SV it is valid. Therefore if there IS a value
+ //in the sig confirmation element
+ throw new WSSecurityException("WSHandler: Check Signature confirmation: got a SC element, but no stored SV");
}
- }
- if (!found) {
- throw new WSSecurityException("WSHandler: Check Signature confirmation: got SC element, but no matching SV");
+ } else {
+ //If we have stored signature values
+ boolean found = false;
+ for (int ii = 0; ii < sigv.size(); ii++) {
+ byte[] storedValue = (byte[]) sigv.get(i);
+ if (Arrays.equals(sigVal, storedValue)) {
+ found = true;
+ sigv.remove(ii);
+ break;
+ }
+ }
+ if (!found) {
+ throw new WSSecurityException(
+ "WSHandler: Check Signature confirmation: got SC element, but no matching SV");
+ }
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org