You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by na...@apache.org on 2008/04/17 17:17:51 UTC
svn commit: r649150 -
/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Author: nandana
Date: Thu Apr 17 08:17:46 2008
New Revision: 649150
URL: http://svn.apache.org/viewvc?rev=649150&view=rev
Log:
RAMPART-146 fixing the issue
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Modified: webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=649150&r1=649149&r2=649150&view=diff
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java Thu Apr 17 08:17:46 2008
@@ -30,6 +30,7 @@
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
@@ -46,6 +47,8 @@
import java.util.Set;
import java.util.Vector;
+import javax.xml.namespace.QName;
+
public class PolicyBasedResultsValidator implements PolicyValidatorCallbackHandler {
private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);
@@ -416,7 +419,7 @@
//Check for encrypted body
if(rpd.isEncryptBody()) {
- if(!encrRefs.contains(data.getBodyEncrDataId())){
+ if( !isRefIdPresent(encrRefs, data.getBodyEncrDataId())){
throw new RampartException("encryptedPartMissing",
new String[]{data.getBodyEncrDataId()});
}
@@ -431,16 +434,13 @@
continue;
}
- //TODO we don't check encrypted headers now
- // Can't change id when when encrypted header is both signed and encrypted
- //FIX THIS
- if (encPart.getType() == WSConstants.PART_TYPE_HEADER) {
- continue;
- }
-
- //TODO we need to check encrypted signature
- if (WSConstants.SIG_LN.equals(encPart.getName()) &&
- WSConstants.SIG_NS.equals(encPart.getNamespace())) {
+ if ((WSConstants.SIG_LN.equals(encPart.getName()) &&
+ WSConstants.SIG_NS.equals(encPart.getNamespace()))
+ || encPart.getType() == WSConstants.PART_TYPE_HEADER ) {
+ if (!isRefIdPresent(encrRefs, new QName(encPart.getNamespace(),encPart.getName()))) {
+ throw new RampartException("encryptedPartMissing",
+ new String[]{encPart.getNamespace()+":"+encPart.getName()});
+ }
continue;
}
@@ -723,7 +723,7 @@
if(dataRefUris != null) {
for (Iterator iterator = dataRefUris.iterator(); iterator
.hasNext();) {
- String uri = (String) iterator.next();
+ WSDataRef uri = (WSDataRef) iterator.next();
refs.add(uri);
}
}
@@ -802,16 +802,44 @@
private boolean isRefIdPresent(ArrayList refList , String id) {
for (int i = 0; i < refList.size() ; i++) {
- String refId = (String)refList.get(i);
- if (refId != null && refId.equals(id)) {
+ WSDataRef dataRef = (WSDataRef)refList.get(i);
+
+ //ArrayList can contain null elements
+ if(dataRef == null) {
+ continue;
+ }
+ //Try to get the wsuId of the decrypted element
+ String dataRefUri = dataRef.getWsuId();
+ //If not found, try the reference Id of encrypted element ( we set the same Id when we
+ // decrypted element in WSS4J)
+ if (dataRefUri == null) {
+ dataRefUri = dataRef.getDataref();
+ }
+ if (dataRefUri != null && dataRefUri.equals(id)) {
return true;
- } else if (refId != null) {
- //TODO This is a hack to handle the special case Encrypted Header
- refId = refId.replaceFirst("EncDataId","EncHeader");
- if (refId.equals(id)) {
- return true;
- }
}
+ }
+
+ return false;
+
+ }
+
+ private boolean isRefIdPresent(ArrayList refList , QName qname) {
+
+ for (int i = 0; i < refList.size() ; i++) {
+ WSDataRef dataRef = (WSDataRef)refList.get(i);
+
+ //ArrayList can contain null elements
+ if(dataRef == null) {
+ continue;
+ }
+ //QName of the decrypted element
+ QName dataRefQName = dataRef.getName();
+
+ if ( dataRefQName != null && dataRefQName.equals(qname)) {
+ return true;
+ }
+
}
return false;