You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Alessio Soldano (Created) (JIRA)" <ji...@apache.org> on 2012/01/20 11:39:40 UTC
[jira] [Created] (WSS-334) SignatureProcessor does not fail when
ids of referenced signed elements are duplicated
SignatureProcessor does not fail when ids of referenced signed elements are duplicated
--------------------------------------------------------------------------------------
Key: WSS-334
URL: https://issues.apache.org/jira/browse/WSS-334
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Reporter: Alessio Soldano
Assignee: Colm O hEigeartaigh
The SignatureProcessor::verifyXMLSignature should throw an exception when the id of referenced elements is detected to be duplicated in the message being processed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Resolved] (WSS-334) SignatureProcessor does not fail when
ids of referenced signed elements are duplicated
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-334.
-------------------------------------
Resolution: Not A Problem
> SignatureProcessor does not fail when ids of referenced signed elements are duplicated
> --------------------------------------------------------------------------------------
>
> Key: WSS-334
> URL: https://issues.apache.org/jira/browse/WSS-334
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Alessio Soldano
> Assignee: Colm O hEigeartaigh
> Attachments: diff-sign-dup-id.txt
>
>
> The SignatureProcessor::verifyXMLSignature should throw an exception when the id of referenced elements is detected to be duplicated in the message being processed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-334) SignatureProcessor does not fail when
ids of referenced signed elements are duplicated
Posted by "Colm O hEigeartaigh (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189727#comment-13189727 ]
Colm O hEigeartaigh commented on WSS-334:
-----------------------------------------
Hi Alessio,
This patch is not necessary, as we are about to pick up Santuario 1.5.0, which takes care of this problem. In 1.5.0, any client code is responsible for providing all References, and so if WSS4J does not find the Element then signature validation will fail. See points 2 + 3 here for more info:
http://coheigea.blogspot.com/2012/01/apache-santuario-xml-security-for-java.html
It's possible that the Reference could be a http resource, which would not be resolved via the default CallbackLookup object in WSS4J, and so your patch would always cause that scenario to fail.
Colm.
> SignatureProcessor does not fail when ids of referenced signed elements are duplicated
> --------------------------------------------------------------------------------------
>
> Key: WSS-334
> URL: https://issues.apache.org/jira/browse/WSS-334
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Alessio Soldano
> Assignee: Colm O hEigeartaigh
> Attachments: diff-sign-dup-id.txt
>
>
> The SignatureProcessor::verifyXMLSignature should throw an exception when the id of referenced elements is detected to be duplicated in the message being processed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-334) SignatureProcessor does not fail when
ids of referenced signed elements are duplicated
Posted by "Alessio Soldano (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alessio Soldano updated WSS-334:
--------------------------------
Attachment: diff-sign-dup-id.txt
Here is a patch for solving this. Please evaluate. Thanks
> SignatureProcessor does not fail when ids of referenced signed elements are duplicated
> --------------------------------------------------------------------------------------
>
> Key: WSS-334
> URL: https://issues.apache.org/jira/browse/WSS-334
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Alessio Soldano
> Assignee: Colm O hEigeartaigh
> Attachments: diff-sign-dup-id.txt
>
>
> The SignatureProcessor::verifyXMLSignature should throw an exception when the id of referenced elements is detected to be duplicated in the message being processed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-334) SignatureProcessor does not fail when
ids of referenced signed elements are duplicated
Posted by "Alessio Soldano (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-334?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189731#comment-13189731 ]
Alessio Soldano commented on WSS-334:
-------------------------------------
Ah, cool. I didn't read that entry from your blog yet. Thanks.
> SignatureProcessor does not fail when ids of referenced signed elements are duplicated
> --------------------------------------------------------------------------------------
>
> Key: WSS-334
> URL: https://issues.apache.org/jira/browse/WSS-334
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Alessio Soldano
> Assignee: Colm O hEigeartaigh
> Attachments: diff-sign-dup-id.txt
>
>
> The SignatureProcessor::verifyXMLSignature should throw an exception when the id of referenced elements is detected to be duplicated in the message being processed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Closed] (WSS-334) SignatureProcessor does not fail when ids
of referenced signed elements are duplicated
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed WSS-334.
-----------------------------------
> SignatureProcessor does not fail when ids of referenced signed elements are duplicated
> --------------------------------------------------------------------------------------
>
> Key: WSS-334
> URL: https://issues.apache.org/jira/browse/WSS-334
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Alessio Soldano
> Assignee: Colm O hEigeartaigh
> Attachments: diff-sign-dup-id.txt
>
>
> The SignatureProcessor::verifyXMLSignature should throw an exception when the id of referenced elements is detected to be duplicated in the message being processed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org