You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by "Nandana Mihindukulasooriya (JIRA)" <ji...@apache.org> on 2008/01/14 06:19:34 UTC
[jira] Assigned: (RAMPART-31) Using Policy configuration - a SOAP
Message cannot be Encrypted only.
[ https://issues.apache.org/jira/browse/RAMPART-31?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nandana Mihindukulasooriya reassigned RAMPART-31:
-------------------------------------------------
Assignee: Nandana Mihindukulasooriya
> Using Policy configuration - a SOAP Message cannot be Encrypted only.
> ----------------------------------------------------------------------
>
> Key: RAMPART-31
> URL: https://issues.apache.org/jira/browse/RAMPART-31
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.1
> Reporter: Ric Emery
> Assignee: Nandana Mihindukulasooriya
> Attachments: diff.txt
>
>
> Unless I am mistaken AsymmetricBindingBuilder does not support only encrypting a SOAP Message. AsymmetricBindingBuilder assumes that Signatures will always be applied. Logically I would think that leaving out the Policy sp:SignedParts element and/or the sp:InitiatorToken element would result in a message that is encrypted (assuming the Policy configures encryption), but not signed. Leaving out the InitiatorToken out of the profile results in a NullPointerException. Leaving out the sp:SignedParts does not disable signatures. I modified AssymetircBindingBuilder.java to allow encryption without signatures. Being new to the source base I am not sure that this is the correct fix.
> I modified build method adding a call to determine if signatures are disabled. Added a method to make the determination. And added a doEncryption method.. I can submit a diff in the proper format if requested.
> Thanks
> public void build(RampartMessageData rmd) throws RampartException {
> log.debug("AsymmetricBindingBuilder build invoked");
> RampartPolicyData rpd = rmd.getPolicyData();
> if (rpd.isIncludeTimestamp()) {
> this.addTimestamp(rmd);
> }
> if (shouldEncryptOnly(rmd))
> this.doEncrypt(rmd);
> else if (Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
> this.doEncryptBeforeSig(rmd);
> } else {
> this.doSignBeforeEncrypt(rmd);
> }
> log.debug("AsymmetricBindingBuilder build invoked : DONE");
> }
> private boolean shouldEncryptOnly(RampartMessageData rmd)
> {
> // Is there a better way to determine if signatures should be disabled?
> RampartPolicyData rampartPolicyData = rmd.getPolicyData();
> Vector parts = rampartPolicyData.getSignedParts();
> return !rampartPolicyData.isSignBody() && (null == parts || parts.size() == 0);
> }
> private void doEncrypt(RampartMessageData rmd)
> throws RampartException {
> RampartPolicyData rpd = rmd.getPolicyData();
> Document doc = rmd.getDocument();
> RampartConfig config = rpd.getRampartConfig();
> /*
> * We need to hold on to these two element to use them as refence in the
> * case of encypting the signature
> */
> Element encrDKTokenElem = null;
> WSSecEncrypt encr = null;
> Element refList = null;
> WSSecDKEncrypt dkEncr = null;
> /*
> * We MUST use keys derived from the same token
> */
> Token encryptionToken = rpd.getRecipientToken();
> Vector encrParts = RampartUtil.getEncryptedParts(rmd);
> if(encryptionToken == null && encrParts.size() > 0) {
> throw new RampartException("encryptionTokenMissing");
> }
> if (encryptionToken != null && encrParts.size() > 0) {
> if (encryptionToken.isDerivedKeys()) {
> try {
> this.setupEncryptedKey(rmd, encryptionToken);
> // Create the DK encryption builder
> dkEncr = new WSSecDKEncrypt();
> dkEncr.setParts(encrParts);
> dkEncr.setExternalKey(this.encryptedKeyValue,
> this.encryptedKeyId);
> dkEncr.prepare(doc);
> // Get and add the DKT element
> this.encrDKTElement = dkEncr.getdktElement();
> encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
> refList = dkEncr.encryptForExternalRef(null, encrParts);
> } catch (WSSecurityException e) {
> throw new RampartException("errorCreatingEncryptedKey", e);
> } catch (ConversationException e) {
> throw new RampartException("errorInDKEncr", e);
> }
> } else {
> try {
> encr = new WSSecEncrypt();
> encr.setParts(encrParts);
> encr.setWsConfig(rmd.getConfig());
> encr.setDocument(doc);
> RampartUtil.setEncryptionUser(rmd, encr);
> encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
> encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
> encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
> Element bstElem = encr.getBinarySecurityTokenElement();
> if (bstElem != null) {
> RampartUtil.appendChildToSecHeader(rmd, bstElem);
> }
> this.encrTokenElement = encr.getEncryptedKeyElement();
> this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
> encrTokenElement);
> refList = encr.encryptForExternalRef(null, encrParts);
> } catch (WSSecurityException e) {
> throw new RampartException("errorInEncryption", e);
> }
> }
> RampartUtil.appendChildToSecHeader(rmd, refList);
> this.setInsertionLocation(encrTokenElement);
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.