You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/10/23 15:34:48 UTC
svn commit: r1710211 -
/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
Author: coheigea
Date: Fri Oct 23 13:34:48 2015
New Revision: 1710211
URL: http://svn.apache.org/viewvc?rev=1710211&view=rev
Log:
Minor change
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java?rev=1710211&r1=1710210&r2=1710211&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java Fri Oct 23 13:34:48 2015
@@ -102,15 +102,21 @@ public final class DOMSAMLUtil {
Certificate[] tlsCerts
) {
List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
+ boolean isHolderOfKey = false;
for (String confirmationMethod : confirmationMethods) {
if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
- if (tlsCerts == null && (signedResults == null || signedResults.isEmpty())) {
- return false;
- }
- SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
- if (!compareCredentials(subjectKeyInfo, signedResults, tlsCerts)) {
- return false;
- }
+ isHolderOfKey = true;
+ break;
+ }
+ }
+
+ if (isHolderOfKey) {
+ if (tlsCerts == null && (signedResults == null || signedResults.isEmpty())) {
+ return false;
+ }
+ SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
+ if (!compareCredentials(subjectKeyInfo, signedResults, tlsCerts)) {
+ return false;
}
}
return true;
@@ -211,15 +217,22 @@ public final class DOMSAMLUtil {
if (tlsCerts != null && tlsCerts.length > 0) {
return true;
}
+
List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
+ boolean isSenderVouches = false;
for (String confirmationMethod : confirmationMethods) {
if (OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
- if (signed == null || signed.isEmpty()) {
- return false;
- }
- if (!checkAssertionAndBodyAreSigned(assertionWrapper, body, signed)) {
- return false;
- }
+ isSenderVouches = true;
+ break;
+ }
+ }
+
+ if (isSenderVouches) {
+ if (signed == null || signed.isEmpty()) {
+ return false;
+ }
+ if (!checkAssertionAndBodyAreSigned(assertionWrapper, body, signed)) {
+ return false;
}
}
return true;