You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/10/14 12:33:07 UTC
svn commit: r1183284 -
/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Author: coheigea
Date: Fri Oct 14 10:33:06 2011
New Revision: 1183284
URL: http://svn.apache.org/viewvc?rev=1183284&view=rev
Log:
Added commend out code to check transform algorithms
Modified:
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java?rev=1183284&r1=1183283&r2=1183284&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java Fri Oct 14 10:33:06 2011
@@ -33,6 +33,7 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSSecurityEngineResult;
+//import org.apache.ws.security.transform.STRTransform;
/**
* Validate a WSSecurityEngineResult corresponding to the processing of a Signature, EncryptedKey or
@@ -92,6 +93,25 @@ public class AlgorithmSuitePolicyValidat
List<WSDataRef> dataRefs =
CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+ if (!checkDataRefs(dataRefs, algorithmPolicy, ai)) {
+ return false;
+ }
+
+ if (!checkKeyLengths(result, algorithmPolicy, ai, true)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Check the individual signature references
+ */
+ private boolean checkDataRefs(
+ List<WSDataRef> dataRefs,
+ AlgorithmSuite algorithmPolicy,
+ AssertionInfo ai
+ ) {
for (WSDataRef dataRef : dataRefs) {
String digestMethod = dataRef.getDigestAlgorithm();
if (!algorithmPolicy.getDigest().equals(digestMethod)) {
@@ -100,12 +120,23 @@ public class AlgorithmSuitePolicyValidat
);
return false;
}
+ /*
+ * TODO Re-enable once we upgrade to WSS4J 1.6.4
+ List<String> transformAlgorithms = dataRef.getTransformAlgorithms();
+ // Only a max of 2 transforms per reference is allowed
+ if (transformAlgorithms == null || transformAlgorithms.size() > 2) {
+ ai.setNotAsserted("The transform algorithms do not match the requirement");
+ return false;
+ }
+ for (String transformAlgorithm : transformAlgorithms) {
+ if (!(algorithmPolicy.getInclusiveC14n().equals(transformAlgorithm)
+ || STRTransform.TRANSFORM_URI.equals(transformAlgorithm))) {
+ ai.setNotAsserted("The transform algorithms do not match the requirement");
+ return false;
+ }
+ }
+ */
}
-
- if (!checkKeyLengths(result, algorithmPolicy, ai, true)) {
- return false;
- }
-
return true;
}