You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/04/27 17:43:33 UTC
[2/3] cxf git commit: [CXF-6884] - Don't include
Signature/EncryptedKey Elements if there are no references to be
signed/encrypted
[CXF-6884] - Don't include Signature/EncryptedKey Elements if there are no references to be signed/encrypted
# Conflicts:
# rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0da2a5ef
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0da2a5ef
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0da2a5ef
Branch: refs/heads/3.0.x-fixes
Commit: 0da2a5ef359fcbb2b732dd544cbb2fae7871fec9
Parents: 8259127
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 26 17:32:35 2016 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 26 22:32:38 2016 +0100
----------------------------------------------------------------------
.../AsymmetricBindingHandler.java | 69 +++++++++++---------
.../policyhandlers/SymmetricBindingHandler.java | 54 ++++++++-------
2 files changed, 67 insertions(+), 56 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/0da2a5ef/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index c7576c6..199623f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -502,10 +502,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
this.insertBeforeBottomUp(attachment);
}
}
- this.addEncryptedKeyElement(encryptedKeyElement);
+ if (refList != null || (attachments != null && !attachments.isEmpty())) {
+ this.addEncryptedKeyElement(encryptedKeyElement);
+ }
} else {
Element refList = encr.encryptForRef(null, encrParts);
- this.addEncryptedKeyElement(encryptedKeyElement);
+ if (refList != null || (attachments != null && !attachments.isEmpty())) {
+ this.addEncryptedKeyElement(encryptedKeyElement);
+ }
// Add internal refs
if (refList != null) {
@@ -660,20 +664,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setParts(sigParts);
List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader);
-
- // Add elements to header
- addDerivedKeyElement(dkSign.getdktElement());
-
- //Do signature
- if (bottomUpElement == null) {
- dkSign.computeSignature(referenceList, false, null);
- } else {
- dkSign.computeSignature(referenceList, true, bottomUpElement);
+ if (!referenceList.isEmpty()) {
+ // Add elements to header
+ addDerivedKeyElement(dkSign.getdktElement());
+
+ //Do signature
+ if (bottomUpElement == null) {
+ dkSign.computeSignature(referenceList, false, null);
+ } else {
+ dkSign.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = dkSign.getSignatureElement();
+ signatures.add(dkSign.getSignatureValue());
+
+ mainSigId = dkSign.getSignatureId();
}
- bottomUpElement = dkSign.getSignatureElement();
- signatures.add(dkSign.getSignatureValue());
-
- mainSigId = dkSign.getSignatureId();
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw new Fault(ex);
@@ -695,24 +700,26 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
}
List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
- //Do signature
- if (bottomUpElement == null) {
- sig.computeSignature(referenceList, false, null);
- } else {
- sig.computeSignature(referenceList, true, bottomUpElement);
- }
- bottomUpElement = sig.getSignatureElement();
-
- if (!abinding.isProtectTokens()) {
- Element bstElement = sig.getBinarySecurityTokenElement();
- if (bstElement != null) {
- secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement);
+ if (!referenceList.isEmpty()) {
+ //Do signature
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
+
+ if (!abinding.isProtectTokens()) {
+ Element bstElement = sig.getBinarySecurityTokenElement();
+ if (bstElement != null) {
+ secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement);
+ }
}
+
+ signatures.add(sig.getSignatureValue());
+
+ mainSigId = sig.getId();
}
-
- signatures.add(sig.getSignatureValue());
-
- mainSigId = sig.getId();
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/0da2a5ef/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 69ac52f..0ae599b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -732,22 +732,24 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setParts(sigs);
List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader);
-
- //Add elements to header
- Element el = dkSign.getdktElement();
- addDerivedKeyElement(el);
-
- //Do signature
- if (bottomUpElement == null) {
- dkSign.computeSignature(referenceList, false, null);
- } else {
- dkSign.computeSignature(referenceList, true, bottomUpElement);
+ if (!referenceList.isEmpty()) {
+ //Add elements to header
+ Element el = dkSign.getdktElement();
+ addDerivedKeyElement(el);
+
+ //Do signature
+ if (bottomUpElement == null) {
+ dkSign.computeSignature(referenceList, false, null);
+ } else {
+ dkSign.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = dkSign.getSignatureElement();
+
+ this.mainSigId = dkSign.getSignatureId();
+
+ return dkSign.getSignatureValue();
}
- bottomUpElement = dkSign.getSignatureElement();
-
- this.mainSigId = dkSign.getSignatureId();
-
- return dkSign.getSignatureValue();
+ return null;
}
private byte[] doSignature(List<WSEncryptionPart> sigs,
@@ -857,17 +859,19 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
sig.setParts(sigs);
List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader);
-
- //Do signature
- if (bottomUpElement == null) {
- sig.computeSignature(referenceList, false, null);
- } else {
- sig.computeSignature(referenceList, true, bottomUpElement);
+ if (!referenceList.isEmpty()) {
+ //Do signature
+ if (bottomUpElement == null) {
+ sig.computeSignature(referenceList, false, null);
+ } else {
+ sig.computeSignature(referenceList, true, bottomUpElement);
+ }
+ bottomUpElement = sig.getSignatureElement();
+
+ this.mainSigId = sig.getId();
+ return sig.getSignatureValue();
}
- bottomUpElement = sig.getSignatureElement();
-
- this.mainSigId = sig.getId();
- return sig.getSignatureValue();
+ return null;
}
}