You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2012/11/21 17:04:50 UTC
svn commit: r1412163 - in
/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security:
processor/SAMLTokenProcessor.java saml/SAMLUtil.java
saml/ext/AssertionWrapper.java
Author: coheigea
Date: Wed Nov 21 16:04:49 2012
New Revision: 1412163
URL: http://svn.apache.org/viewvc?rev=1412163&view=rev
Log:
Making parsing of SAML Signature KeyInfo a bit more strict
Modified:
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java?rev=1412163&r1=1412162&r2=1412163&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/processor/SAMLTokenProcessor.java Wed Nov 21 16:04:49 2012
@@ -147,9 +147,8 @@ public class SAMLTokenProcessor implemen
KeyInfo keyInfo = sig.getKeyInfo();
SAMLKeyInfo samlKeyInfo =
- SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(),
- data, docInfo, data.getWssConfig().isWsiBSPCompliant()
+ SAMLUtil.getCredentialDirectlyFromKeyInfo(
+ keyInfo.getDOM(), data
);
if (algorithmSuite != null) {
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/SAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/SAMLUtil.java?rev=1412163&r1=1412162&r2=1412163&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/SAMLUtil.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/SAMLUtil.java Wed Nov 21 16:04:49 2012
@@ -353,6 +353,21 @@ public final class SAMLUtil {
node = node.getNextSibling();
}
+ return getCredentialDirectlyFromKeyInfo(keyInfoElement, data);
+ }
+
+ /**
+ * This method returns a SAMLKeyInfo corresponding to the credential found in the
+ * KeyInfo (DOM Element) argument.
+ * @param keyInfoElement The KeyInfo as a DOM Element
+ * @param data The RequestData instance used to obtain configuration
+ * @return The credential (as a SAMLKeyInfo object)
+ * @throws WSSecurityException
+ */
+ public static SAMLKeyInfo getCredentialDirectlyFromKeyInfo(
+ Element keyInfoElement,
+ RequestData data
+ ) throws WSSecurityException {
//
// Next marshal the KeyInfo DOM element into a javax KeyInfo object and get the
// (public key) credential
Modified: webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java?rev=1412163&r1=1412162&r2=1412163&view=diff
==============================================================================
--- webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java (original)
+++ webservices/wss4j/branches/1_6_x-fixes/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java Wed Nov 21 16:04:49 2012
@@ -539,9 +539,7 @@ public class AssertionWrapper {
if (sig != null) {
KeyInfo keyInfo = sig.getKeyInfo();
SAMLKeyInfo samlKeyInfo =
- SAMLUtil.getCredentialFromKeyInfo(
- keyInfo.getDOM(), data, docInfo, data.getWssConfig().isWsiBSPCompliant()
- );
+ SAMLUtil.getCredentialDirectlyFromKeyInfo(keyInfo.getDOM(), data);
verifySignature(samlKeyInfo);
} else {
LOG.debug("AssertionWrapper: no signature to validate");