You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/10/23 15:34:03 UTC

svn commit: r1710209 - /webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java

Author: coheigea
Date: Fri Oct 23 13:34:03 2015
New Revision: 1710209

URL: http://svn.apache.org/viewvc?rev=1710209&view=rev
Log:
Minor change

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java?rev=1710209&r1=1710208&r2=1710209&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/DOMSAMLUtil.java Fri Oct 23 13:34:03 2015
@@ -106,15 +106,21 @@ public final class DOMSAMLUtil  {
         Certificate[] tlsCerts
     ) {
         List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
+        boolean isHolderOfKey = false;
         for (String confirmationMethod : confirmationMethods) {
             if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
-                if (tlsCerts == null && (signedResults == null || signedResults.isEmpty())) {
-                    return false;
-                }
-                SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
-                if (!compareCredentials(subjectKeyInfo, signedResults, tlsCerts)) {
-                    return false;
-                }
+                isHolderOfKey = true;
+                break;
+            }
+        }
+        
+        if (isHolderOfKey) {
+            if (tlsCerts == null && (signedResults == null || signedResults.isEmpty())) {
+                return false;
+            }
+            SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
+            if (!compareCredentials(subjectKeyInfo, signedResults, tlsCerts)) {
+                return false;
             }
         }
         return true;
@@ -215,15 +221,22 @@ public final class DOMSAMLUtil  {
         if (tlsCerts != null && tlsCerts.length > 0) {
             return true;
         }
+        
         List<String> confirmationMethods = assertionWrapper.getConfirmationMethods();
+        boolean isSenderVouches = false;
         for (String confirmationMethod : confirmationMethods) {
             if (OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
-                if (signed == null || signed.isEmpty()) {
-                    return false;
-                }
-                if (!checkAssertionAndBodyAreSigned(assertionWrapper, body, signed)) {
-                    return false;
-                }
+                isSenderVouches = true;
+                break;
+            }
+        }
+        
+        if (isSenderVouches) {
+            if (signed == null || signed.isEmpty()) {
+                return false;
+            }
+            if (!checkAssertionAndBodyAreSigned(assertionWrapper, body, signed)) {
+                return false;
             }
         }
         return true;