You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/29 15:06:55 UTC

svn commit: r1780803 - in /axis/axis2/java/rampart/branches/RAMPART-252: ./ modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java

Author: veithen
Date: Sun Jan 29 15:06:54 2017
New Revision: 1780803

URL: http://svn.apache.org/viewvc?rev=1780803&view=rev
Log:
Merge r1052172 from trunk.

Modified:
    axis/axis2/java/rampart/branches/RAMPART-252/   (props changed)
    axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
    axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java

Propchange: axis/axis2/java/rampart/branches/RAMPART-252/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sun Jan 29 15:06:54 2017
@@ -1 +1 @@
-/axis/axis2/java/rampart/trunk:987929-1052171
+/axis/axis2/java/rampart/trunk:987929-1052172

Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1780803&r1=1780802&r2=1780803&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java Sun Jan 29 15:06:54 2017
@@ -31,6 +31,7 @@ import org.apache.ws.security.message.to
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 import org.jaxen.XPath;
 import org.jaxen.JaxenException;
 
@@ -561,6 +562,7 @@ public class PolicyBasedResultsValidator
             AlgorithmSuite suite = rpd.getAlgorithmSuite();          
             
             for (int j = 0; j < actionResults.length; j++) {
+                
                 WSSecurityEngineResult actionResult = actionResults[j];
 
                 // Validate signature algorithms
@@ -585,15 +587,32 @@ public class PolicyBasedResultsValidator
                             suite.getInclusiveC14n(), canonMethod });
                 }
 
-                Set signedIDs = (Set) actionResult
-                        .get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
-                for (Iterator i = signedIDs.iterator(); i.hasNext();) {
-                    String e = (String) i.next();
-
-                    Element element = WSSecurityUtil.findElementById(envelope, e,
-                            WSConstants.WSU_NS);
-                    actuallySigned.add(element);
+                List wsDataRefs = (List)actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+                
+                // if header was encrypted before it was signed, protected
+                // element is 'EncryptedHeader.' the actual element is
+                // first child element
+
+                for (Iterator k = wsDataRefs.iterator(); k.hasNext();) {
+                    WSDataRef wsDataRef = (WSDataRef)k.next();
+                    Element protectedElement = wsDataRef.getProtectedElement();
+                    if (protectedElement.getLocalName().equals("EncryptedHeader")) {
+                        NodeList nodeList = protectedElement.getChildNodes();
+                        for (int x = 0; x < nodeList.getLength(); x++) {
+                            if (nodeList.item(x).getNodeType() == Node.ELEMENT_NODE) {
+                                String ns = ((Element)nodeList.item(x)).getNamespaceURI();
+                                String ln = ((Element)nodeList.item(x)).getLocalName();
+                                actuallySigned.add(new QName(ns,ln));
+                                break;
+                            }
+                        } 
+                    } else {
+                        String ns = protectedElement.getNamespaceURI();
+                        String ln = protectedElement.getLocalName();
+                        actuallySigned.add(new QName(ns,ln));
+                    }
                 }
+                
             }
         }
         
@@ -602,15 +621,15 @@ public class PolicyBasedResultsValidator
             
             if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
                 
-                Element body;
+                QName bodyQName;
                 
                 if (WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
-                    body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP11Constants());
+                    bodyQName = new SOAP11Constants().getBodyQName();
                 } else {
-                    body = WSSecurityUtil.findBodyElement(rmd.getDocument(), new SOAP12Constants());
+                    bodyQName = new SOAP12Constants().getBodyQName();
                 }
                 
-                if (!actuallySigned.contains(body) && !rmd.getPolicyData().isSignBodyOptional()) {
+                if (!actuallySigned.contains(bodyQName) && !rmd.getPolicyData().isSignBodyOptional()) {
                     // soap body is not signed
                     throw new RampartException("bodyNotSigned");
                 }
@@ -620,6 +639,7 @@ public class PolicyBasedResultsValidator
                
                 Element element = (Element) WSSecurityUtil.findElement(
                         envelope, wsep.getName(), wsep.getNamespace() );
+                
                 if( element == null ) {
                     // The signedpart header or element we are checking is not present in 
                     // soap envelope - this is allowed
@@ -627,7 +647,7 @@ public class PolicyBasedResultsValidator
                 }
                 
                 // header or the element present in soap envelope - verify that it is part of signature
-                if( actuallySigned.contains( element) ) {
+                if( actuallySigned.contains( new QName(element.getNamespaceURI(), element.getLocalName())) ) {
                     continue;
                 }
                 

Modified: axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java?rev=1780803&r1=1780802&r2=1780803&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-252/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java Sun Jan 29 15:06:54 2017
@@ -205,7 +205,9 @@ public class Axis2Util {
                     			OMNamespace ns =  (OMNamespace) nsIter.next();
                     			header.declareNamespace(ns);
                     		}
-                    		Iterator children = element.getChildElements();
+                    		// retrieve all child nodes (including any text nodes)
+                    		// and re-attach to header block
+                    		Iterator children = element.getChildren();
                     		while (children.hasNext()) {
                     			OMNode child = (OMNode)children.next();
                     			child.detach();