You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/07/09 13:07:38 UTC

svn commit: r1359060 - /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java

Author: coheigea
Date: Mon Jul  9 11:07:38 2012
New Revision: 1359060

URL: http://svn.apache.org/viewvc?rev=1359060&view=rev
Log:
Merged revisions 1359043 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes

........
  r1359043 | coheigea | 2012-07-09 11:45:42 +0100 (Mon, 09 Jul 2012) | 10 lines

  Merged revisions 1359033 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1359033 | coheigea | 2012-07-09 11:27:52 +0100 (Mon, 09 Jul 2012) | 2 lines

    [CXF-4410] - sp:EncryptSignature policy validation should only check to see if the primary signature is encrypted

  ........

........


Conflicts:

	services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509_symmetric/X509SymmetricBindingTest.java
	services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/DoubleIt.wsdl
	services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-client.xml
	services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-service.xml

Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1359060&r1=1359059&r2=1359060&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Mon Jul  9 11:07:38 2012
@@ -313,13 +313,20 @@ public abstract class AbstractBindingPol
     }
     
     /**
-     * Check whether all Signature (and SignatureConfirmation) elements were encrypted
+     * Check whether the primary Signature (and all SignatureConfirmation) elements were encrypted
      */
     protected boolean isSignatureEncrypted(List<WSSecurityEngineResult> results) {
-        for (WSSecurityEngineResult result : results) {
+        boolean foundPrimarySignature = false;
+        for (int i = results.size() - 1; i >= 0; i--) {
+            WSSecurityEngineResult result = results.get(i);
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
-            if (actInt.intValue() == WSConstants.SIGN
-                || actInt.intValue() == WSConstants.SC) {
+            if (actInt.intValue() == WSConstants.SIGN && !foundPrimarySignature) {
+                foundPrimarySignature = true;
+                String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
+                if (sigId == null || !isIdEncrypted(sigId, results)) {
+                    return false;
+                }
+            } else if (actInt.intValue() == WSConstants.SC) {
                 String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
                 if (sigId == null || !isIdEncrypted(sigId, results)) {
                     return false;