You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/07/09 13:07:38 UTC
svn commit: r1359060 -
/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Author: coheigea
Date: Mon Jul 9 11:07:38 2012
New Revision: 1359060
URL: http://svn.apache.org/viewvc?rev=1359060&view=rev
Log:
Merged revisions 1359043 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
........
r1359043 | coheigea | 2012-07-09 11:45:42 +0100 (Mon, 09 Jul 2012) | 10 lines
Merged revisions 1359033 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1359033 | coheigea | 2012-07-09 11:27:52 +0100 (Mon, 09 Jul 2012) | 2 lines
[CXF-4410] - sp:EncryptSignature policy validation should only check to see if the primary signature is encrypted
........
........
Conflicts:
services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509_symmetric/X509SymmetricBindingTest.java
services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/DoubleIt.wsdl
services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-client.xml
services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-service.xml
Modified:
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1359060&r1=1359059&r2=1359060&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Mon Jul 9 11:07:38 2012
@@ -313,13 +313,20 @@ public abstract class AbstractBindingPol
}
/**
- * Check whether all Signature (and SignatureConfirmation) elements were encrypted
+ * Check whether the primary Signature (and all SignatureConfirmation) elements were encrypted
*/
protected boolean isSignatureEncrypted(List<WSSecurityEngineResult> results) {
- for (WSSecurityEngineResult result : results) {
+ boolean foundPrimarySignature = false;
+ for (int i = results.size() - 1; i >= 0; i--) {
+ WSSecurityEngineResult result = results.get(i);
Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
- if (actInt.intValue() == WSConstants.SIGN
- || actInt.intValue() == WSConstants.SC) {
+ if (actInt.intValue() == WSConstants.SIGN && !foundPrimarySignature) {
+ foundPrimarySignature = true;
+ String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
+ if (sigId == null || !isIdEncrypted(sigId, results)) {
+ return false;
+ }
+ } else if (actInt.intValue() == WSConstants.SC) {
String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
if (sigId == null || !isIdEncrypted(sigId, results)) {
return false;