You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2008/09/29 15:00:44 UTC

[jira] Commented: (WSS-126) SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null

    [ https://issues.apache.org/jira/browse/WSS-126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12635371#action_12635371 ] 

Colm O hEigeartaigh commented on WSS-126:
-----------------------------------------


Can this issue be marked as fixed and closed?

> SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-126
>                 URL: https://issues.apache.org/jira/browse/WSS-126
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Dimuthu Leelarathne
>            Assignee: Dimuthu Leelarathne
>             Fix For: 1.5.5
>
>
> Conditions
> -Symmetric Key Singnature is used
> -The secret key is already decrypted by EncryptedKeyProcessor and it is stored inside org.apache.ws.security.WSDocInfo
> So user do not have to provide Signature Crypto object. So the Exception thrown at SignatureProcessor's 225th line should be be placed in a better place.
> The same thing applies for Custom Keys supplied through a password callback handler.
> The stack trace is:
> Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto protery file supplied to verify signature)
> 	at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:225)
> 	at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
> 	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
> 	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org