You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by "todd wolff (JIRA)" <ji...@apache.org> on 2010/01/16 20:57:54 UTC

[jira] Created: (RAMPART-278) PolicyBasedResultsValidator throws exception when headers encrypted before signing.

PolicyBasedResultsValidator throws exception when headers encrypted before signing.
-----------------------------------------------------------------------------------

                 Key: RAMPART-278
                 URL: https://issues.apache.org/jira/browse/RAMPART-278
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
            Reporter: todd wolff
            Assignee: Ruchith Udayanga Fernando


PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that headers were signed.  If header was encrypted before signing, wsu:Id is id on EncryptedHeader element, which was detached from header by WSS4J and replaced with the decrypted header.  Consequently the check fails and validator incorrectly throws an exception.

Also RampartUtil excludes text nodes when converting envelope, i.e. a header block with a single child text node would be incorrectly converted to an empty header block.
See attached patch for painless fix to both problems.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (RAMPART-278) PolicyBasedResultsValidator throws exception when headers encrypted before signing.

Posted by "todd wolff (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/RAMPART-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

todd wolff updated RAMPART-278:
-------------------------------

    Attachment: SignedEncryptedHeaders.patch

> PolicyBasedResultsValidator throws exception when headers encrypted before signing.
> -----------------------------------------------------------------------------------
>
>                 Key: RAMPART-278
>                 URL: https://issues.apache.org/jira/browse/RAMPART-278
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>            Reporter: todd wolff
>            Assignee: Ruchith Udayanga Fernando
>         Attachments: SignedEncryptedHeaders.patch
>
>
> PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that headers were signed.  If header was encrypted before signing, wsu:Id is id on EncryptedHeader element, which was detached from header by WSS4J and replaced with the decrypted header.  Consequently the check fails and validator incorrectly throws an exception.
> Also RampartUtil excludes text nodes when converting envelope, i.e. a header block with a single child text node would be incorrectly converted to an empty header block.
> See attached patch for painless fix to both problems.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (RAMPART-278) PolicyBasedResultsValidator throws exception when headers encrypted before signing.

Posted by "todd wolff (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/RAMPART-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

todd wolff updated RAMPART-278:
-------------------------------

    Description: 
PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that headers were signed.  If header was encrypted before signing, wsu:Id is id on EncryptedHeader element, which was detached from header by WSS4J and replaced with the decrypted header.  Consequently the check fails and validator incorrectly throws an exception.

Also RampartUtil excludes child text nodes when converting soap header blocks, i.e. a header block with a single child text node would be incorrectly converted to an empty header block.  See attached patch for painless fix to both problems.

  was:
PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that headers were signed.  If header was encrypted before signing, wsu:Id is id on EncryptedHeader element, which was detached from header by WSS4J and replaced with the decrypted header.  Consequently the check fails and validator incorrectly throws an exception.

Also RampartUtil excludes text nodes when converting envelope, i.e. a header block with a single child text node would be incorrectly converted to an empty header block.
See attached patch for painless fix to both problems.


> PolicyBasedResultsValidator throws exception when headers encrypted before signing.
> -----------------------------------------------------------------------------------
>
>                 Key: RAMPART-278
>                 URL: https://issues.apache.org/jira/browse/RAMPART-278
>             Project: Rampart
>          Issue Type: Bug
>          Components: rampart-core
>            Reporter: todd wolff
>            Assignee: Ruchith Udayanga Fernando
>         Attachments: SignedEncryptedHeaders.patch
>
>
> PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that headers were signed.  If header was encrypted before signing, wsu:Id is id on EncryptedHeader element, which was detached from header by WSS4J and replaced with the decrypted header.  Consequently the check fails and validator incorrectly throws an exception.
> Also RampartUtil excludes child text nodes when converting soap header blocks, i.e. a header block with a single child text node would be incorrectly converted to an empty header block.  See attached patch for painless fix to both problems.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.