You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ru...@apache.org on 2007/08/10 14:21:50 UTC
svn commit: r564573 - in
/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart:
PolicyBasedResultsValidator.java builder/AsymmetricBindingBuilder.java
builder/BindingBuilder.java
Author: ruchithf
Date: Fri Aug 10 05:21:49 2007
New Revision: 564573
URL: http://svn.apache.org/viewvc?view=rev&rev=564573
Log:
fixed an issue with incorrect policy usage at the receipient
Modified:
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
Modified: webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?view=diff&rev=564573&r1=564572&r2=564573
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java Fri Aug 10 05:21:49 2007
@@ -72,7 +72,7 @@
//sig/encr
Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
- if(rpd.isSignatureProtection() && isSignatureRequired(rpd)) {
+ if(rpd.isSignatureProtection() && isSignatureRequired(rmd)) {
encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
WSConstants.SIG_NS, "Element"));
}
@@ -409,10 +409,12 @@
}
- private boolean isSignatureRequired(RampartPolicyData rpd) {
+ private boolean isSignatureRequired(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
(!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
- rpd.getInitiatorToken() != null);
+ ((rpd.getInitiatorToken() != null && rmd.isInitiator())
+ || rpd.getRecipientToken() != null && !rmd.isInitiator()));
}
Modified: webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java?view=diff&rev=564573&r1=564572&r2=564573
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java Fri Aug 10 05:21:49 2007
@@ -121,7 +121,12 @@
/*
* We MUST use keys derived from the same token
*/
- Token encryptionToken = rpd.getRecipientToken();
+ Token encryptionToken = null;
+ if(rmd.isInitiator()) {
+ encryptionToken = rpd.getRecipientToken();
+ } else {
+ encryptionToken = rpd.getInitiatorToken();
+ }
Vector encrParts = RampartUtil.getEncryptedParts(rmd);
if(encryptionToken == null && encrParts.size() > 0) {
@@ -165,7 +170,7 @@
}
if(wss.isMustSupportRefKeyIdentifier()) {
encr.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- } if(wss.isMustSupportRefIssuerSerial()) {
+ } else if(wss.isMustSupportRefIssuerSerial()) {
encr.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
} else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
encr.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
@@ -241,7 +246,8 @@
addSignatureConfirmation(rmd, sigParts);
}
- if(rpd.getInitiatorToken() != null) {
+ if((rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
+ (!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
this.doSignature(rmd);
}
@@ -366,7 +372,8 @@
addSignatureConfirmation(rmd, sigParts);
}
- if(rpd.getInitiatorToken() != null) {
+ if((rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
+ (!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
// Do signature
this.doSignature(rmd);
}
@@ -450,7 +457,7 @@
}
if(wss.isMustSupportRefKeyIdentifier()) {
encr.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- } if(wss.isMustSupportRefIssuerSerial()) {
+ } else if(wss.isMustSupportRefIssuerSerial()) {
encr.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
} else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
encr.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
@@ -520,8 +527,11 @@
if(dotDebug){
t0 = System.currentTimeMillis();
}
-
- sigToken = rpd.getInitiatorToken();
+ if(rmd.isInitiator()) {
+ sigToken = rpd.getInitiatorToken();
+ } else {
+ sigToken = rpd.getRecipientToken();
+ }
if (sigToken.isDerivedKeys()) {
// Set up the encrypted key to use
Modified: webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=564573&r1=564572&r2=564573
==============================================================================
--- webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (original)
+++ webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java Fri Aug 10 05:21:49 2007
@@ -183,7 +183,7 @@
}
if(wss.isMustSupportRefKeyIdentifier()) {
encrKey.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- } if(wss.isMustSupportRefIssuerSerial()) {
+ } else if(wss.isMustSupportRefIssuerSerial()) {
encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
} else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
encrKey.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
@@ -221,7 +221,7 @@
}
if(wss.isMustSupportRefKeyIdentifier()) {
sig.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- } if(wss.isMustSupportRefIssuerSerial()) {
+ } else if(wss.isMustSupportRefIssuerSerial()) {
sig.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
} else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
sig.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);