You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ru...@apache.org on 2006/12/29 15:30:02 UTC
svn commit: r491020 - in /webservices/wss4j/trunk/src/org/apache/ws/security: processor/SignatureProcessor.java util/WSSecurityUtil.java

Author: ruchithf
Date: Fri Dec 29 06:30:01 2006
New Revision: 491020

URL: http://svn.apache.org/viewvc?view=rev&rev=491020
Log:
Fixed WSS-55

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
    webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=diff&rev=491020&r1=491019&r2=491020
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Fri Dec 29 06:30:01 2006
@@ -284,7 +284,6 @@
                      */
                 SignedInfo si = sig.getSignedInfo();
                 int numReferences = si.getLength();
-                Vector qvec = new Vector(numReferences);
                 for (int i = 0; i < numReferences; i++) {
                     Reference siRef;
                     try {
@@ -294,16 +293,24 @@
                                 WSSecurityException.FAILED_CHECK);
                     }
                     String uri = siRef.getURI();
-                    Element se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
-                    if (se == null) {
-                        se = WSSecurityUtil.getElementByGenId(elem
-                                .getOwnerDocument(), uri);
+                    if(uri != null && !"".equals(uri)) {
+                        Element se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
+                        if (se == null) {
+                            se = WSSecurityUtil.getElementByGenId(elem
+                                    .getOwnerDocument(), uri);
+                        }
+                        if (se == null) {
+                            throw new WSSecurityException(
+                                    WSSecurityException.FAILED_CHECK);
+                        }
+                        returnElements.add(WSSecurityUtil.getIDfromReference(uri));
+                    } else {
+                       //This is the case where the signed element is identified 
+                       //by a transform such as XPath filtering
+                       //We add the complete reference element to the return 
+                       //elements
+                       returnElements.add(siRef); 
                     }
-                    if (se == null) {
-                        throw new WSSecurityException(
-                                WSSecurityException.FAILED_CHECK);
-                    }
-                    returnElements.add(WSSecurityUtil.getIDfromReference(uri));                    
                 }
                 
                 if (certs != null) {

Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?view=diff&rev=491020&r1=491019&r2=491020
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Fri Dec 29 06:30:01 2006
@@ -860,6 +860,11 @@
      * Search through a WSS4J results vector for a single signature covering all
      * these elements.
      * 
+     * NOTE: it is important that the given elements are those that are 
+     * referenced using wsu:Id. When the signed element is referenced using a
+     * transformation such as XPath filtering the validation is carried out 
+     * in signature verification itself.
+     * 
      * @param results
      *            results (e.g., as stored as WSHandlerConstants.RECV_RESULTS on
      *            an Axis MessageContext)
@@ -948,20 +953,25 @@
         if (resultItem.getAction() != WSConstants.SIGN)
             throw new IllegalArgumentException("Not a SIGN result");
 
-        Set signedIDs = resultItem.getSignedElements();
-        if (signedIDs == null)
+        Set sigElems = resultItem.getSignedElements();
+        if (sigElems == null)
             throw new RuntimeException(
                     "Missing signedElements set in WSSecurityEngineResult!");
 
         log.debug("Found SIGN result...");
-        for (Iterator i = signedIDs.iterator(); i.hasNext();) {
-            String e = (String) i.next();
-            log.debug("Signature includes element with ID " + e);
+        for (Iterator i = sigElems.iterator(); i.hasNext();) {
+            Object sigElement = i.next();
+            if(sigElement instanceof String) {
+                log.debug("Signature includes element with ID " + sigElement);
+            } else {
+                log.debug("Signature includes element with null uri " + 
+                        sigElement.toString());
+            }
         }
 
         log.debug("Checking required elements are in the signature...");
         for (int i = 0; i < requiredIDs.length; i++) {
-            if (!signedIDs.contains(requiredIDs[i])) {
+            if (!sigElems.contains(requiredIDs[i])) {
                 throw new WSSecurityException(WSSecurityException.FAILED_CHECK,
                         "requiredElementNotSigned",
                         new Object[] { requiredIDs[i] });



---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org