You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by ru...@apache.org on 2006/12/29 15:30:02 UTC
svn commit: r491020 - in /webservices/wss4j/trunk/src/org/apache/ws/security:
processor/SignatureProcessor.java util/WSSecurityUtil.java
Author: ruchithf
Date: Fri Dec 29 06:30:01 2006
New Revision: 491020
URL: http://svn.apache.org/viewvc?view=rev&rev=491020
Log:
Fixed WSS-55
Modified:
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?view=diff&rev=491020&r1=491019&r2=491020
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java Fri Dec 29 06:30:01 2006
@@ -284,7 +284,6 @@
*/
SignedInfo si = sig.getSignedInfo();
int numReferences = si.getLength();
- Vector qvec = new Vector(numReferences);
for (int i = 0; i < numReferences; i++) {
Reference siRef;
try {
@@ -294,16 +293,24 @@
WSSecurityException.FAILED_CHECK);
}
String uri = siRef.getURI();
- Element se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
- if (se == null) {
- se = WSSecurityUtil.getElementByGenId(elem
- .getOwnerDocument(), uri);
+ if(uri != null && !"".equals(uri)) {
+ Element se = WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
+ if (se == null) {
+ se = WSSecurityUtil.getElementByGenId(elem
+ .getOwnerDocument(), uri);
+ }
+ if (se == null) {
+ throw new WSSecurityException(
+ WSSecurityException.FAILED_CHECK);
+ }
+ returnElements.add(WSSecurityUtil.getIDfromReference(uri));
+ } else {
+ //This is the case where the signed element is identified
+ //by a transform such as XPath filtering
+ //We add the complete reference element to the return
+ //elements
+ returnElements.add(siRef);
}
- if (se == null) {
- throw new WSSecurityException(
- WSSecurityException.FAILED_CHECK);
- }
- returnElements.add(WSSecurityUtil.getIDfromReference(uri));
}
if (certs != null) {
Modified: webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java?view=diff&rev=491020&r1=491019&r2=491020
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java (original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/util/WSSecurityUtil.java Fri Dec 29 06:30:01 2006
@@ -860,6 +860,11 @@
* Search through a WSS4J results vector for a single signature covering all
* these elements.
*
+ * NOTE: it is important that the given elements are those that are
+ * referenced using wsu:Id. When the signed element is referenced using a
+ * transformation such as XPath filtering the validation is carried out
+ * in signature verification itself.
+ *
* @param results
* results (e.g., as stored as WSHandlerConstants.RECV_RESULTS on
* an Axis MessageContext)
@@ -948,20 +953,25 @@
if (resultItem.getAction() != WSConstants.SIGN)
throw new IllegalArgumentException("Not a SIGN result");
- Set signedIDs = resultItem.getSignedElements();
- if (signedIDs == null)
+ Set sigElems = resultItem.getSignedElements();
+ if (sigElems == null)
throw new RuntimeException(
"Missing signedElements set in WSSecurityEngineResult!");
log.debug("Found SIGN result...");
- for (Iterator i = signedIDs.iterator(); i.hasNext();) {
- String e = (String) i.next();
- log.debug("Signature includes element with ID " + e);
+ for (Iterator i = sigElems.iterator(); i.hasNext();) {
+ Object sigElement = i.next();
+ if(sigElement instanceof String) {
+ log.debug("Signature includes element with ID " + sigElement);
+ } else {
+ log.debug("Signature includes element with null uri " +
+ sigElement.toString());
+ }
}
log.debug("Checking required elements are in the signature...");
for (int i = 0; i < requiredIDs.length; i++) {
- if (!signedIDs.contains(requiredIDs[i])) {
+ if (!sigElems.contains(requiredIDs[i])) {
throw new WSSecurityException(WSSecurityException.FAILED_CHECK,
"requiredElementNotSigned",
new Object[] { requiredIDs[i] });
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org