You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2014/07/31 12:03:06 UTC
git commit: [CXF-5917] Restoring the original check against the
EncryptedData element for greater flexibility as recommended by Colm
Repository: cxf
Updated Branches:
refs/heads/master 563ae6314 -> a64ded455
[CXF-5917] Restoring the original check against the EncryptedData element for greater flexibility as recommended by Colm
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a64ded45
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a64ded45
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a64ded45
Branch: refs/heads/master
Commit: a64ded455c40169665e438ae7a25f17bd4f8047a
Parents: 563ae63
Author: Sergey Beryozkin <sb...@talend.com>
Authored: Thu Jul 31 13:02:45 2014 +0300
Committer: Sergey Beryozkin <sb...@talend.com>
Committed: Thu Jul 31 13:02:45 2014 +0300
----------------------------------------------------------------------
.../security/saml/sso/SAMLProtocolResponseValidator.java | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/a64ded45/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 42e2aab..ef21cda 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -116,8 +116,7 @@ public class SAMLProtocolResponseValidator {
// signature on the Response)
for (org.opensaml.saml2.core.EncryptedAssertion assertion : samlResponse.getEncryptedAssertions()) {
- Element decAssertion =
- decryptAssertion(assertion, sigCrypto, callbackHandler);
+ Element decAssertion = decryptAssertion(assertion, sigCrypto, callbackHandler);
SamlAssertionWrapper wrapper = new SamlAssertionWrapper(decAssertion);
samlResponse.getAssertions().add(wrapper.getSaml2());
@@ -410,8 +409,14 @@ public class SAMLProtocolResponseValidator {
private Element decryptAssertion(
org.opensaml.saml2.core.EncryptedAssertion assertion, Crypto sigCrypto, CallbackHandler callbackHandler
) throws WSSecurityException {
+ EncryptedData encryptedData = assertion.getEncryptedData();
+ Element encryptedDataDOM = encryptedData.getDOM();
+
Element encKeyElement = getNode(assertion.getDOM(), WSConstants.ENC_NS, "EncryptedKey", 0);
if (encKeyElement == null) {
+ encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey", 0);
+ }
+ if (encKeyElement == null) {
LOG.log(Level.FINE, "EncryptedKey element is not available");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
@@ -458,8 +463,6 @@ public class SAMLProtocolResponseValidator {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
- EncryptedData encryptedData = assertion.getEncryptedData();
- Element encryptedDataDOM = encryptedData.getDOM();
String symKeyAlgo = getEncodingMethodAlgorithm(encryptedDataDOM);
byte[] decryptedPayload = null;