You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/02/26 16:54:59 UTC

[2/2] git commit: Fixing signature validation

Fixing signature validation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f935ad9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f935ad9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f935ad9

Branch: refs/heads/master
Commit: 9f935ad983d883b0727b47af96761106c7a408ee
Parents: 3ccc90d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 26 14:43:17 2014 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 26 15:54:20 2014 +0000

----------------------------------------------------------------------
 .../org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9f935ad9/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index fa23280..e9d0b8a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -253,8 +253,8 @@ public class XmlSecInInterceptor implements PhaseInterceptor<Message> {
     
     private void checkSignatureAlgorithms(AlgorithmSuiteSecurityEvent event) 
         throws XMLSecurityException {
-        if (XMLSecurityConstants.Asym_Sig.equals(event.getAlgorithmUsage())
-            || XMLSecurityConstants.Sym_Sig.equals(event.getAlgorithmUsage())
+        if ((XMLSecurityConstants.Asym_Sig.equals(event.getAlgorithmUsage())
+            || XMLSecurityConstants.Sym_Sig.equals(event.getAlgorithmUsage()))
             && sigProps.getSignatureAlgo() != null
             && !sigProps.getSignatureAlgo().equals(event.getAlgorithmURI())) {
             throw new XMLSecurityException("empty", "The signature algorithm "
@@ -270,6 +270,7 @@ public class XmlSecInInterceptor implements PhaseInterceptor<Message> {
             throw new XMLSecurityException("empty", "The signature c14n algorithm "
                 + event.getAlgorithmURI() + " is not allowed");
         } else if (XMLSecurityConstants.SigTransform.equals(event.getAlgorithmUsage())
+            && !XMLSecurityConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE.equals(event.getAlgorithmURI())
             && sigProps.getSignatureC14nTransform() != null
             && !sigProps.getSignatureC14nTransform().equals(event.getAlgorithmURI())) {
             throw new XMLSecurityException("empty", "The signature transformation algorithm "