You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by "Fred Dushin (JIRA)" <ji...@apache.org> on 2008/06/09 17:59:45 UTC

[jira] Commented: (WSS-126) SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null

    [ https://issues.apache.org/jira/browse/WSS-126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603598#action_12603598 ] 

Fred Dushin commented on WSS-126:
---------------------------------

A few comments:

1. Can we get a test case for this?

2. Also, when we commit, we should always include the ticket ID in the commit message (WSS-126); this will result in an automatic update to Jira, and will list the changes in the "Subversion Commits" tab on the ticket page.

3. Change the "Fix For" field to 1.5.5.  (I'll do that now -- I just added a 1.5.5 version)

Thanks!
-Fred

> SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-126
>                 URL: https://issues.apache.org/jira/browse/WSS-126
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Dimuthu Leelarathne
>            Assignee: Dimuthu Leelarathne
>             Fix For: 1.5.5
>
>
> Conditions
> -Symmetric Key Singnature is used
> -The secret key is already decrypted by EncryptedKeyProcessor and it is stored inside org.apache.ws.security.WSDocInfo
> So user do not have to provide Signature Crypto object. So the Exception thrown at SignatureProcessor's 225th line should be be placed in a better place.
> The same thing applies for Custom Keys supplied through a password callback handler.
> The stack trace is:
> Caused by: org.apache.ws.security.WSSecurityException: General security error (WSSecurityEngine: No crypto protery file supplied to verify signature)
> 	at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:225)
> 	at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
> 	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
> 	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org