cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1183278 - /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Date Fri, 14 Oct 2011 10:27:00 GMT
Author: coheigea
Date: Fri Oct 14 10:27:00 2011
New Revision: 1183278

URL: http://svn.apache.org/viewvc?rev=1183278&view=rev
Log:
Added commend out code to check transform algorithms

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java?rev=1183278&r1=1183277&r2=1183278&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Fri Oct 14 10:27:00 2011
@@ -33,6 +33,7 @@ import org.apache.ws.security.WSConstant
 import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
 import org.apache.ws.security.WSSecurityEngineResult;
+//import org.apache.ws.security.transform.STRTransform;
 
 /**
  * Validate a WSSecurityEngineResult corresponding to the processing of a Signature, EncryptedKey
or
@@ -92,6 +93,25 @@ public class AlgorithmSuitePolicyValidat
 
         List<WSDataRef> dataRefs = 
             CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+        if (!checkDataRefs(dataRefs, algorithmPolicy, ai)) {
+            return false;
+        }
+        
+        if (!checkKeyLengths(result, algorithmPolicy, ai, true)) {
+            return false;
+        }
+        
+        return true;
+    }
+    
+    /**
+     * Check the individual signature references
+     */
+    private boolean checkDataRefs(
+        List<WSDataRef> dataRefs,
+        AlgorithmSuite algorithmPolicy,
+        AssertionInfo ai
+    ) {
         for (WSDataRef dataRef : dataRefs) {
             String digestMethod = dataRef.getDigestAlgorithm();
             if (!algorithmPolicy.getDigest().equals(digestMethod)) {
@@ -100,12 +120,23 @@ public class AlgorithmSuitePolicyValidat
                 );
                 return false;
             }
+            /*
+             * TODO Re-enable once we upgrade to WSS4J 1.6.4
+            List<String> transformAlgorithms = dataRef.getTransformAlgorithms();
+            // Only a max of 2 transforms per reference is allowed
+            if (transformAlgorithms == null || transformAlgorithms.size() > 2) {
+                ai.setNotAsserted("The transform algorithms do not match the requirement");
+                return false;
+            }
+            for (String transformAlgorithm : transformAlgorithms) {
+                if (!(algorithmPolicy.getInclusiveC14n().equals(transformAlgorithm)
+                    || STRTransform.TRANSFORM_URI.equals(transformAlgorithm))) {
+                    ai.setNotAsserted("The transform algorithms do not match the requirement");
+                    return false;
+                }
+            }
+            */
         }
-        
-        if (!checkKeyLengths(result, algorithmPolicy, ai, true)) {
-            return false;
-        }
-        
         return true;
     }
     



Mime
View raw message