From commits-return-17546-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org Fri Jan 13 11:02:27 2012 Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5772297C8 for ; Fri, 13 Jan 2012 11:02:27 +0000 (UTC) Received: (qmail 30133 invoked by uid 500); 13 Jan 2012 11:02:26 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 29938 invoked by uid 500); 13 Jan 2012 11:02:22 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 29911 invoked by uid 99); 13 Jan 2012 11:02:22 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jan 2012 11:02:22 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jan 2012 11:02:19 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id C7A832388A32 for ; Fri, 13 Jan 2012 11:01:57 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1230990 - /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java Date: Fri, 13 Jan 2012 11:01:57 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120113110157.C7A832388A32@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Fri Jan 13 11:01:57 2012 New Revision: 1230990 URL: http://svn.apache.org/viewvc?rev=1230990&view=rev Log: Removing unnecessary signature validation check using Id/XPath - Since WSS4J moved to use JSR-105 APIs for signature validation all signed Elements are available for direct comparison Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=1230990&r1=1230989&r2=1230990&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java Fri Jan 13 11:01:57 2012 @@ -27,7 +27,6 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; -import javax.xml.namespace.QName; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathConstants; import javax.xml.xpath.XPathExpressionException; @@ -43,7 +42,6 @@ import org.apache.cxf.ws.policy.PolicyCo import org.apache.ws.security.WSConstants; import org.apache.ws.security.WSDataRef; import org.apache.ws.security.WSSecurityException; -import org.apache.ws.security.processor.ReferenceListProcessor; /** @@ -128,8 +126,7 @@ public final class CryptoCoverageUtil { CoverageType type, CoverageScope scope ) throws WSSecurityException { - String xpath = ReferenceListProcessor.getXPath(soapBody); - if (!CryptoCoverageUtil.matchElement(refs, type, scope, soapBody, xpath)) { + if (!CryptoCoverageUtil.matchElement(refs, type, scope, soapBody)) { throw new WSSecurityException("The " + getCoverageTypeString(type) + " does not cover the required elements (soap:Body)."); } @@ -176,8 +173,7 @@ public final class CryptoCoverageUtil { } for (Element el : elements) { - String xpath = ReferenceListProcessor.getXPath(el); - if (!CryptoCoverageUtil.matchElement(refs, type, scope, el, xpath)) { + if (!CryptoCoverageUtil.matchElement(refs, type, scope, el)) { throw new WSSecurityException("The " + getCoverageTypeString(type) + " does not cover the required elements ({" + namespace + "}" + name + ")."); @@ -282,8 +278,7 @@ public final class CryptoCoverageUtil { final Element el = (Element)list.item(x); - boolean instanceMatched = CryptoCoverageUtil. - matchElement(refs, type, scope, el, xpathString); + boolean instanceMatched = CryptoCoverageUtil.matchElement(refs, type, scope, el); // We looked through all of the refs, but the element was // not signed. @@ -345,7 +340,7 @@ public final class CryptoCoverageUtil { } private static boolean matchElement(Collection refs, - CoverageType type, CoverageScope scope, Element el, String elXPath) { + CoverageType type, CoverageScope scope, Element el) { final boolean content; switch (scope) { @@ -372,25 +367,12 @@ public final class CryptoCoverageUtil { } for (WSDataRef r : refs) { - // If the element is the same object instance // as that in the ref, we found it and can // stop looking at this element. if (r.getProtectedElement() == el && r.isContent() == content) { return true; } - - // Only if checking signature coverage do we attempt to - // do matches based on ID and element names (and XPath expressions) and not object - // equality. - if (CoverageType.SIGNED.equals(type)) { - QName elQName = new QName(el.getNamespaceURI(), el.getLocalName()); - if (r.getName().equals(elQName) - && r.getWsuId() != null && (r.getWsuId().equals(id) - && r.getXpath() != null && r.getXpath().equals(elXPath))) { - return true; - } - } } return false; }