cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Allow tokens that are encrypted before being signed
Date Tue, 25 Feb 2014 11:07:48 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 98347e4ee -> 2d9257621


Allow tokens that are encrypted before being signed


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2d925762
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2d925762
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2d925762

Branch: refs/heads/master
Commit: 2d92576212e60146e57c1050fa9a63342fe05bee
Parents: 98347e4
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Feb 25 10:59:22 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Feb 25 11:00:40 2014 +0000

----------------------------------------------------------------------
 .../AbstractSupportingTokenPolicyValidator.java | 30 ++++++++++++++++++--
 1 file changed, 27 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/2d925762/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index 0fe5766..93cb1f6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -794,7 +794,8 @@ public abstract class AbstractSupportingTokenPolicyValidator
             List<WSDataRef> dataRefs = 
                 CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
             for (WSDataRef dataRef : dataRefs) {
-                if (token == dataRef.getProtectedElement()) {
+                if (token == dataRef.getProtectedElement()
+                    || isEncryptedTokenSigned(token, dataRef)) {
                     return true;
                 }
             }
@@ -802,13 +803,36 @@ public abstract class AbstractSupportingTokenPolicyValidator
         return false;
     }
     
+    private boolean isEncryptedTokenSigned(Element token, WSDataRef signedRef) {
+        if (signedRef.getProtectedElement() != null
+            && "EncryptedData".equals(signedRef.getProtectedElement().getLocalName())
+            && WSConstants.ENC_NS.equals(signedRef.getProtectedElement().getNamespaceURI()))
{
+            String encryptedDataId = 
+                signedRef.getProtectedElement().getAttributeNS(null, "Id");
+            for (WSSecurityEngineResult result : encryptedResults) {
+                List<WSDataRef> encryptedDataRefs = 
+                    CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+                if (encryptedDataRefs != null) {
+                    for (WSDataRef encryptedDataRef : encryptedDataRefs) {
+                        if (token == encryptedDataRef.getProtectedElement()
+                            && (encryptedDataRef.getWsuId() != null 
+                                && encryptedDataRef.getWsuId().equals(encryptedDataId)))
{
+                            return true;
+                        }
+                    }
+                }
+            }
+        }
+        return false;
+    }
+    
     /**
      * Return true if a token was encrypted, false otherwise.
      */
     private boolean isTokenEncrypted(Element token) {
-        for (WSSecurityEngineResult signedResult : encryptedResults) {
+        for (WSSecurityEngineResult result : encryptedResults) {
             List<WSDataRef> dataRefs = 
-                CastUtils.cast((List<?>)signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+                CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
             if (dataRefs == null) {
                 return false;
             }


Mime
View raw message