cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] git commit: Fixing signature validation
Date Wed, 26 Feb 2014 15:54:59 GMT
Fixing signature validation


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9f935ad9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9f935ad9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9f935ad9

Branch: refs/heads/master
Commit: 9f935ad983d883b0727b47af96761106c7a408ee
Parents: 3ccc90d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Feb 26 14:43:17 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Feb 26 15:54:20 2014 +0000

----------------------------------------------------------------------
 .../org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9f935ad9/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index fa23280..e9d0b8a 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -253,8 +253,8 @@ public class XmlSecInInterceptor implements PhaseInterceptor<Message>
{
     
     private void checkSignatureAlgorithms(AlgorithmSuiteSecurityEvent event) 
         throws XMLSecurityException {
-        if (XMLSecurityConstants.Asym_Sig.equals(event.getAlgorithmUsage())
-            || XMLSecurityConstants.Sym_Sig.equals(event.getAlgorithmUsage())
+        if ((XMLSecurityConstants.Asym_Sig.equals(event.getAlgorithmUsage())
+            || XMLSecurityConstants.Sym_Sig.equals(event.getAlgorithmUsage()))
             && sigProps.getSignatureAlgo() != null
             && !sigProps.getSignatureAlgo().equals(event.getAlgorithmURI())) {
             throw new XMLSecurityException("empty", "The signature algorithm "
@@ -270,6 +270,7 @@ public class XmlSecInInterceptor implements PhaseInterceptor<Message>
{
             throw new XMLSecurityException("empty", "The signature c14n algorithm "
                 + event.getAlgorithmURI() + " is not allowed");
         } else if (XMLSecurityConstants.SigTransform.equals(event.getAlgorithmUsage())
+            && !XMLSecurityConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE.equals(event.getAlgorithmURI())
             && sigProps.getSignatureC14nTransform() != null
             && !sigProps.getSignatureC14nTransform().equals(event.getAlgorithmURI()))
{
             throw new XMLSecurityException("empty", "The signature transformation algorithm
"


Mime
View raw message