cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: Trying to fix the SAMLP response decryption issue
Date Thu, 31 Jul 2014 08:22:16 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 8c331929e -> 730cdf2e6


Trying to fix the SAMLP response decryption issue


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/730cdf2e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/730cdf2e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/730cdf2e

Branch: refs/heads/master
Commit: 730cdf2e639bbd3319b1f50c1c9e444d508b721e
Parents: 8c33192
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Jul 31 11:21:57 2014 +0300
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Jul 31 11:21:57 2014 +0300

----------------------------------------------------------------------
 .../security/saml/sso/SAMLProtocolResponseValidator.java | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/730cdf2e/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 08b906e..42e2aab 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -115,10 +115,9 @@ public class SAMLProtocolResponseValidator {
         // Decrypt any encrypted Assertions and add them to the Response (note that this
will break any
         // signature on the Response)
         for (org.opensaml.saml2.core.EncryptedAssertion assertion : samlResponse.getEncryptedAssertions())
{
-            EncryptedData encryptedData = assertion.getEncryptedData();
-            Element encryptedDataDOM = encryptedData.getDOM();
             
-            Element decAssertion = decryptAssertion(encryptedDataDOM, sigCrypto, callbackHandler);
+            Element decAssertion = 
+                decryptAssertion(assertion, sigCrypto, callbackHandler);
             
             SamlAssertionWrapper wrapper = new SamlAssertionWrapper(decAssertion);
             samlResponse.getAssertions().add(wrapper.getSaml2());
@@ -409,9 +408,9 @@ public class SAMLProtocolResponseValidator {
     }
     
     private Element decryptAssertion(
-        Element encryptedDataDOM, Crypto sigCrypto, CallbackHandler callbackHandler
+        org.opensaml.saml2.core.EncryptedAssertion assertion, Crypto sigCrypto, CallbackHandler
callbackHandler
     ) throws WSSecurityException {
-        Element encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey",
0);
+        Element encKeyElement = getNode(assertion.getDOM(), WSConstants.ENC_NS, "EncryptedKey",
0);
         if (encKeyElement == null) {
             LOG.log(Level.FINE, "EncryptedKey element is not available");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
@@ -459,6 +458,8 @@ public class SAMLProtocolResponseValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
+        EncryptedData encryptedData = assertion.getEncryptedData();
+        Element encryptedDataDOM = encryptedData.getDOM();
         String symKeyAlgo = getEncodingMethodAlgorithm(encryptedDataDOM);
         
         byte[] decryptedPayload = null;


Mime
View raw message