cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5917] Restoring the original check against the EncryptedData element for greater flexibility as recommended by Colm
Date Thu, 31 Jul 2014 10:08:42 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 47b80b935 -> aa5b16c03


[CXF-5917] Restoring the original check against the EncryptedData element for greater flexibility
as recommended by Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/aa5b16c0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/aa5b16c0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/aa5b16c0

Branch: refs/heads/3.0.x-fixes
Commit: aa5b16c03d9da320facb14790c2f60879d3d9cb6
Parents: 47b80b9
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Jul 31 13:08:23 2014 +0300
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Jul 31 13:08:23 2014 +0300

----------------------------------------------------------------------
 .../security/saml/sso/SAMLProtocolResponseValidator.java  | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/aa5b16c0/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index 42e2aab..37c90c9 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -116,8 +116,7 @@ public class SAMLProtocolResponseValidator {
         // signature on the Response)
         for (org.opensaml.saml2.core.EncryptedAssertion assertion : samlResponse.getEncryptedAssertions())
{
             
-            Element decAssertion = 
-                decryptAssertion(assertion, sigCrypto, callbackHandler);
+            Element decAssertion = decryptAssertion(assertion, sigCrypto, callbackHandler);
             
             SamlAssertionWrapper wrapper = new SamlAssertionWrapper(decAssertion);
             samlResponse.getAssertions().add(wrapper.getSaml2());
@@ -410,8 +409,13 @@ public class SAMLProtocolResponseValidator {
     private Element decryptAssertion(
         org.opensaml.saml2.core.EncryptedAssertion assertion, Crypto sigCrypto, CallbackHandler
callbackHandler
     ) throws WSSecurityException {
+        EncryptedData encryptedData = assertion.getEncryptedData();
+        Element encryptedDataDOM = encryptedData.getDOM();
         Element encKeyElement = getNode(assertion.getDOM(), WSConstants.ENC_NS, "EncryptedKey",
0);
         if (encKeyElement == null) {
+            encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey",
0);
+        }
+        if (encKeyElement == null) {
             LOG.log(Level.FINE, "EncryptedKey element is not available");
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
@@ -458,8 +462,6 @@ public class SAMLProtocolResponseValidator {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         }
         
-        EncryptedData encryptedData = assertion.getEncryptedData();
-        Element encryptedDataDOM = encryptedData.getDOM();
         String symKeyAlgo = getEncodingMethodAlgorithm(encryptedDataDOM);
         
         byte[] decryptedPayload = null;


Mime
View raw message