cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject git commit: [CXF-5917] Restoring the original check against the EncryptedData element for greater flexibility as recommended by Colm
Date Thu, 31 Jul 2014 10:12:45 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 9fa56fc02 -> 8a9c41f9b


[CXF-5917] Restoring the original check against the EncryptedData element for greater flexibility
as recommended by Colm


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8a9c41f9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8a9c41f9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8a9c41f9

Branch: refs/heads/2.7.x-fixes
Commit: 8a9c41f9b55a63821068a23c0707ec091f48bb8a
Parents: 9fa56fc
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Thu Jul 31 13:12:23 2014 +0300
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Thu Jul 31 13:12:23 2014 +0300

----------------------------------------------------------------------
 .../saml/sso/SAMLProtocolResponseValidator.java       | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8a9c41f9/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index d679bac..e40eb3a 100644
--- a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++ b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -114,10 +114,7 @@ public class SAMLProtocolResponseValidator {
         // Decrypt any encrypted Assertions and add them to the Response (note that this
will break any
         // signature on the Response)
         for (org.opensaml.saml2.core.EncryptedAssertion assertion : samlResponse.getEncryptedAssertions())
{
-            EncryptedData encryptedData = assertion.getEncryptedData();
-            Element encryptedDataDOM = encryptedData.getDOM();
-            
-            Element decAssertion = decryptAssertion(encryptedDataDOM, sigCrypto, callbackHandler);
+            Element decAssertion = decryptAssertion(assertion, sigCrypto, callbackHandler);
             
             AssertionWrapper wrapper = new AssertionWrapper(decAssertion);
             samlResponse.getAssertions().add(wrapper.getSaml2());
@@ -368,9 +365,14 @@ public class SAMLProtocolResponseValidator {
     }
     
     private Element decryptAssertion(
-        Element encryptedDataDOM, Crypto sigCrypto, CallbackHandler callbackHandler
+        org.opensaml.saml2.core.EncryptedAssertion assertion, Crypto sigCrypto, CallbackHandler
callbackHandler
     ) throws WSSecurityException {
-        Element encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey",
0);
+        EncryptedData encryptedData = assertion.getEncryptedData();
+        Element encryptedDataDOM = encryptedData.getDOM();
+        Element encKeyElement = getNode(assertion.getDOM(), WSConstants.ENC_NS, "EncryptedKey",
0);
+        if (encKeyElement == null) {
+            encKeyElement = getNode(encryptedDataDOM, WSConstants.ENC_NS, "EncryptedKey",
0);
+        }
         if (encKeyElement == null) {
             LOG.log(Level.FINE, "EncryptedKey element is not available");
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");


Mime
View raw message