cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Make Signature protection policy validation more robust
Date Mon, 24 Nov 2014 14:50:58 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 91be86d13 -> 679e18b05


Make Signature protection policy validation more robust


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/679e18b0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/679e18b0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/679e18b0

Branch: refs/heads/3.0.x-fixes
Commit: 679e18b054a452da44a14e5ba6472e73c855b7bc
Parents: 91be86d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Nov 24 14:36:41 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Nov 24 14:50:47 2014 +0000

----------------------------------------------------------------------
 .../AbstractBindingPolicyValidator.java         | 22 +++++++++-----------
 1 file changed, 10 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/679e18b0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
index 8387317..d6a4462 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
@@ -409,13 +409,15 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.SIGN && !foundPrimarySignature)
{
                 foundPrimarySignature = true;
-                String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
-                if (sigId == null || !isIdEncrypted(sigId, results)) {
+                Element sigElement = 
+                    (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+                if (sigElement == null || !isElementEncrypted(sigElement, results)) {
                     return false;
                 }
             } else if (actInt.intValue() == WSConstants.SC) {
-                String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
-                if (sigId == null || !isIdEncrypted(sigId, results)) {
+                Element sigElement = 
+                    (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+                if (sigElement == null || !isElementEncrypted(sigElement, results)) {
                     return false;
                 }
             }
@@ -424,9 +426,9 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal
     }
     
     /**
-     * Return true if the given id was encrypted
+     * Return true if the given Element was encrypted
      */
-    private boolean isIdEncrypted(String sigId, List<WSSecurityEngineResult> results)
{
+    private boolean isElementEncrypted(Element element, List<WSSecurityEngineResult>
results) {
         for (WSSecurityEngineResult wser : results) {
             Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.ENCR) {
@@ -435,12 +437,8 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal
                 if (el != null) {
                     for (WSDataRef r : el) {
                         Element protectedElement = r.getProtectedElement();
-                        if (protectedElement != null) {
-                            String id = protectedElement.getAttributeNS(null, "Id");
-                            String wsuId = protectedElement.getAttributeNS(WSConstants.WSU_NS,
"Id");
-                            if (sigId.equals(id) || sigId.equals(wsuId)) {
-                                return true;
-                            }
+                        if (element.equals(protectedElement)) {
+                            return true;
                         }
                     }
                 }


Mime
View raw message