Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D7F1718691 for ; Tue, 7 Jul 2015 17:18:38 +0000 (UTC) Received: (qmail 10721 invoked by uid 500); 7 Jul 2015 17:18:38 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 10586 invoked by uid 500); 7 Jul 2015 17:18:38 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 10567 invoked by uid 99); 7 Jul 2015 17:18:38 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Jul 2015 17:18:38 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 43B00E3AA1; Tue, 7 Jul 2015 17:18:38 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Tue, 07 Jul 2015 17:18:41 -0000 Message-Id: <60c313056aff43e3b88a86ab90d04fc2@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [4/4] cxf git commit: Fixing backmerge Fixing backmerge Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2c2a1971 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2c2a1971 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2c2a1971 Branch: refs/heads/3.0.x-fixes Commit: 2c2a1971e781b874ddcb1b73ccccea627b919fa3 Parents: 3ed5a43 Author: Colm O hEigeartaigh Authored: Tue Jul 7 18:18:27 2015 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 7 18:18:27 2015 +0100 ---------------------------------------------------------------------- .../ws/security/wss4j/CryptoCoverageUtil.java | 76 -------------------- 1 file changed, 76 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2c2a1971/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java index d490a4c..412f7f8 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java @@ -22,7 +22,6 @@ package org.apache.cxf.ws.security.wss4j; import java.util.Arrays; import java.util.Collection; -import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Map; @@ -64,39 +63,12 @@ public final class CryptoCoverageUtil { * * @param signedRefs references to the signed content in the message * @param encryptedRefs references to the encrypted content in the message - * - * TODO Replace the isSignedEncryptionRef when we pick up WSS4J 2.0.5, and directly - * check the encrypted Element instead of the WSDataRef (as per master code) */ public static void reconcileEncryptedSignedRefs(final Collection signedRefs, final Collection encryptedRefs) { final List encryptedSignedRefs = new LinkedList(); -<<<<<<< HEAD - for (WSDataRef encryptedRef : encryptedRefs) { - final Iterator signedRefsIt = signedRefs.iterator(); - while (signedRefsIt.hasNext()) { - final WSDataRef signedRef = signedRefsIt.next(); - - if (isSignedEncryptionRef(encryptedRef, signedRef)) { - - final WSDataRef encryptedSignedRef = new WSDataRef(); - encryptedSignedRef.setWsuId(signedRef.getWsuId()); - - encryptedSignedRef.setContent(false); - encryptedSignedRef.setName(encryptedRef.getName()); - encryptedSignedRef.setProtectedElement(encryptedRef - .getProtectedElement()); - // This value is the ID of the encrypted element, not - // the value of the ID in the decrypted content - // (WSS4J 1.5.8). Therefore, passing it along does - // not provide much value. - //encryptedSignedRef.setWsuId(encryptedRef.getWsuId()); - encryptedSignedRef.setXpath(encryptedRef.getXpath()); - - encryptedSignedRefs.add(encryptedSignedRef); -======= for (WSDataRef signedRef : signedRefs) { Element protectedElement = signedRef.getProtectedElement(); if (protectedElement != null @@ -122,7 +94,6 @@ public final class CryptoCoverageUtil { encryptedSignedRefs.add(encryptedSignedRef); break; } ->>>>>>> 4ddc8d5... An efficiency improvement when reconciling encrypted and signed refs } } } @@ -381,53 +352,6 @@ public final class CryptoCoverageUtil { } } - /** - * Determines if {@code signedRef} points to the encrypted content represented by - * {@code encryptedRef} using the following algorithm. - * - *
    - *
  1. Check that the signed content is an XML Encryption element.
    2. - *
  2. Check that the reference Ids of the signed content and encrypted content - * (not the decrypted version of the encrypted content) match. Check that the - * reference Id of the signed content matches the reference Id of the encrypted - * content prepended with a #. - *
  3. Check for other Id attributes on the signed element that may match the - * referenced identifier for the encrypted content. This is a workaround for - * WSS-242.
    4. - *
- * - * @param encryptedRef the ref representing the encrpted content - * @param signedRef the ref representing the signed content - */ - private static boolean isSignedEncryptionRef(WSDataRef encryptedRef, WSDataRef signedRef) { - - // Don't even bother if the signed element wasn't an XML Enc element. - if (!WSConstants.ENC_NS.equals(signedRef.getProtectedElement() - .getNamespaceURI())) { - return false; - } - - if (signedRef.getWsuId().equals(encryptedRef.getWsuId()) - || signedRef.getWsuId().equals("#" + encryptedRef.getWsuId())) { - return true; - } - - // There should be no other Ids on an EncryptedData or EncryptedKey element; - // however, WSS4J will happily add them on the outbound side. See WSS-242. - // The following code looks for the specific behavior that exists in - // 1.5.8 and earlier version. - - String wsuId = signedRef.getProtectedElement().getAttributeNS( - WSConstants.WSU_NS, "Id"); - - if (signedRef.getWsuId().equals(wsuId) - || signedRef.getWsuId().equals("#" + wsuId)) { - return true; - } - - return false; - } - private static boolean matchElement(Collection refs, CoverageType type, CoverageScope scope, Element el) { final boolean content;