cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [13/36] cxf git commit: [CXF-6884] - Don't include Signature/EncryptedKey Elements if there are no references to be signed/encrypted
Date Sun, 01 May 2016 19:36:29 GMT
[CXF-6884] - Don't include Signature/EncryptedKey Elements if there are no references to be
signed/encrypted


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/811f40df
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/811f40df
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/811f40df

Branch: refs/heads/master-jaxrs-2.1
Commit: 811f40df5523aee9eb938c2999aeac8d2fe7bf8d
Parents: 4bce078
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 26 17:32:35 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 26 17:32:35 2016 +0100

----------------------------------------------------------------------
 .../AsymmetricBindingHandler.java               | 69 +++++++++++---------
 .../policyhandlers/SymmetricBindingHandler.java | 54 ++++++++-------
 2 files changed, 67 insertions(+), 56 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/811f40df/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 963b4db..ef2503a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -511,10 +511,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder
{
                                 this.insertBeforeBottomUp(attachment);
                             }
                         }
-                        this.addEncryptedKeyElement(encryptedKeyElement);
+                        if (refList != null || (attachments != null && !attachments.isEmpty()))
{
+                            this.addEncryptedKeyElement(encryptedKeyElement);
+                        }
                     } else {
                         Element refList = encr.encryptForRef(null, encrParts);
-                        this.addEncryptedKeyElement(encryptedKeyElement);
+                        if (refList != null || (attachments != null && !attachments.isEmpty()))
{
+                            this.addEncryptedKeyElement(encryptedKeyElement);
+                        }
                         
                         // Add internal refs
                         if (refList != null) {
@@ -679,20 +683,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder
{
                 dkSign.getParts().addAll(sigParts);
 
                 List<Reference> referenceList = dkSign.addReferencesToSign(sigParts,
secHeader);
-
-                // Add elements to header
-                addDerivedKeyElement(dkSign.getdktElement());
-                
-                //Do signature
-                if (bottomUpElement == null) {
-                    dkSign.computeSignature(referenceList, false, null);
-                } else {
-                    dkSign.computeSignature(referenceList, true, bottomUpElement);
+                if (!referenceList.isEmpty()) {
+                    // Add elements to header
+                    addDerivedKeyElement(dkSign.getdktElement());
+                    
+                    //Do signature
+                    if (bottomUpElement == null) {
+                        dkSign.computeSignature(referenceList, false, null);
+                    } else {
+                        dkSign.computeSignature(referenceList, true, bottomUpElement);
+                    }
+                    bottomUpElement = dkSign.getSignatureElement();
+                    addSig(dkSign.getSignatureValue());
+                    
+                    mainSigId = dkSign.getSignatureId();
                 }
-                bottomUpElement = dkSign.getSignatureElement();
-                addSig(dkSign.getSignatureValue());
-                
-                mainSigId = dkSign.getSignatureId();
             } catch (Exception ex) {
                 LOG.log(Level.FINE, ex.getMessage(), ex);
                 throw new Fault(ex);
@@ -714,24 +719,26 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder
{
             }
 
             List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader);
-            //Do signature
-            if (bottomUpElement == null) {
-                sig.computeSignature(referenceList, false, null);
-            } else {
-                sig.computeSignature(referenceList, true, bottomUpElement);
-            }
-            bottomUpElement = sig.getSignatureElement();
-            
-            if (!abinding.isProtectTokens()) {
-                Element bstElement = sig.getBinarySecurityTokenElement();
-                if (bstElement != null) {
-                    secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement);
+            if (!referenceList.isEmpty()) {
+                //Do signature
+                if (bottomUpElement == null) {
+                    sig.computeSignature(referenceList, false, null);
+                } else {
+                    sig.computeSignature(referenceList, true, bottomUpElement);
+                }
+                bottomUpElement = sig.getSignatureElement();
+                
+                if (!abinding.isProtectTokens()) {
+                    Element bstElement = sig.getBinarySecurityTokenElement();
+                    if (bstElement != null) {
+                        secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement);
+                    }
                 }
+                
+                addSig(sig.getSignatureValue());
+                            
+                mainSigId = sig.getId();
             }
-            
-            addSig(sig.getSignatureValue());
-                        
-            mainSigId = sig.getId();
         }
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/811f40df/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index b785898..789b9ff 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -751,22 +751,24 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
         
         dkSign.getParts().addAll(sigs);
         List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader);
-        
-        //Add elements to header
-        Element el = dkSign.getdktElement();
-        addDerivedKeyElement(el);
-        
-        //Do signature
-        if (bottomUpElement == null) {
-            dkSign.computeSignature(referenceList, false, null);
-        } else {
-            dkSign.computeSignature(referenceList, true, bottomUpElement);
+        if (!referenceList.isEmpty()) {
+            //Add elements to header
+            Element el = dkSign.getdktElement();
+            addDerivedKeyElement(el);
+            
+            //Do signature
+            if (bottomUpElement == null) {
+                dkSign.computeSignature(referenceList, false, null);
+            } else {
+                dkSign.computeSignature(referenceList, true, bottomUpElement);
+            }
+            bottomUpElement = dkSign.getSignatureElement();
+            
+            this.mainSigId = dkSign.getSignatureId();
+    
+            return dkSign.getSignatureValue();
         }
-        bottomUpElement = dkSign.getSignatureElement();
-        
-        this.mainSigId = dkSign.getSignatureId();
-
-        return dkSign.getSignatureValue();        
+        return null;
     }
     
     private byte[] doSignature(List<WSEncryptionPart> sigs,
@@ -885,17 +887,19 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder
{
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
             sig.getParts().addAll(sigs);
             List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader);
-
-            //Do signature
-            if (bottomUpElement == null) {
-                sig.computeSignature(referenceList, false, null);
-            } else {
-                sig.computeSignature(referenceList, true, bottomUpElement);
+            if (!referenceList.isEmpty()) {
+                //Do signature
+                if (bottomUpElement == null) {
+                    sig.computeSignature(referenceList, false, null);
+                } else {
+                    sig.computeSignature(referenceList, true, bottomUpElement);
+                }
+                bottomUpElement = sig.getSignatureElement();
+    
+                this.mainSigId = sig.getId();
+                return sig.getSignatureValue();
             }
-            bottomUpElement = sig.getSignatureElement();
-
-            this.mainSigId = sig.getId();
-            return sig.getSignatureValue();
+            return null;
         }
     }
 


Mime
View raw message