cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Kulp (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (CXF-2165) SecurityPolicy-Assertion fails for only signing
Date Thu, 09 Apr 2009 14:05:13 GMT

     [ https://issues.apache.org/jira/browse/CXF-2165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daniel Kulp reassigned CXF-2165:
--------------------------------

    Assignee: Daniel Kulp

> SecurityPolicy-Assertion fails for only signing 
> ------------------------------------------------
>
>                 Key: CXF-2165
>                 URL: https://issues.apache.org/jira/browse/CXF-2165
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2
>            Reporter: Benjamin Ernst
>            Assignee: Daniel Kulp
>         Attachments: policy.xml
>
>
> Policy-Assertion fails when a policy only asserts that the body is signed, but not encrypted.
Sending signed messages is no problem, but when receiving a signed message the following error
appears:
>   Caused by: org.apache.cxf.ws.policy.PolicyException: These policy alternatives can
not be satisfied:
>   {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}AsymmetricBinding: Not signed
before encrypted
> There should not be any encryption at all, only signing. I debugged into the code and
found the following Method in the PolicyBasedWSS4JInInterceptor.java:
>  private boolean assertAsymetricBinding(AssertionInfoMap aim,
>                                            SoapMessage message,
>                                            SOAPMessage doc,
>                                            Protections prots,
>                                            boolean derived) {
>         Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
>         if (ais == null) {
>             return true;
>         }
>         for (AssertionInfo ai : ais) {
>             AsymmetricBinding abinding = (AsymmetricBinding)ai.getAssertion();
>             ai.setAsserted(true);
>             if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning)
{
>                 if (abinding.isSignatureProtection()) {
>                     if (prots != Protections.ENCRYPT_SIGN_PROTECT) {
>                         ai.setNotAsserted("Not encrypted before signed and then protected");
>                     }
>                 } else if (prots != Protections.ENCRYPT_SIGN) {
>                     ai.setNotAsserted("Not encrypted before signed");               
   
>                 }
>             } else if (prots != Protections.SIGN_ENCRYPT) {
>                 ai.setNotAsserted("Not signed before encrypted");                   
               
>             }
>             assertPolicy(aim, abinding.getInitiatorToken());
>             assertPolicy(aim, abinding.getRecipientToken());
>             assertPolicy(aim, abinding.getInitiatorToken().getToken(), derived);
>             assertPolicy(aim, abinding.getRecipientToken().getToken(), derived);
>         }
>         return true;
>     }
> In this method the value of prots is ="SIGN" which is correct. But the if-statement only
checks if prots is not SIGN_ENCRYPT and then sets it to notasserted. It might be because SPConstants.ProtectionOrder
only knows EncryptBeforeSigning and SigningBeforeEncrypt. There is nothing about only signing,
or only encrypting.
> The policy is attached.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message