ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Closed) (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (WSS-119) Error in Singature Processor
Date Mon, 03 Oct 2011 09:04:35 GMT

     [ https://issues.apache.org/jira/browse/WSS-119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed WSS-119.
-----------------------------------

    
> Error in Singature Processor 
> -----------------------------
>
>                 Key: WSS-119
>                 URL: https://issues.apache.org/jira/browse/WSS-119
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>            Reporter: Nandana Mihindukulasooriya
>            Assignee: Nandana Mihindukulasooriya
>             Fix For: 1.5.4
>
>         Attachments: WSS-119.patch
>
>
> In Signature processor, when the signature is created using an encrypted key, it processes
the encrypted key even if it is already processed. I think this is wrong. It causes problems
if EncryptedKey have internal data refs, it causes Exceptions as the data refs are already
decrypted. Even if doesn't cause errors, it is an inefficient way to this as we process the
encrypted key twice. 
> Current :
>                     if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
>                         EncryptedKeyProcessor encryptKeyProcessor = new EncryptedKeyProcessor();
>                         encryptKeyProcessor.handleEncryptedKey((Element)token, cb, crypto);
>                         secretKey = encryptKeyProcessor.getDecryptedBytes();
>                      
>                     }
> Should be : 
>                         if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
>                         
>                         String encryptedKeyID = token.getAttributeNS(null,"Id");    
              
>                         EncryptedKeyProcessor encryptKeyProcessor = (EncryptedKeyProcessor)
>                                 wsDocInfo.getProcessor(encryptedKeyID);
>                         
>                         if (encryptKeyProcessor == null ) {
>                         
>                             encryptKeyProcessor = new EncryptedKeyProcessor();
>                             encryptKeyProcessor.handleEncryptedKey((Element)token, cb,
crypto);
>                         
>                         } 
>                         
>                         secretKey = encryptKeyProcessor.getDecryptedBytes();
>                      
>                     }  
> thanks,
> nandana

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message