ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (WSS-479) Inbound streaming does not handle Symmetric Holder-Of-Key correctly
Date Tue, 15 Oct 2013 13:34:42 GMT

     [ https://issues.apache.org/jira/browse/WSS-479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh reassigned WSS-479:
---------------------------------------

    Assignee: Colm O hEigeartaigh  (was: Marc Giger)

> Inbound streaming does not handle Symmetric Holder-Of-Key correctly
> -------------------------------------------------------------------
>
>                 Key: WSS-479
>                 URL: https://issues.apache.org/jira/browse/WSS-479
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 2.0
>
>
> The streaming code has a problem when processing a request which contains a Holder-of-key
SAML Assertion with a Subject which has an EncryptedKey in the KeyInfo, and a Signature in
the security header which uses HMAC + points to the SAML Assertion.
> The following code in SecurityTokenFactoryImpl:
> if (keyInfoType != null) {
>             final SecurityTokenReferenceType securityTokenReferenceType
>                     = XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_wsse_SecurityTokenReference);
> ... bypasses the EncryptedKey, and instead only returns a SecurityToken of the (encrypting)
certificate. Instead it should detect that the immediate child of KeyInfo is an EncryptedKey
+ process this accordingly.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message