Repository: cxf Updated Branches: refs/heads/master 919d0b843 -> a4caf9383
Make Signature protection policy validation more robust Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a4caf938 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a4caf938 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a4caf938 Branch: refs/heads/master Commit: a4caf9383d8807ca06ed8932adc52a03928c66bd Parents: 919d0b8 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Nov 24 14:36:41 2014 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Nov 24 14:36:41 2014 +0000 ---------------------------------------------------------------------- .../AbstractBindingPolicyValidator.java | 22 +++++++++----------- 1 file changed, 10 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/a4caf938/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java index 8387317..d6a4462 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java @@ -409,13 +409,15 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); if (actInt.intValue() == WSConstants.SIGN && !foundPrimarySignature) { foundPrimarySignature = true; - String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID); - if (sigId == null || !isIdEncrypted(sigId, results)) { + Element sigElement = + (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); + if (sigElement == null || !isElementEncrypted(sigElement, results)) { return false; } } else if (actInt.intValue() == WSConstants.SC) { - String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID); - if (sigId == null || !isIdEncrypted(sigId, results)) { + Element sigElement = + (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); + if (sigElement == null || !isElementEncrypted(sigElement, results)) { return false; } } @@ -424,9 +426,9 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal } /** - * Return true if the given id was encrypted + * Return true if the given Element was encrypted */ - private boolean isIdEncrypted(String sigId, List<WSSecurityEngineResult> results) { + private boolean isElementEncrypted(Element element, List<WSSecurityEngineResult> results) { for (WSSecurityEngineResult wser : results) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); if (actInt.intValue() == WSConstants.ENCR) { @@ -435,12 +437,8 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal if (el != null) { for (WSDataRef r : el) { Element protectedElement = r.getProtectedElement(); - if (protectedElement != null) { - String id = protectedElement.getAttributeNS(null, "Id"); - String wsuId = protectedElement.getAttributeNS(WSConstants.WSU_NS, "Id"); - if (sigId.equals(id) || sigId.equals(wsuId)) { - return true; - } + if (element.equals(protectedElement)) { + return true; } } }
