Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 91be86d13 -> 679e18b05
Make Signature protection policy validation more robust Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/679e18b0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/679e18b0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/679e18b0 Branch: refs/heads/3.0.x-fixes Commit: 679e18b054a452da44a14e5ba6472e73c855b7bc Parents: 91be86d Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Nov 24 14:36:41 2014 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Nov 24 14:50:47 2014 +0000 ---------------------------------------------------------------------- .../AbstractBindingPolicyValidator.java | 22 +++++++++----------- 1 file changed, 10 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/679e18b0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java index 8387317..d6a4462 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java @@ -409,13 +409,15 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); if (actInt.intValue() == WSConstants.SIGN && !foundPrimarySignature) { foundPrimarySignature = true; - String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID); - if (sigId == null || !isIdEncrypted(sigId, results)) { + Element sigElement = + (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); + if (sigElement == null || !isElementEncrypted(sigElement, results)) { return false; } } else if (actInt.intValue() == WSConstants.SC) { - String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID); - if (sigId == null || !isIdEncrypted(sigId, results)) { + Element sigElement = + (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); + if (sigElement == null || !isElementEncrypted(sigElement, results)) { return false; } } @@ -424,9 +426,9 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal } /** - * Return true if the given id was encrypted + * Return true if the given Element was encrypted */ - private boolean isIdEncrypted(String sigId, List<WSSecurityEngineResult> results) { + private boolean isElementEncrypted(Element element, List<WSSecurityEngineResult> results) { for (WSSecurityEngineResult wser : results) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); if (actInt.intValue() == WSConstants.ENCR) { @@ -435,12 +437,8 @@ public abstract class AbstractBindingPolicyValidator implements BindingPolicyVal if (el != null) { for (WSDataRef r : el) { Element protectedElement = r.getProtectedElement(); - if (protectedElement != null) { - String id = protectedElement.getAttributeNS(null, "Id"); - String wsuId = protectedElement.getAttributeNS(WSConstants.WSU_NS, "Id"); - if (sigId.equals(id) || sigId.equals(wsuId)) { - return true; - } + if (element.equals(protectedElement)) { + return true; } } }
