David Lakatos created CXF-8705:
----------------------------------
Summary: Multiple encrypted XML elements fail crypto coverage check
Key: CXF-8705
URL: https://issues.apache.org/jira/browse/CXF-8705
Project: CXF
Issue Type: Bug
Components: JAX-WS Runtime
Affects Versions: 3.5.2
Environment: * Apache Maven 3.8.5
* Java version: 11.0.12, vendor: Eclipse Foundation
* Apache Tomcat 9.0.62
* openSUSE Tumbleweed 20220509
Reporter: David Lakatos
Hello colleagues,
I probably found a bug in
{{org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker}}.
* Issue: SOAP XML message encryption coverage checking for more than 1 XML
elements does not work. If only 1 XML element encryption coverage is checked,
everything works fine.
* Symptoms: [CryptoCoverageUtil.matchElement(Collection<WSDataRef>,
CoverageScope,
Element)|https://github.com/apache/cxf/blob/cxf-3.5.2/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java#L381]
compares objects via references ({{r.getProtectedElement() == el}}) but they
are always different objects
* Reproducer JUnit tests are provided on GitHub:
[greatit/crypto-coverage-test|https://github.com/greatit/crypto-coverage-test]
Fixing the issue would be much appreciated. Thank you.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
