That sounds promising.
I see this code was taken from the EncryptedKeyProcessor, so
presumably this processor needs to be changed, as well. Even better,
let's put these processors under a common base, and define the common
operation there. (The code is mine, and went in under WSS-57, so I
guess I take responsibility for the bug).
The only thing I'm concerned about is calling equals on a DOM Node
type. I'm wondering if there will be sensitivities to specific DOM
implementations (which can vary widely, across WSS4J deployments),
which may choose to implement equals in idiosyncratic manners.
Maybe this is the more reliable operation to use:
http://java.sun.com/j2se/1.5.0/docs/api/org/w3c/dom/Node.html#isEqualNode(org.w3c.dom.Node)
Next question: Is this blocking for you, and did it show up in RC1
testing? If we do fix it for 1.5.4, I suppose we can fix it on the
1_5_4 branch, and then merge to trunk after the release.
-Fred
PS> RC1 testing against CXF is going okay, though I've had to make
some slight modifications to the POM to get things just right. I'd
like to do an RC2 (with the BouncyCastle changes, as well), if folks
are open to that.
On Apr 23, 2008, at 2:54 AM, Nandana Mihindukulasooriya wrote:
Hi Devs,
In the Reference List processor , we get decrypted nodes
using the following logic.
We keep a list of elements before decryption of an element and we
compare it with list of elements after the element is decrypted. We
do this using the the following code.
final java.util.List ret = new java.util.ArrayList();
for (
final java.util.Iterator bpos = b.iterator();
bpos.hasNext();
) {
final Node bnode = (Node) bpos.next();
final java.lang.String bns = bnode.getNamespaceURI();
final java.lang.String bln = bnode.getLocalName();
boolean found = false;
for (
final java.util.Iterator apos = a.iterator();
apos.hasNext();
) {
final Node anode = (Node) apos.next();
final java.lang.String ans =
anode.getNamespaceURI();
final java.lang.String aln = anode.getLocalName();
final boolean nsmatch =
ans == null
? ((bns == null) ? true : false)
: ((bns == null) ? false : ans.equals(bns));
final boolean lnmatch =
aln == null
? ((bln == null) ? true : false)
: ((bln == null) ? false : aln.equals(bln));
if (nsmatch && lnmatch) {
found = true;
}
}
if (!found) {
ret.add(bnode);
}
As we can see, we check the presence of the elements using the
qualified names of the elements. But this not always work. Say for
example, we encrypt the signature of the message and the message
also have a endorsing signature.
List A
List B
EncryptedData (Encrypted signature) Signature (Decrypted
Signature)
Signature (Endorsing signature) Signature
(Endorsing Signature)
According the above logic, we will not get the decrypted signature
as a new node. So shall we check the new nodes using object
references,
final java.util.List ret = new java.util.ArrayList();
for ( final java.util.Iterator bpos = b.iterator();
bpos.hasNext(); ) {
final Node bnode = (Node) bpos.next();
boolean found = false;
for (final java.util.Iterator apos = a.iterator();
apos.hasNext();) {
final Node anode = (Node) apos.next();
if (bnode.equals(anode)) {
found = true;
}
}
if (!found) {
ret.add(bnode);
}
WDYT ?
thanks,
/nandana
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
