Error in Singature Processor
-----------------------------
Key: WSS-119
URL: https://issues.apache.org/jira/browse/WSS-119
Project: WSS4J
Issue Type: Bug
Reporter: Nandana Mihindukulasooriya
Assignee: Nandana Mihindukulasooriya
In Signature processor, when the signature is created using an encrypted key,
it processes the encrypted key even if it is already processed. I think this is
wrong. It causes problems if EncryptedKey have internal data refs, it causes
Exceptions as the data refs are already decrypted. Even if doesn't cause
errors, it is an inefficient way to this as we process the encrypted key twice.
Current :
if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
EncryptedKeyProcessor encryptKeyProcessor = new
EncryptedKeyProcessor();
encryptKeyProcessor.handleEncryptedKey((Element)token,
cb, crypto);
secretKey = encryptKeyProcessor.getDecryptedBytes();
}
Should be :
if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
String encryptedKeyID =
token.getAttributeNS(null,"Id");
EncryptedKeyProcessor encryptKeyProcessor =
(EncryptedKeyProcessor)
wsDocInfo.getProcessor(encryptedKeyID);
if (encryptKeyProcessor == null ) {
encryptKeyProcessor = new EncryptedKeyProcessor();
encryptKeyProcessor.handleEncryptedKey((Element)token, cb, crypto);
}
secretKey = encryptKeyProcessor.getDecryptedBytes();
}
thanks,
nandana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
