[
https://issues.apache.org/jira/browse/WSS-119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fred Dushin updated WSS-119:
----------------------------
Component/s: WSS4J Core
Fix Version/s: 1.5.4
> Error in Singature Processor
> -----------------------------
>
> Key: WSS-119
> URL: https://issues.apache.org/jira/browse/WSS-119
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Reporter: Nandana Mihindukulasooriya
> Assignee: Nandana Mihindukulasooriya
> Fix For: 1.5.4
>
> Attachments: WSS-119.patch
>
>
> In Signature processor, when the signature is created using an encrypted key,
> it processes the encrypted key even if it is already processed. I think this
> is wrong. It causes problems if EncryptedKey have internal data refs, it
> causes Exceptions as the data refs are already decrypted. Even if doesn't
> cause errors, it is an inefficient way to this as we process the encrypted
> key twice.
> Current :
> if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
> EncryptedKeyProcessor encryptKeyProcessor = new
> EncryptedKeyProcessor();
>
> encryptKeyProcessor.handleEncryptedKey((Element)token, cb, crypto);
> secretKey = encryptKeyProcessor.getDecryptedBytes();
>
> }
> Should be :
> if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
>
> String encryptedKeyID =
> token.getAttributeNS(null,"Id");
> EncryptedKeyProcessor encryptKeyProcessor =
> (EncryptedKeyProcessor)
> wsDocInfo.getProcessor(encryptedKeyID);
>
> if (encryptKeyProcessor == null ) {
>
> encryptKeyProcessor = new EncryptedKeyProcessor();
>
> encryptKeyProcessor.handleEncryptedKey((Element)token, cb, crypto);
>
> }
>
> secretKey = encryptKeyProcessor.getDecryptedBytes();
>
> }
> thanks,
> nandana
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
