SignatureProcessor:verifyXMLSignature method - Crypto object can have null
values in the following scenario but it throws an Exception if the Crypto
object is null
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: WSS-126
URL: https://issues.apache.org/jira/browse/WSS-126
Project: WSS4J
Issue Type: Bug
Reporter: Dimuthu Leelarathne
Assignee: Ruchith Udayanga Fernando
Conditions
-Symmetric Key Singnature is used
-The secret key is already decrypted by EncryptedKeyProcessor and it is stored
inside org.apache.ws.security.WSDocInfo
So user do not have to provide Signature Crypto object. So the Exception thrown
at SignatureProcessor's 225th line should be be placed in a better place.
The same thing applies for Custom Keys supplied through a password callback
handler.
The stack trace is:
Caused by: org.apache.ws.security.WSSecurityException: General security error
(WSSecurityEngine: No crypto protery file supplied to verify signature)
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:225)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
