[jira] Commented: (WSS-126) SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null

[Fred Dushin (JIRA)]

    [ 
https://issues.apache.org/jira/browse/WSS-126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12603598#action_12603598
 ] 

Fred Dushin commented on WSS-126:
---------------------------------

A few comments:

1. Can we get a test case for this?

2. Also, when we commit, we should always include the ticket ID in the commit 
message (WSS-126); this will result in an automatic update to Jira, and will 
list the changes in the "Subversion Commits" tab on the ticket page.

3. Change the "Fix For" field to 1.5.5.  (I'll do that now -- I just added a 
1.5.5 version)

Thanks!
-Fred

> SignatureProcessor:verifyXMLSignature method - Crypto object can have null 
> values in the following scenario but it throws an Exception if the Crypto 
> object is null
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-126
>                 URL: https://issues.apache.org/jira/browse/WSS-126
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Dimuthu Leelarathne
>            Assignee: Dimuthu Leelarathne
>             Fix For: 1.5.5
>
>
> Conditions
> -Symmetric Key Singnature is used
> -The secret key is already decrypted by EncryptedKeyProcessor and it is 
> stored inside org.apache.ws.security.WSDocInfo
> So user do not have to provide Signature Crypto object. So the Exception 
> thrown at SignatureProcessor's 225th line should be be placed in a better 
> place.
> The same thing applies for Custom Keys supplied through a password callback 
> handler.
> The stack trace is:
> Caused by: org.apache.ws.security.WSSecurityException: General security error 
> (WSSecurityEngine: No crypto protery file supplied to verify signature)
>       at 
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:225)
>       at 
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]