[jira] Commented: (WSS-126) SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null

Tue, 10 Jun 2008 20:06:08 -0700 

    [ 
https://issues.apache.org/jira/browse/WSS-126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12604108#action_12604108
 ] 

Dimuthu Leelarathne commented on WSS-126:
-----------------------------------------

Add TestWSSecurityNew17 to show that WSSecEngine should be able to handle null 
for Singature Crypto objects. Committed with the ticket at svn revision 666511.

Thanks,
Dimuthu

> SignatureProcessor:verifyXMLSignature method - Crypto object can have null 
> values in the following scenario but it throws an Exception if the Crypto 
> object is null
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-126
>                 URL: https://issues.apache.org/jira/browse/WSS-126
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Dimuthu Leelarathne
>            Assignee: Dimuthu Leelarathne
>             Fix For: 1.5.5
>
>
> Conditions
> -Symmetric Key Singnature is used
> -The secret key is already decrypted by EncryptedKeyProcessor and it is 
> stored inside org.apache.ws.security.WSDocInfo
> So user do not have to provide Signature Crypto object. So the Exception 
> thrown at SignatureProcessor's 225th line should be be placed in a better 
> place.
> The same thing applies for Custom Keys supplied through a password callback 
> handler.
> The stack trace is:
> Caused by: org.apache.ws.security.WSSecurityException: General security error 
> (WSSecurityEngine: No crypto protery file supplied to verify signature)
>       at 
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:225)
>       at 
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to