Author: coheigea
Date: Fri Oct 14 10:33:06 2011
New Revision: 1183284
URL: http://svn.apache.org/viewvc?rev=1183284&view=rev
Log:
Added commend out code to check transform algorithms
Modified:
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Modified:
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java?rev=1183284&r1=1183283&r2=1183284&view=diff
==============================================================================
---
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
(original)
+++
cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Fri Oct 14 10:33:06 2011
@@ -33,6 +33,7 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSSecurityEngineResult;
+//import org.apache.ws.security.transform.STRTransform;
/**
* Validate a WSSecurityEngineResult corresponding to the processing of a
Signature, EncryptedKey or
@@ -92,6 +93,25 @@ public class AlgorithmSuitePolicyValidat
List<WSDataRef> dataRefs =
CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+ if (!checkDataRefs(dataRefs, algorithmPolicy, ai)) {
+ return false;
+ }
+
+ if (!checkKeyLengths(result, algorithmPolicy, ai, true)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Check the individual signature references
+ */
+ private boolean checkDataRefs(
+ List<WSDataRef> dataRefs,
+ AlgorithmSuite algorithmPolicy,
+ AssertionInfo ai
+ ) {
for (WSDataRef dataRef : dataRefs) {
String digestMethod = dataRef.getDigestAlgorithm();
if (!algorithmPolicy.getDigest().equals(digestMethod)) {
@@ -100,12 +120,23 @@ public class AlgorithmSuitePolicyValidat
);
return false;
}
+ /*
+ * TODO Re-enable once we upgrade to WSS4J 1.6.4
+ List<String> transformAlgorithms =
dataRef.getTransformAlgorithms();
+ // Only a max of 2 transforms per reference is allowed
+ if (transformAlgorithms == null || transformAlgorithms.size() > 2)
{
+ ai.setNotAsserted("The transform algorithms do not match the
requirement");
+ return false;
+ }
+ for (String transformAlgorithm : transformAlgorithms) {
+ if
(!(algorithmPolicy.getInclusiveC14n().equals(transformAlgorithm)
+ || STRTransform.TRANSFORM_URI.equals(transformAlgorithm)))
{
+ ai.setNotAsserted("The transform algorithms do not match
the requirement");
+ return false;
+ }
+ }
+ */
}
-
- if (!checkKeyLengths(result, algorithmPolicy, ai, true)) {
- return false;
- }
-
return true;
}
