Author: coheigea Date: Mon Jul 9 11:07:38 2012 New Revision: 1359060 URL: http://svn.apache.org/viewvc?rev=1359060&view=rev Log: Merged revisions 1359043 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
........ r1359043 | coheigea | 2012-07-09 11:45:42 +0100 (Mon, 09 Jul 2012) | 10 lines Merged revisions 1359033 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1359033 | coheigea | 2012-07-09 11:27:52 +0100 (Mon, 09 Jul 2012) | 2 lines [CXF-4410] - sp:EncryptSignature policy validation should only check to see if the primary signature is encrypted ........ ........ Conflicts: services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509_symmetric/X509SymmetricBindingTest.java services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/DoubleIt.wsdl services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-client.xml services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-service.xml Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1359060&r1=1359059&r2=1359060&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Mon Jul 9 11:07:38 2012 @@ -313,13 +313,20 @@ public abstract class AbstractBindingPol } /** - * Check whether all Signature (and SignatureConfirmation) elements were encrypted + * Check whether the primary Signature (and all SignatureConfirmation) elements were encrypted */ protected boolean isSignatureEncrypted(List<WSSecurityEngineResult> results) { - for (WSSecurityEngineResult result : results) { + boolean foundPrimarySignature = false; + for (int i = results.size() - 1; i >= 0; i--) { + WSSecurityEngineResult result = results.get(i); Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION); - if (actInt.intValue() == WSConstants.SIGN - || actInt.intValue() == WSConstants.SC) { + if (actInt.intValue() == WSConstants.SIGN && !foundPrimarySignature) { + foundPrimarySignature = true; + String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID); + if (sigId == null || !isIdEncrypted(sigId, results)) { + return false; + } + } else if (actInt.intValue() == WSConstants.SC) { String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID); if (sigId == null || !isIdEncrypted(sigId, results)) { return false;
