[CXF-6884] - Don't include Signature/EncryptedKey Elements if there are no references to be signed/encrypted
# Conflicts: # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0da2a5ef Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0da2a5ef Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0da2a5ef Branch: refs/heads/3.0.x-fixes Commit: 0da2a5ef359fcbb2b732dd544cbb2fae7871fec9 Parents: 8259127 Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Apr 26 17:32:35 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Apr 26 22:32:38 2016 +0100 ---------------------------------------------------------------------- .../AsymmetricBindingHandler.java | 69 +++++++++++--------- .../policyhandlers/SymmetricBindingHandler.java | 54 ++++++++------- 2 files changed, 67 insertions(+), 56 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/0da2a5ef/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index c7576c6..199623f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -502,10 +502,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { this.insertBeforeBottomUp(attachment); } } - this.addEncryptedKeyElement(encryptedKeyElement); + if (refList != null || (attachments != null && !attachments.isEmpty())) { + this.addEncryptedKeyElement(encryptedKeyElement); + } } else { Element refList = encr.encryptForRef(null, encrParts); - this.addEncryptedKeyElement(encryptedKeyElement); + if (refList != null || (attachments != null && !attachments.isEmpty())) { + this.addEncryptedKeyElement(encryptedKeyElement); + } // Add internal refs if (refList != null) { @@ -660,20 +664,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { dkSign.setParts(sigParts); List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader); - - // Add elements to header - addDerivedKeyElement(dkSign.getdktElement()); - - //Do signature - if (bottomUpElement == null) { - dkSign.computeSignature(referenceList, false, null); - } else { - dkSign.computeSignature(referenceList, true, bottomUpElement); + if (!referenceList.isEmpty()) { + // Add elements to header + addDerivedKeyElement(dkSign.getdktElement()); + + //Do signature + if (bottomUpElement == null) { + dkSign.computeSignature(referenceList, false, null); + } else { + dkSign.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = dkSign.getSignatureElement(); + signatures.add(dkSign.getSignatureValue()); + + mainSigId = dkSign.getSignatureId(); } - bottomUpElement = dkSign.getSignatureElement(); - signatures.add(dkSign.getSignatureValue()); - - mainSigId = dkSign.getSignatureId(); } catch (Exception ex) { LOG.log(Level.FINE, ex.getMessage(), ex); throw new Fault(ex); @@ -695,24 +700,26 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { } List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); - //Do signature - if (bottomUpElement == null) { - sig.computeSignature(referenceList, false, null); - } else { - sig.computeSignature(referenceList, true, bottomUpElement); - } - bottomUpElement = sig.getSignatureElement(); - - if (!abinding.isProtectTokens()) { - Element bstElement = sig.getBinarySecurityTokenElement(); - if (bstElement != null) { - secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement); + if (!referenceList.isEmpty()) { + //Do signature + if (bottomUpElement == null) { + sig.computeSignature(referenceList, false, null); + } else { + sig.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = sig.getSignatureElement(); + + if (!abinding.isProtectTokens()) { + Element bstElement = sig.getBinarySecurityTokenElement(); + if (bstElement != null) { + secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement); + } } + + signatures.add(sig.getSignatureValue()); + + mainSigId = sig.getId(); } - - signatures.add(sig.getSignatureValue()); - - mainSigId = sig.getId(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/0da2a5ef/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 69ac52f..0ae599b 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -732,22 +732,24 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { dkSign.setParts(sigs); List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader); - - //Add elements to header - Element el = dkSign.getdktElement(); - addDerivedKeyElement(el); - - //Do signature - if (bottomUpElement == null) { - dkSign.computeSignature(referenceList, false, null); - } else { - dkSign.computeSignature(referenceList, true, bottomUpElement); + if (!referenceList.isEmpty()) { + //Add elements to header + Element el = dkSign.getdktElement(); + addDerivedKeyElement(el); + + //Do signature + if (bottomUpElement == null) { + dkSign.computeSignature(referenceList, false, null); + } else { + dkSign.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = dkSign.getSignatureElement(); + + this.mainSigId = dkSign.getSignatureId(); + + return dkSign.getSignatureValue(); } - bottomUpElement = dkSign.getSignatureElement(); - - this.mainSigId = dkSign.getSignatureId(); - - return dkSign.getSignatureValue(); + return null; } private byte[] doSignature(List<WSEncryptionPart> sigs, @@ -857,17 +859,19 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { sig.prepare(saaj.getSOAPPart(), crypto, secHeader); sig.setParts(sigs); List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader); - - //Do signature - if (bottomUpElement == null) { - sig.computeSignature(referenceList, false, null); - } else { - sig.computeSignature(referenceList, true, bottomUpElement); + if (!referenceList.isEmpty()) { + //Do signature + if (bottomUpElement == null) { + sig.computeSignature(referenceList, false, null); + } else { + sig.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = sig.getSignatureElement(); + + this.mainSigId = sig.getId(); + return sig.getSignatureValue(); } - bottomUpElement = sig.getSignatureElement(); - - this.mainSigId = sig.getId(); - return sig.getSignatureValue(); + return null; } }
