[CXF-6884] - Don't include Signature/EncryptedKey Elements if there are no references to be signed/encrypted
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/811f40df Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/811f40df Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/811f40df Branch: refs/heads/master-jaxrs-2.1 Commit: 811f40df5523aee9eb938c2999aeac8d2fe7bf8d Parents: 4bce078 Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Apr 26 17:32:35 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Apr 26 17:32:35 2016 +0100 ---------------------------------------------------------------------- .../AsymmetricBindingHandler.java | 69 +++++++++++--------- .../policyhandlers/SymmetricBindingHandler.java | 54 ++++++++------- 2 files changed, 67 insertions(+), 56 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/811f40df/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 963b4db..ef2503a 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -511,10 +511,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { this.insertBeforeBottomUp(attachment); } } - this.addEncryptedKeyElement(encryptedKeyElement); + if (refList != null || (attachments != null && !attachments.isEmpty())) { + this.addEncryptedKeyElement(encryptedKeyElement); + } } else { Element refList = encr.encryptForRef(null, encrParts); - this.addEncryptedKeyElement(encryptedKeyElement); + if (refList != null || (attachments != null && !attachments.isEmpty())) { + this.addEncryptedKeyElement(encryptedKeyElement); + } // Add internal refs if (refList != null) { @@ -679,20 +683,21 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { dkSign.getParts().addAll(sigParts); List<Reference> referenceList = dkSign.addReferencesToSign(sigParts, secHeader); - - // Add elements to header - addDerivedKeyElement(dkSign.getdktElement()); - - //Do signature - if (bottomUpElement == null) { - dkSign.computeSignature(referenceList, false, null); - } else { - dkSign.computeSignature(referenceList, true, bottomUpElement); + if (!referenceList.isEmpty()) { + // Add elements to header + addDerivedKeyElement(dkSign.getdktElement()); + + //Do signature + if (bottomUpElement == null) { + dkSign.computeSignature(referenceList, false, null); + } else { + dkSign.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = dkSign.getSignatureElement(); + addSig(dkSign.getSignatureValue()); + + mainSigId = dkSign.getSignatureId(); } - bottomUpElement = dkSign.getSignatureElement(); - addSig(dkSign.getSignatureValue()); - - mainSigId = dkSign.getSignatureId(); } catch (Exception ex) { LOG.log(Level.FINE, ex.getMessage(), ex); throw new Fault(ex); @@ -714,24 +719,26 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { } List<Reference> referenceList = sig.addReferencesToSign(sigParts, secHeader); - //Do signature - if (bottomUpElement == null) { - sig.computeSignature(referenceList, false, null); - } else { - sig.computeSignature(referenceList, true, bottomUpElement); - } - bottomUpElement = sig.getSignatureElement(); - - if (!abinding.isProtectTokens()) { - Element bstElement = sig.getBinarySecurityTokenElement(); - if (bstElement != null) { - secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement); + if (!referenceList.isEmpty()) { + //Do signature + if (bottomUpElement == null) { + sig.computeSignature(referenceList, false, null); + } else { + sig.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = sig.getSignatureElement(); + + if (!abinding.isProtectTokens()) { + Element bstElement = sig.getBinarySecurityTokenElement(); + if (bstElement != null) { + secHeader.getSecurityHeader().insertBefore(bstElement, bottomUpElement); + } } + + addSig(sig.getSignatureValue()); + + mainSigId = sig.getId(); } - - addSig(sig.getSignatureValue()); - - mainSigId = sig.getId(); } } http://git-wip-us.apache.org/repos/asf/cxf/blob/811f40df/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index b785898..789b9ff 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -751,22 +751,24 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { dkSign.getParts().addAll(sigs); List<Reference> referenceList = dkSign.addReferencesToSign(sigs, secHeader); - - //Add elements to header - Element el = dkSign.getdktElement(); - addDerivedKeyElement(el); - - //Do signature - if (bottomUpElement == null) { - dkSign.computeSignature(referenceList, false, null); - } else { - dkSign.computeSignature(referenceList, true, bottomUpElement); + if (!referenceList.isEmpty()) { + //Add elements to header + Element el = dkSign.getdktElement(); + addDerivedKeyElement(el); + + //Do signature + if (bottomUpElement == null) { + dkSign.computeSignature(referenceList, false, null); + } else { + dkSign.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = dkSign.getSignatureElement(); + + this.mainSigId = dkSign.getSignatureId(); + + return dkSign.getSignatureValue(); } - bottomUpElement = dkSign.getSignatureElement(); - - this.mainSigId = dkSign.getSignatureId(); - - return dkSign.getSignatureValue(); + return null; } private byte[] doSignature(List<WSEncryptionPart> sigs, @@ -885,17 +887,19 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { sig.prepare(saaj.getSOAPPart(), crypto, secHeader); sig.getParts().addAll(sigs); List<Reference> referenceList = sig.addReferencesToSign(sigs, secHeader); - - //Do signature - if (bottomUpElement == null) { - sig.computeSignature(referenceList, false, null); - } else { - sig.computeSignature(referenceList, true, bottomUpElement); + if (!referenceList.isEmpty()) { + //Do signature + if (bottomUpElement == null) { + sig.computeSignature(referenceList, false, null); + } else { + sig.computeSignature(referenceList, true, bottomUpElement); + } + bottomUpElement = sig.getSignatureElement(); + + this.mainSigId = sig.getId(); + return sig.getSignatureValue(); } - bottomUpElement = sig.getSignatureElement(); - - this.mainSigId = sig.getId(); - return sig.getSignatureValue(); + return null; } }
