svn commit: r1482406 - in /webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates: AlgorithmSuiteAssertionState.java TokenAssertionState.java

Tue, 14 May 2013 08:44:15 -0700 

Author: coheigea
Date: Tue May 14 15:43:52 2013
New Revision: 1482406

URL: http://svn.apache.org/r1482406
Log:
Two minor tweaks to policy verification code
 a) Allow STR Transform for C14n Algorithm
 b) Allow SupportingToken policies to be "signed" (e.g. when using TLS)

Modified:
    
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
    
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java

Modified: 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java?rev=1482406&r1=1482405&r2=1482406&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
 Tue May 14 15:43:52 2013
@@ -137,7 +137,8 @@ public class AlgorithmSuiteAssertionStat
             }
         } else if (WSSConstants.C14n.equals(keyUsage)) {
             if (algorithmSuite.getC14n() != null
-                    && 
!algorithmSuite.getC14n().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI()))
 {
+                    && 
!algorithmSuite.getC14n().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())
+                    && 
!WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(algorithmSuiteSecurityEvent.getAlgorithmURI()))
 {
                 setAsserted(false);
                 setErrorMessage("C14N algorithm " + 
algorithmSuiteSecurityEvent.getAlgorithmURI() + " does not meet policy");
             }

Modified: 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java?rev=1482406&r1=1482405&r2=1482406&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
 Tue May 14 15:43:52 2013
@@ -100,7 +100,10 @@ public abstract class TokenAssertionStat
                 }
 
                 SupportingTokens supportingTokens = (SupportingTokens) 
parentAssertion;
-                if 
(!tokenUsage.getName().equals(supportingTokens.getName().getLocalPart())) {
+                // Allow SupportingToken policies which are processed as 
SignedSupportingTokens
+                if 
(!(WSSecurityTokenConstants.TokenUsage_SupportingTokens.getName().equals(supportingTokens.getName().getLocalPart())
+                    && !tokenUsage.getName().contains("Endorsing"))
+                    && 
!tokenUsage.getName().equals(supportingTokens.getName().getLocalPart())) {
                     ignoreToken++;
                     continue loop;
                 }

Reply via email to