[
https://issues.apache.org/jira/browse/WSS-254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12935737#action_12935737
]
Marcin Markiewicz commented on WSS-254:
---------------------------------------
First solution for this issue, that works for me. See attached file.
This solution isn't pretty and i think it needs a rework, but I don't know this
project well and don't know where to put some helper methods.
Basically the changes are made in the class WSSecEncrypt, method doEncryption
(line 472 ff)
Now this method serches for documents' nodes that are matching the given
WSEncryptionParts in the Vector "references". this is made in the new method
"findMatchingElements". This new method uses some other new methods like
"matches", "getNodeXPath", "matchesXPaths" (all implementd by me)
Then the found Nodes (they are in an Map, together with the WSEncryptionParts
which selected them) are processed using the new method "encryptPart". This
method is an extracted part from the old method "doEncryption" that does call
the real encryption mechanism. Here no changes was made by me.
Now it it possible to find ALL elements with the name/namespace given by the
WSEncryptionPart, and more - if the WSEncryptionPart contains an XPath
expression - this will be user instead of the name/namespace combi for
searching. There are no new constructors or public methods, so the code is
backward compatible with the version 1.5.9 (i don't know when the getXpath and
setXpath methods were added to WSEncryptionPart. In 1.5.7 there were not
there).
And there is one more advantage: the old method was serching the document for
the matching Nodes for each WSEncryptionPart. Now the document is scanned one
time and all WSEncryptionParts are checked at the same time. So if there are
1000 WSEncryptionParts the document was scanned 1000 times until the Nodes were
found, now it is scanned one time. OK - usually there are fewer
WSEncryptionParts - I think up to 5...
Please check my modifications for any problems (thread safety, security,...).
> Encryption/signing of multiple message parts with same name not working
> -----------------------------------------------------------------------
>
> Key: WSS-254
> URL: https://issues.apache.org/jira/browse/WSS-254
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.6
> Environment: all. (found out an a windows vista machine with java 1.6)
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Priority: Critical
>
> The current implementation of the class "WSSecEncypt" lookf in the document
> to encrypt for elements only by their name and namespace (this are the only
> informations provided by the class "WSEncryptionPart"). The search find the
> first element with this name and lets encrypt it. If there are other elements
> with the same name we wish to encrypt it cannot be done. But it is needed if
> one uses lists of elements
> Following example shows the issue:
> <xml...>
> <soapenv:Envelope>
> <soapenv:Header>
> <myNS:Header1>
> <!-- XML data-->
> </myNS:Header1>
> <myNS:Header2>
> <!-- XML data-->
> <myNS:attachment>
> <!-- some data we don't wish to encrypt -->
> <myNS:attachment>
> </myNS:Header2>
> ...
> <myNS:Attachments>
> <myNS:attachment>
> <!-- 1. binary data base64 encoded -->
> </myNS:attachment>
> <myNS:attachment>
> <!-- 2. binary data base64 encoded -->
> </myNS:attachment>
> <myNS:attachment>
> <!-- 3. binary data base64 encoded -->
> </myNS:attachment>
> ...
> </myNS:Attachments>
> ...
> <myNS:HeaderX>
> <!-- XML data-->
> </myNS:HeaderX>
> </soapenv:Header>
> <soapenv:Body>
> <!-- XML data-->
> </soapenv:Body>
> </soapenv:Envelope>
> if we use the WSEncyrpionPart this way:
> WSEncryptionPart encryptionPart = new WSEncryptionPart("attachment",
> "myNS-URI", "Content");
> then only the element "Envelope/Header/Header2/attachment" will be encryptet.
> Thus the one we don't want to encrypt, but the other ones will not be
> encrypted.
> To solve this problem a XPath support in WSEncryptionPart and WSSecEncryption
> is to be implemented (and maybe more...)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
