[jira] [Closed] (WSS-119) Error in Singature Processor

Mon, 03 Oct 2011 02:05:30 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-119?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh closed WSS-119.
-----------------------------------

    
> Error in Singature Processor 
> -----------------------------
>
>                 Key: WSS-119
>                 URL: https://issues.apache.org/jira/browse/WSS-119
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>            Reporter: Nandana Mihindukulasooriya
>            Assignee: Nandana Mihindukulasooriya
>             Fix For: 1.5.4
>
>         Attachments: WSS-119.patch
>
>
> In Signature processor, when the signature is created using an encrypted key, 
> it processes the encrypted key even if it is already processed. I think this 
> is wrong. It causes problems if EncryptedKey have internal data refs, it 
> causes Exceptions as the data refs are already decrypted. Even if doesn't 
> cause errors, it is an inefficient way to this as we process the encrypted 
> key twice. 
> Current :
>                     if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
>                         EncryptedKeyProcessor encryptKeyProcessor = new 
> EncryptedKeyProcessor();
>                         
> encryptKeyProcessor.handleEncryptedKey((Element)token, cb, crypto);
>                         secretKey = encryptKeyProcessor.getDecryptedBytes();
>                      
>                     }
> Should be : 
>                         if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
>                         
>                         String encryptedKeyID = 
> token.getAttributeNS(null,"Id");                   
>                         EncryptedKeyProcessor encryptKeyProcessor = 
> (EncryptedKeyProcessor)
>                                 wsDocInfo.getProcessor(encryptedKeyID);
>                         
>                         if (encryptKeyProcessor == null ) {
>                         
>                             encryptKeyProcessor = new EncryptedKeyProcessor();
>                             
> encryptKeyProcessor.handleEncryptedKey((Element)token, cb, crypto);
>                         
>                         } 
>                         
>                         secretKey = encryptKeyProcessor.getDecryptedBytes();
>                      
>                     }  
> thanks,
> nandana

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to