[
https://issues.apache.org/jira/browse/CXF-6473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14599615#comment-14599615
]
Colm O hEigeartaigh commented on CXF-6473:
------------------------------------------
I've fixed the problem with calling getSignedParts twice with
EncryptBeforeSigning. The Timestamp will still be signed twice as per your WSDL
as you are unnecessarily including a SignedElements policy pointing to the
Timestamp. According to the spec, the Timestamp must be signed by the main
Signature if it is included in the request. So there is no need to explicitly
sign it as well.
Colm.
> Double signatures while using AsymmetricBindingHandler
> ------------------------------------------------------
>
> Key: CXF-6473
> URL: https://issues.apache.org/jira/browse/CXF-6473
> Project: CXF
> Issue Type: Bug
> Components: WS-* Components
> Affects Versions: 2.7.13
> Reporter: Jordy Onrust
> Assignee: Colm O hEigeartaigh
> Fix For: 3.0.6, 2.7.17, 3.1.2
>
>
> WSDL: http://pastebin.com/Xx82fmGX
> Response: http://pastebin.com/KbuMrfn4
> In the given response signatures appear double or even triple.
> The getSignedParts method in AbstractBinding is called twice.
> The first call is done in the doEncryptBeforeSign method at line 262.
> Second call is done in the doSignature at line 506, called by
> doEncryptBeforeSign method at line 301.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
