[
https://issues.apache.org/jira/browse/CXF-8705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17543938#comment-17543938
]
Colm O hEigeartaigh commented on CXF-8705:
------------------------------------------
Hi,
How can I run the tests - does it require the server to be running somehow?
Are you checking that you aren't signing the encrypted values on the outbound
side?
> Multiple encrypted XML elements fail crypto coverage check
> ----------------------------------------------------------
>
> Key: CXF-8705
> URL: https://issues.apache.org/jira/browse/CXF-8705
> Project: CXF
> Issue Type: Bug
> Components: JAX-WS Runtime
> Affects Versions: 3.5.2
> Environment: * Apache Maven 3.8.5
> * Java version: 11.0.12, vendor: Eclipse Foundation
> * Apache Tomcat 9.0.62
> * openSUSE Tumbleweed 20220509
> Reporter: David Lakatos
> Priority: Major
>
> Hello colleagues,
> I probably found a bug in
> {{org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker}}.
> * Issue: SOAP XML message encryption coverage checking for more than 1 XML
> elements does not work. If only 1 XML element encryption coverage is checked,
> everything works fine.
> * Symptoms: [CryptoCoverageUtil.matchElement(Collection<WSDataRef>,
> CoverageScope,
> Element)|https://github.com/apache/cxf/blob/cxf-3.5.2/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java#L381]
> compares objects via references ({{r.getProtectedElement() == el}}) but they
> are always different objects
> * Reproducer JUnit tests are provided on GitHub:
> [greatit/crypto-coverage-test|https://github.com/greatit/crypto-coverage-test]
> Fixing the issue would be much appreciated. Thank you.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
