Author: muthulee
Date: Thu Dec 23 05:49:51 2010
New Revision: 1052172
URL: http://svn.apache.org/viewvc?rev=1052172&view=rev
Log:
Applying the patch by Todd Wolff to fix RAMPART-278. Thank you Todd.
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1052172&r1=1052171&r2=1052172&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Thu Dec 23 05:49:51 2010
@@ -31,6 +31,7 @@ import org.apache.ws.security.message.to
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
import org.jaxen.XPath;
import org.jaxen.JaxenException;
@@ -555,16 +556,34 @@ public class PolicyBasedResultsValidator
Vector actuallySigned = new Vector();
if (actionResults != null) {
for (int j = 0; j < actionResults.length; j++) {
+
WSSecurityEngineResult actionResult = actionResults[j];
- Set signedIDs = (Set) actionResult
- .get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
- for (Iterator i = signedIDs.iterator(); i.hasNext();) {
- String e = (String) i.next();
-
- Element element = WSSecurityUtil.findElementById(envelope,
e,
- WSConstants.WSU_NS);
- actuallySigned.add(element);
+ List wsDataRefs =
(List)actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ // if header was encrypted before it was signed, protected
+ // element is 'EncryptedHeader.' the actual element is
+ // first child element
+
+ for (Iterator k = wsDataRefs.iterator(); k.hasNext();) {
+ WSDataRef wsDataRef = (WSDataRef)k.next();
+ Element protectedElement = wsDataRef.getProtectedElement();
+ if
(protectedElement.getLocalName().equals("EncryptedHeader")) {
+ NodeList nodeList = protectedElement.getChildNodes();
+ for (int x = 0; x < nodeList.getLength(); x++) {
+ if (nodeList.item(x).getNodeType() ==
Node.ELEMENT_NODE) {
+ String ns =
((Element)nodeList.item(x)).getNamespaceURI();
+ String ln =
((Element)nodeList.item(x)).getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ break;
+ }
+ }
+ } else {
+ String ns = protectedElement.getNamespaceURI();
+ String ln = protectedElement.getLocalName();
+ actuallySigned.add(new QName(ns,ln));
+ }
}
+
}
}
@@ -573,15 +592,15 @@ public class PolicyBasedResultsValidator
if (wsep.getType() == WSConstants.PART_TYPE_BODY) {
- Element body;
+ QName bodyQName;
if
(WSConstants.URI_SOAP11_ENV.equals(envelope.getNamespaceURI())) {
- body = WSSecurityUtil.findBodyElement(rmd.getDocument(),
new SOAP11Constants());
+ bodyQName = new SOAP11Constants().getBodyQName();
} else {
- body = WSSecurityUtil.findBodyElement(rmd.getDocument(),
new SOAP12Constants());
+ bodyQName = new SOAP12Constants().getBodyQName();
}
- if (!actuallySigned.contains(body) &&
!rmd.getPolicyData().isSignBodyOptional()) {
+ if (!actuallySigned.contains(bodyQName) &&
!rmd.getPolicyData().isSignBodyOptional()) {
// soap body is not signed
throw new RampartException("bodyNotSigned");
}
@@ -591,6 +610,7 @@ public class PolicyBasedResultsValidator
Element element = (Element) WSSecurityUtil.findElement(
envelope, wsep.getName(), wsep.getNamespace() );
+
if( element == null ) {
// The signedpart header or element we are checking is not
present in
// soap envelope - this is allowed
@@ -598,7 +618,7 @@ public class PolicyBasedResultsValidator
}
// header or the element present in soap envelope - verify
that it is part of signature
- if( actuallySigned.contains( element) ) {
+ if( actuallySigned.contains( new
QName(element.getNamespaceURI(), element.getLocalName())) ) {
continue;
}
Modified:
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java?rev=1052172&r1=1052171&r2=1052172&view=diff
==============================================================================
---
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
(original)
+++
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
Thu Dec 23 05:49:51 2010
@@ -205,7 +205,9 @@ public class Axis2Util {
OMNamespace ns = (OMNamespace)
nsIter.next();
header.declareNamespace(ns);
}
- Iterator children = element.getChildElements();
+ // retrieve all child nodes (including any text
nodes)
+ // and re-attach to header block
+ Iterator children = element.getChildren();
while (children.hasNext()) {
OMNode child = (OMNode)children.next();
child.detach();
