[jira] [Commented] (RAMPART-402) PolicyBasedResultsValidator does not correctly check signed parts

Tue, 05 Nov 2024 17:51:11 -0800 


    [ 
https://issues.apache.org/jira/browse/RAMPART-402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895844#comment-17895844
 ] 

Robert Lazarski commented on RAMPART-402:
-----------------------------------------

I tried applying the patch - the only change was renaming the keystore to 
interop2024.pkcs12. 

Unfortunately, I got this error running the unit tests: 

[INFO] Running org.apache.rampart.RampartTest
15:43:15.699 [qtp1986270265-237] ERROR org.apache.axis2.engine.AxisEngine - 
Expected encrypted part missing
org.apache.axis2.AxisFault: Expected encrypted part missing
at 
org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:199)
 ~[rampart-core-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:102) 
~[rampart-core-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:335) 
~[axis2-kernel-1.8.2.jar:1.8.2]
        at org.apache.axis2.engine.Phase.invoke(Phase.java:308) 
~[axis2-kernel-1.8.2.jar:1.8.2]
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:250) 
~[axis2-kernel-1.8.2.jar:1.8.2]
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:156) 
~[axis2-kernel-1.8.2.jar:1.8.2]
        at 
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:179)
 ~[axis2-transport-http-1.8.2.jar:1.8.2]
        at 
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:166) 
~[axis2-transport-http-1.8.2.jar:1.8.2]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) 
~[javax.servlet-api-3.1.0.jar:3.1.0]
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 
~[javax.servlet-api-3.1.0.jar:3.1.0]
        at 
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) 
~[jetty-servlet-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:529) 
~[jetty-servlet-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) 
~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578) 
~[jetty-security-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) 
~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
 ~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
 ~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
 ~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1378)
 ~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
 ~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) 
~[jetty-servlet-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
 ~[jetty-server-10.0.11.jar:10.0.11]
at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) 
~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) 
~[jetty-server-10.0.11.jar:10.0.11]
        at org.eclipse.jetty.server.Server.handle(Server.java:562) 
~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505) 
~[jetty-server-10.0.11.jar:10.0.11]
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762) 
~[jetty-server-10.0.11.jar:10.0.11]
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497) 
~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282) 
~[jetty-server-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:319)
 ~[jetty-io-10.0.11.jar:10.0.11]
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) 
~[jetty-io-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
 ~[jetty-io-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:412)
 ~[jetty-util-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:381)
 ~[jetty-util-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:268)
 ~[jetty-util-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:138)
 ~[jetty-util-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:407)
 [jetty-util-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:894)
 [jetty-util-10.0.11.jar:10.0.11]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1038)
 [jetty-util-10.0.11.jar:10.0.11]
        at java.base/java.lang.Thread.run(Thread.java:840) [?:?]
Caused by: org.apache.rampart.RampartException: Expected encrypted part missing
        at 
org.apache.rampart.PolicyBasedResultsValidator.validateEncrSig(PolicyBasedResultsValidator.java:292)
 ~[rampart-core-1.8.0-SNAPSHOT.jar:?]
        at 
org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:163)
 ~[rampart-core-1.8.0-SNAPSHOT.jar:?]
at org.apache.rampart.RampartEngine.process(RampartEngine.java:376) 
~[rampart-core-1.8.0-SNAPSHOT.jar:?]
        at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95) 
~[rampart-core-1.8.0-SNAPSHOT.jar:1.8.0-SNAPSHOT]
        ... 40 more

> PolicyBasedResultsValidator does not correctly check signed parts
> -----------------------------------------------------------------
>
>                 Key: RAMPART-402
>                 URL: https://issues.apache.org/jira/browse/RAMPART-402
>             Project: Rampart
>          Issue Type: Bug
>    Affects Versions: 1.6.2
>            Reporter: Nathan Clement
>            Assignee: Robert Lazarski
>            Priority: Major
>              Labels: Patch
>             Fix For: 1.8.0
>
>         Attachments: check_signed_parts.patch
>
>
> PolicyBasedResultsValidator does not correctly check the signed parts from 
> the policy because it is checking that the element name is "Header".  
> Obviously this won't match the signed part element name in the policy.  I'm 
> not sure of the historical reason for this, but I've removed this check in my 
> attached patch.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to