[
https://issues.apache.org/jira/browse/RAMPART-21?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12469706
]
Hans G Knudsen commented on RAMPART-21:
---------------------------------------
Hi!
I forgot...
The test in PolicyBasedResultsValidator could ofcause also be wrong...
I will try to test with an .Net/WCF request with EncryptBeforeSign and see how
the sigEncrActions are detected...
If the the actions are detected the same way - an extra test could be added :
// for signBeforeEncrypt :
if(act.intValue() == WSConstants.ENCR && ! sigfound ) {
// We found ENCR an sig has not been found
and the opposite test for encrBeforeSign.
/hans
> Policy validation of ProtectionOrder
> ------------------------------------
>
> Key: RAMPART-21
> URL: https://issues.apache.org/jira/browse/RAMPART-21
> Project: Rampart
> Issue Type: Bug
> Environment: Client/Server : Axis2 1.1, Rampart 1.1, WSS4J 1.5.1.
> Java 1.5 Max OSX
> Reporter: Hans G Knudsen
>
> Hi!
> Testing the Policy for Protection order with :
> Service Policy == SignBeforeEncrypt
> Client Message == EncrypteBeforeSign
> by setting :
> <sp:EncryptBeforeSigning/>
> in the client - the server does not detect that EncryptBeforeSign was used...
> In the policy test PolicyBasedResultsValidator the 'getSigEncrActions' has 3
> elements
> Encrypt, Sign, Encrypt
> and thereby has the Encrypt after SIgn. No test is made on the first
> Encrypt...
> I have not had time to investigate if
> - The message sent has wrong format
> - The parsing/detection is wrong.
> - ...
> /hans
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
