[
https://issues.apache.org/jira/browse/RAMPART-31?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12495627
]
Ruchith Udayanga Fernando commented on RAMPART-31:
--------------------------------------------------
Please submit your patch against the latest source [1].
Thanks,
Ruchith
[1] https://svn.apache.org/repos/asf/webservices/rampart/trunk/java
> Using Policy configuration - a SOAP Message cannot be Encrypted only.
> ----------------------------------------------------------------------
>
> Key: RAMPART-31
> URL: https://issues.apache.org/jira/browse/RAMPART-31
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.1
> Reporter: Ric Emery
>
> Unless I am mistaken AsymmetricBindingBuilder does not support only
> encrypting a SOAP Message. AsymmetricBindingBuilder assumes that Signatures
> will always be applied. Logically I would think that leaving out the Policy
> sp:SignedParts element and/or the sp:InitiatorToken element would result in a
> message that is encrypted (assuming the Policy configures encryption), but
> not signed. Leaving out the InitiatorToken out of the profile results in a
> NullPointerException. Leaving out the sp:SignedParts does not disable
> signatures. I modified AssymetircBindingBuilder.java to allow encryption
> without signatures. Being new to the source base I am not sure that this is
> the correct fix.
> I modified build method adding a call to determine if signatures are
> disabled. Added a method to make the determination. And added a doEncryption
> method.. I can submit a diff in the proper format if requested.
> Thanks
> public void build(RampartMessageData rmd) throws RampartException {
> log.debug("AsymmetricBindingBuilder build invoked");
> RampartPolicyData rpd = rmd.getPolicyData();
> if (rpd.isIncludeTimestamp()) {
> this.addTimestamp(rmd);
> }
> if (shouldEncryptOnly(rmd))
> this.doEncrypt(rmd);
> else if
> (Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
> this.doEncryptBeforeSig(rmd);
> } else {
> this.doSignBeforeEncrypt(rmd);
> }
> log.debug("AsymmetricBindingBuilder build invoked : DONE");
> }
> private boolean shouldEncryptOnly(RampartMessageData rmd)
> {
> // Is there a better way to determine if signatures should be
> disabled?
> RampartPolicyData rampartPolicyData = rmd.getPolicyData();
>
> Vector parts = rampartPolicyData.getSignedParts();
> return !rampartPolicyData.isSignBody() && (null == parts ||
> parts.size() == 0);
> }
> private void doEncrypt(RampartMessageData rmd)
> throws RampartException {
> RampartPolicyData rpd = rmd.getPolicyData();
> Document doc = rmd.getDocument();
> RampartConfig config = rpd.getRampartConfig();
> /*
> * We need to hold on to these two element to use them as refence in
> the
> * case of encypting the signature
> */
> Element encrDKTokenElem = null;
> WSSecEncrypt encr = null;
> Element refList = null;
> WSSecDKEncrypt dkEncr = null;
> /*
> * We MUST use keys derived from the same token
> */
> Token encryptionToken = rpd.getRecipientToken();
> Vector encrParts = RampartUtil.getEncryptedParts(rmd);
> if(encryptionToken == null && encrParts.size() > 0) {
> throw new RampartException("encryptionTokenMissing");
> }
> if (encryptionToken != null && encrParts.size() > 0) {
> if (encryptionToken.isDerivedKeys()) {
> try {
> this.setupEncryptedKey(rmd, encryptionToken);
> // Create the DK encryption builder
> dkEncr = new WSSecDKEncrypt();
> dkEncr.setParts(encrParts);
> dkEncr.setExternalKey(this.encryptedKeyValue,
> this.encryptedKeyId);
> dkEncr.prepare(doc);
> // Get and add the DKT element
> this.encrDKTElement = dkEncr.getdktElement();
> encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd,
> this.encrDKTElement);
> refList = dkEncr.encryptForExternalRef(null, encrParts);
> } catch (WSSecurityException e) {
> throw new RampartException("errorCreatingEncryptedKey",
> e);
> } catch (ConversationException e) {
> throw new RampartException("errorInDKEncr", e);
> }
> } else {
> try {
> encr = new WSSecEncrypt();
> encr.setParts(encrParts);
> encr.setWsConfig(rmd.getConfig());
> encr.setDocument(doc);
> RampartUtil.setEncryptionUser(rmd, encr);
>
> encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
>
> encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
> encr.prepare(doc, RampartUtil.getEncryptionCrypto(config,
> rmd.getCustomClassLoader()));
> Element bstElem = encr.getBinarySecurityTokenElement();
> if (bstElem != null) {
> RampartUtil.appendChildToSecHeader(rmd, bstElem);
> }
> this.encrTokenElement = encr.getEncryptedKeyElement();
> this.encrTokenElement =
> RampartUtil.appendChildToSecHeader(rmd,
> encrTokenElement);
> refList = encr.encryptForExternalRef(null, encrParts);
> } catch (WSSecurityException e) {
> throw new RampartException("errorInEncryption", e);
> }
> }
> RampartUtil.appendChildToSecHeader(rmd, refList);
> this.setInsertionLocation(encrTokenElement);
> }
> }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
