Hi all, I've found this piece of code in the RampartPolicyBasedResultsValidator.java :
int refCount = 0;
refCount += encryptedParts.size();
if(encrRefs.size() != refCount) {
throw new RampartException("invalidNumberOfEncryptedParts",
new String[]{Integer.toString(refCount)});
}
How can you be sure that if the number is the same, the parts themselves
aren't different? This can lead to a big security compromise IMO , maybe I
am mistaken -:)
Regards,
Angel
