[
https://issues.apache.org/jira/browse/RAMPART-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
todd wolff updated RAMPART-278:
-------------------------------
Description:
PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that
headers were signed. If header was encrypted before signing, wsu:Id is id on
EncryptedHeader element, which was detached from header by WSS4J and replaced
with the decrypted header. Consequently the check fails and validator
incorrectly throws an exception.
Also RampartUtil excludes child text nodes when converting soap header blocks,
i.e. a header block with a single child text node would be incorrectly
converted to an empty header block. See attached patch for painless fix to
both problems.
was:
PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that
headers were signed. If header was encrypted before signing, wsu:Id is id on
EncryptedHeader element, which was detached from header by WSS4J and replaced
with the decrypted header. Consequently the check fails and validator
incorrectly throws an exception.
Also RampartUtil excludes text nodes when converting envelope, i.e. a header
block with a single child text node would be incorrectly converted to an empty
header block.
See attached patch for painless fix to both problems.
> PolicyBasedResultsValidator throws exception when headers encrypted before
> signing.
> -----------------------------------------------------------------------------------
>
> Key: RAMPART-278
> URL: https://issues.apache.org/jira/browse/RAMPART-278
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Reporter: todd wolff
> Assignee: Ruchith Udayanga Fernando
> Attachments: SignedEncryptedHeaders.patch
>
>
> PolicyBasedResultsValidator uses wsu:Id of signed elements to validate that
> headers were signed. If header was encrypted before signing, wsu:Id is id on
> EncryptedHeader element, which was detached from header by WSS4J and replaced
> with the decrypted header. Consequently the check fails and validator
> incorrectly throws an exception.
> Also RampartUtil excludes child text nodes when converting soap header
> blocks, i.e. a header block with a single child text node would be
> incorrectly converted to an empty header block. See attached patch for
> painless fix to both problems.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
