svn commit: r412042 - /webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java

Tue, 06 Jun 2006 01:25:47 -0700 

Author: ruchithf
Date: Tue Jun  6 01:25:30 2006
New Revision: 412042

URL: http://svn.apache.org/viewvc?rev=412042&view=rev
Log:
fix for WSS-44: Handle sigConf of the response when there's no signature in the 
request

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java?rev=412042&r1=412041&r2=412042&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java 
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/handler/WSHandler.java 
Tue Jun  6 01:25:30 2006
@@ -291,19 +291,28 @@
             byte[] sigVal = 
((WSSecurityEngineResult)sigConf.get(i)).getSigConf().getSignatureValue();
             if (sigVal != null) {
                 if (sigv == null || sigv.size() == 0) {
-                    throw new WSSecurityException("WSHandler: Check Signature 
confirmation: got a SC element, but no stored SV");
-                }
-                boolean found = false;
-                for (int ii = 0; ii < sigv.size(); ii++) {
-                    byte[] storedValue = (byte[])sigv.get(i);
-                    if (Arrays.equals(sigVal, storedValue)) {
-                        found = true;
-                        sigv.remove(ii);
-                        break;
+                    //If there are no store signature values
+                    if(sigVal.length != 0) {
+                        //If there's no value in the case where there are no
+                        //stored SV it is valid. Therefore if there IS a value 
+                        //in the sig confirmation element
+                        throw new WSSecurityException("WSHandler: Check 
Signature confirmation: got a SC element, but no stored SV");
                     }
-                }
-                if (!found) {
-                    throw new WSSecurityException("WSHandler: Check Signature 
confirmation: got SC element, but no matching SV");
+                } else {
+                    //If we have stored signature values
+                    boolean found = false;
+                    for (int ii = 0; ii < sigv.size(); ii++) {
+                        byte[] storedValue = (byte[]) sigv.get(i);
+                        if (Arrays.equals(sigVal, storedValue)) {
+                            found = true;
+                            sigv.remove(ii);
+                            break;
+                        }
+                    }
+                    if (!found) {
+                        throw new WSSecurityException(
+                                "WSHandler: Check Signature confirmation: got 
SC element, but no matching SV");
+                    } 
                 }
             }
         }



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to