[jira] Updated: (WSS-126) SignatureProcessor:verifyXMLSignature method - Crypto object can have null values in the following scenario but it throws an Exception if the Crypto object is null

Mon, 29 Sep 2008 08:54:37 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Colm O hEigeartaigh updated WSS-126:
------------------------------------

    Fix Version/s: 1.5.5


Just reverting the fix field to 1.5.5 so that the fix will appear in the 
roadmap.

> SignatureProcessor:verifyXMLSignature method - Crypto object can have null 
> values in the following scenario but it throws an Exception if the Crypto 
> object is null
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-126
>                 URL: https://issues.apache.org/jira/browse/WSS-126
>             Project: WSS4J
>          Issue Type: Bug
>            Reporter: Dimuthu Leelarathne
>            Assignee: Dimuthu Leelarathne
>             Fix For: 1.5.5
>
>
> Conditions
> -Symmetric Key Singnature is used
> -The secret key is already decrypted by EncryptedKeyProcessor and it is 
> stored inside org.apache.ws.security.WSDocInfo
> So user do not have to provide Signature Crypto object. So the Exception 
> thrown at SignatureProcessor's 225th line should be be placed in a better 
> place.
> The same thing applies for Custom Keys supplied through a password callback 
> handler.
> The stack trace is:
> Caused by: org.apache.ws.security.WSSecurityException: General security error 
> (WSSecurityEngine: No crypto protery file supplied to verify signature)
>       at 
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:225)
>       at 
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:311)
>       at 
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:228)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to