svn commit: r751017 - in /webservices/wss4j/trunk/src/org/apache/ws/security: PublicKeyCallback.java processor/SignatureProcessor.java

Fri, 06 Mar 2009 10:13:09 -0800 

Author: dkulp
Date: Fri Mar  6 18:12:30 2009
New Revision: 751017

URL: http://svn.apache.org/viewvc?rev=751017&view=rev
Log:
If the callback handler doesn't do anything to actually verify it, don't accept 
it.

Modified:
    webservices/wss4j/trunk/src/org/apache/ws/security/PublicKeyCallback.java
    
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/PublicKeyCallback.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/PublicKeyCallback.java?rev=751017&r1=751016&r2=751017&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/org/apache/ws/security/PublicKeyCallback.java 
(original)
+++ webservices/wss4j/trunk/src/org/apache/ws/security/PublicKeyCallback.java 
Fri Mar  6 18:12:30 2009
@@ -30,6 +30,7 @@
 public class PublicKeyCallback implements Callback {
 
     private java.security.PublicKey publicKey;
+    private boolean verified = false;
     
     public PublicKeyCallback(java.security.PublicKey publicKey) {
         this.publicKey = publicKey;
@@ -43,6 +44,14 @@
         return publicKey;
     }
     
+    public void setVerified(boolean b) {
+        verified = b;
+    }
+    
+    public boolean isVerified() {
+        return verified;
+    }
+    
     /**
      * Evaluate whether a given public key should be trusted.
      * Essentially, this amounts to checking to see if there is a certificate 
in the keystore,
@@ -80,6 +89,7 @@
                 }
                 X509Certificate x509cert = (X509Certificate) cert;
                 if (publicKey.equals(x509cert.getPublicKey())) {
+                    verified = true;
                     return true;
                 }
             }

Modified: 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java?rev=751017&r1=751016&r2=751017&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
 (original)
+++ 
webservices/wss4j/trunk/src/org/apache/ws/security/processor/SignatureProcessor.java
 Fri Mar  6 18:12:30 2009
@@ -398,6 +398,11 @@
             try {
                 Callback[] callbacks = new Callback[]{pwcb};
                 cb.handle(callbacks);
+                if (!pwcb.isVerified()) {
+                    throw new WSSecurityException(
+                        WSSecurityException.FAILED_AUTHENTICATION, null, null, 
null
+                    );
+                }
             } catch (Exception e) {
                 throw new WSSecurityException(
                     WSSecurityException.FAILED_AUTHENTICATION, null, null, e



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to