ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1482406 - in /webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates: AlgorithmSuiteAssertionState.java TokenAssertionState.java
Date Tue, 14 May 2013 15:43:52 GMT
Author: coheigea
Date: Tue May 14 15:43:52 2013
New Revision: 1482406

URL: http://svn.apache.org/r1482406
Log:
Two minor tweaks to policy verification code
 a) Allow STR Transform for C14n Algorithm
 b) Allow SupportingToken policies to be "signed" (e.g. when using TLS)

Modified:
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
    webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java?rev=1482406&r1=1482405&r2=1482406&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/AlgorithmSuiteAssertionState.java
Tue May 14 15:43:52 2013
@@ -137,7 +137,8 @@ public class AlgorithmSuiteAssertionStat
             }
         } else if (WSSConstants.C14n.equals(keyUsage)) {
             if (algorithmSuite.getC14n() != null
-                    && !algorithmSuite.getC14n().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI()))
{
+                    && !algorithmSuite.getC14n().getValue().equals(algorithmSuiteSecurityEvent.getAlgorithmURI())
+                    && !WSSConstants.SOAPMESSAGE_NS10_STRTransform.equals(algorithmSuiteSecurityEvent.getAlgorithmURI()))
{
                 setAsserted(false);
                 setErrorMessage("C14N algorithm " + algorithmSuiteSecurityEvent.getAlgorithmURI()
+ " does not meet policy");
             }

Modified: webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java?rev=1482406&r1=1482405&r2=1482406&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
(original)
+++ webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/TokenAssertionState.java
Tue May 14 15:43:52 2013
@@ -100,7 +100,10 @@ public abstract class TokenAssertionStat
                 }
 
                 SupportingTokens supportingTokens = (SupportingTokens) parentAssertion;
-                if (!tokenUsage.getName().equals(supportingTokens.getName().getLocalPart()))
{
+                // Allow SupportingToken policies which are processed as SignedSupportingTokens
+                if (!(WSSecurityTokenConstants.TokenUsage_SupportingTokens.getName().equals(supportingTokens.getName().getLocalPart())
+                    && !tokenUsage.getName().contains("Endorsing"))
+                    && !tokenUsage.getName().equals(supportingTokens.getName().getLocalPart()))
{
                     ignoreToken++;
                     continue loop;
                 }



Mime
View raw message