'[jira] Created: (WSS-119) Error in Singature Processor'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    [jira] Created: (WSS-119) Error in Singature Processor
From:       "Nandana Mihindukulasooriya (JIRA)" <jira () apache ! org>
Date:       2008-05-22 5:41:55
Message-ID: 398760032.1211434915905.JavaMail.jira () brutus
[Download RAW message or body]

Error in Singature Processor 
-----------------------------

                 Key: WSS-119
                 URL: https://issues.apache.org/jira/browse/WSS-119
             Project: WSS4J
          Issue Type: Bug
            Reporter: Nandana Mihindukulasooriya
            Assignee: Nandana Mihindukulasooriya


In Signature processor, when the signature is created using an encrypted key, it \
processes the encrypted key even if it is already processed. I think this is wrong. \
It causes problems if EncryptedKey have internal data refs, it causes Exceptions as \
the data refs are already decrypted. Even if doesn't cause errors, it is an \
inefficient way to this as we process the encrypted key twice. 

Current :

                    if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
                        EncryptedKeyProcessor encryptKeyProcessor = new \
                EncryptedKeyProcessor();
                        encryptKeyProcessor.handleEncryptedKey((Element)token, cb, \
                crypto);
                        secretKey = encryptKeyProcessor.getDecryptedBytes();
                     
                    }

Should be : 

                        if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)){
                        
                        String encryptedKeyID = token.getAttributeNS(null,"Id");      \
                
                        EncryptedKeyProcessor encryptKeyProcessor = \
(EncryptedKeyProcessor)  wsDocInfo.getProcessor(encryptedKeyID);
                        
                        if (encryptKeyProcessor == null ) {
                        
                            encryptKeyProcessor = new EncryptedKeyProcessor();
                            encryptKeyProcessor.handleEncryptedKey((Element)token, \
cb, crypto);  
                        } 
                        
                        secretKey = encryptKeyProcessor.getDecryptedBytes();
                     
                    }  


thanks,
nandana

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic