'[jira] Commented: (WSS-254) Encryption/signing of multiple message'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-dev
Subject:    [jira] Commented: (WSS-254) Encryption/signing of multiple message
From:       "Marcin Markiewicz (JIRA)" <jira () apache ! org>
Date:       2010-11-25 12:20:17
Message-ID: 2462179.307261290687617519.JavaMail.jira () thor
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/WSS-254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12935737#action_12935737 \
] 

Marcin Markiewicz commented on WSS-254:
---------------------------------------

First solution for this issue, that works for me. See attached file.
This solution isn't pretty and i think it needs a rework, but I don't know this \
project well and don't know where to put some helper methods. Basically the changes \
are made in the class WSSecEncrypt, method doEncryption (line 472 ff) Now this method \
serches for  documents' nodes that are matching the given WSEncryptionParts in the \
Vector "references". this is made in the new method "findMatchingElements". This new \
method uses some other new methods like "matches", "getNodeXPath", "matchesXPaths" \
(all implementd by me) Then the found Nodes (they are in an Map, together with the \
WSEncryptionParts which selected them) are processed using the new method \
"encryptPart". This method is an extracted part from the old method "doEncryption"  \
that does call the real encryption mechanism. Here no changes was made by me.

Now it it possible to find ALL elements with the name/namespace given by the \
WSEncryptionPart, and more - if the WSEncryptionPart contains an XPath expression - \
this will be user instead of the name/namespace combi for searching. There are no new \
constructors or public methods, so the code is backward compatible with the version \
1.5.9 (i don't know when the getXpath and setXpath methods were added to \
WSEncryptionPart. In 1.5.7 there were not there).  And there is one more advantage: \
the old method was serching the document for the matching Nodes for each \
WSEncryptionPart. Now the document is scanned one time and all WSEncryptionParts are \
checked at the same time. So if there are 1000 WSEncryptionParts the document was \
scanned 1000 times until the Nodes were found, now it is scanned one time. OK - \
usually there are fewer WSEncryptionParts - I think up to 5...

Please check my modifications for any problems (thread safety, security,...).


> Encryption/signing of multiple message parts with same name not working
> -----------------------------------------------------------------------
> 
> Key: WSS-254
> URL: https://issues.apache.org/jira/browse/WSS-254
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.5.10, 1.6
> Environment: all. (found out an a windows vista machine with java 1.6)
> Reporter: Marcin Markiewicz
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> 
> The current implementation of the class "WSSecEncypt" lookf in the document to \
> encrypt for elements only by their name and namespace (this are the only \
> informations provided by the class "WSEncryptionPart"). The search  find the first \
> element with this name and lets encrypt it. If there are other elements with the \
> same name we wish to encrypt it cannot be done. But it is needed if one uses lists \
> of elements Following example shows the issue:
> <xml...>
> <soapenv:Envelope>
> <soapenv:Header>
> <myNS:Header1>
> <!-- XML data-->
> </myNS:Header1>
> <myNS:Header2>
> <!-- XML data-->
> <myNS:attachment>
> <!-- some data we don't wish to encrypt -->
> <myNS:attachment>
> </myNS:Header2>
> ...
> <myNS:Attachments>
> <myNS:attachment>
> <!-- 1. binary data base64 encoded -->
> </myNS:attachment>
> <myNS:attachment>
> <!-- 2. binary data base64 encoded -->
> </myNS:attachment>
> <myNS:attachment>
> <!-- 3. binary data base64 encoded -->
> </myNS:attachment>
> ...
> </myNS:Attachments>
> ...
> <myNS:HeaderX>
> <!-- XML data-->
> </myNS:HeaderX>
> </soapenv:Header>
> <soapenv:Body>
> <!-- XML data-->
> </soapenv:Body>
> </soapenv:Envelope>
> if we use the WSEncyrpionPart this way:
> WSEncryptionPart encryptionPart = new WSEncryptionPart("attachment", "myNS-URI", \
> "Content"); then only the element "Envelope/Header/Header2/attachment" will be \
> encryptet. Thus the one we don't want to encrypt, but the other ones will not be \
> encrypted. To solve this problem a XPath support in WSEncryptionPart and \
> WSSecEncryption is to be implemented (and maybe more...)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic