Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-18917

camel-as2 - Signature is not validated

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 3.21.0, 4.0.0
    • camel-as2
    • None
    • Unknown

    Description

      org.apache.camel.component.as2.api.entity.EntityParser can parse SIGNED requests into org.apache.camel.component.as2.api.entity.MultipartSignedEntity.

      But the signature part is completely ignored and never validated.

      Is this intentional? Whats the point of having a signature that is never validated.

      I'm wondering, because MultipartSignedEntity has a method "isValid" that is only used in the unit tests, not during request handling.

      Also I've recognized, that the "isValid" method does the validation wrong.

      To my knowledge one should check if the signatures certificate is contained in the certificates configured on the endpoint and then verify the signature against this. But in fact, the method validates the request-signature against the certificate provided within the signature. So currently the signature would be always valid.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CAMEL-18017 camel-as2 - Signed content in MDN gets corrupted and is not possible to validate

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #9219

          Activity

            People

              Unassigned Unassigned
              striderapache dennis lucero
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: