Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-2655

WS-SP token protection security binding property not correctly applied to X509 token in outbound interceptors

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.3
    • 2.2.7
    • WS-* Components
    • None
    • Moderate

    Description

      When a ProtectTokens assertion is used in an asymetric binding with X509 token, CXF does not sign the BST included in the message. It is likely that CXF also does not sign the proper parts if an issuer serial or key identifier is used instead.

      The direct reference case is triggered by an issue in AsymetricBindingHandler lines 386-392. One cannot prepend the BST and then get its ID because WSS4J removes this info after the BST is prepended.

      Changing the order of operations is one approach while working with the WSS4J signature builder's capabilities to sign the "Token" based on the mechanism by which the token is referenced may be a better approach.

      Test case is pending.

      Attachments

        1. cxf-2655.patch
          21 kB
          David Valeri
        2. cxf-2655-test.patch
          69 kB
          David Valeri

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CXF-2656 WS-SP signed elements assertion cannot be applied to portions of the signature in outbound processing

          • Major - Major loss of function.
          • Closed

          Activity

            People

              dkulp Daniel Kulp
              davaleri David Valeri
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: