Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-4453

Make the CryptoCoverageChecker easier to use for common signature verification and decryption use-cases

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.8, 2.5.4, 2.6.1
    • Fix Version/s: 2.4.9, 2.5.5, 2.6.2
    • Component/s: WS-* Components
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      The CryptoCoverageChecker is designed to be used in conjunction with the WSS4JInInterceptor for the non-WS-SecurityPolicy case, to check that elements you expected to be signed or encrypted actually were. However, for some common use-cases based around signature verification or decryption it is slightly complex to set up, as it involves adding XPath expressions, as well as the corresponding prefix/namespace pairs. This task is to extend the CryptoCoverageChecker to make it easier to use for some common use-cases.

      A new subclass called "DefaultCryptoCoverageChecker" will be introduced, which will provide an easy way to make sure that the SOAP Body is signed or encrypted, that the Timestamp is signed, and that the WS-Addressing ReplyTo and FaultTo headers are signed (if they are present in the message payload).

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            coheigea Colm O hEigeartaigh
            Reporter:
            coheigea Colm O hEigeartaigh
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development