WSS4J
  1. WSS4J
  2. WSS-222

SignatureProcessor does not provide correct signature coverage results with STR Dereference Transform

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.8
    • Fix Version/s: 1.5.9, 1.6
    • Component/s: WSS4J Core
    • Labels:
      None

      Description

      SignatureProcessor does not report correct info when STR Dereference Transform is used. The implementation does not follow the dereference pointer to the security token and reports that the signed content is the SecurityTokenReference itself and not the referenced token. The URI in the signature part is dereferenced with no regard to the transform used in the signature part.

      This issue makes it difficult to validate signature coverage over something like an embedded SAML assertion when that assertion is also used as the key material for the signature and is referenced and signed through a SecurityTokenReference.

      1. patch.txt
        21 kB
        David Valeri

        Issue Links

          Activity

          Hide
          David Valeri added a comment -

          Attached test case and patch.

          Show
          David Valeri added a comment - Attached test case and patch.
          Hide
          Colm O hEigeartaigh added a comment -

          Merge log for 1_5_x-fixes branch:

          Log:
          [WS-222] - Applied patch for "SignatureProcessor does not provide correct signature coverage results with STR Dereference Transform".

          • Many thanks David for the patch and test-case.

          Added:
          webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/transform/STRTransformUtil.java (with props)
          Modified:
          webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java
          webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/transform/STRTransform.java
          webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties
          webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java

          Colm.

          Show
          Colm O hEigeartaigh added a comment - Merge log for 1_5_x-fixes branch: Log: [WS-222] - Applied patch for "SignatureProcessor does not provide correct signature coverage results with STR Dereference Transform". Many thanks David for the patch and test-case. Added: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/transform/STRTransformUtil.java (with props) Modified: webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/processor/SignatureProcessor.java webservices/wss4j/branches/1_5_x-fixes/src/org/apache/ws/security/transform/STRTransform.java webservices/wss4j/branches/1_5_x-fixes/test/log4j.properties webservices/wss4j/branches/1_5_x-fixes/test/wssec/TestWSSecuritySignatureParts.java Colm.

            People

            • Assignee:
              Colm O hEigeartaigh
              Reporter:
              David Valeri
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development