RAMPART-287: Apply patch provided by Suresh Attanayake.
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
index 0572cd6..2708a99 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -284,8 +284,8 @@
+", Signature tool :" + (t2 - t1) );
}
- // Check for signature protection
- if (rpd.isSignatureProtection() && this.mainSigId != null) {
+ // Check for signature protection and encrypted supporting tokens
+ if (rpd.isSignatureProtection() && this.mainSigId != null || !encryptedTokensIdList.isEmpty()) {
long t3 = 0, t4 = 0;
if(tlog.isDebugEnabled()){
t3 = System.currentTimeMillis();
@@ -293,9 +293,10 @@
List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
- // Now encrypt the signature using the above token
- secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
- "Element"));
+ if (rpd.isSignatureProtection() && this.mainSigId != null) {
+ // Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+ }
if(rmd.isInitiator()) {
for (String anEncryptedTokensIdList : encryptedTokensIdList) {
@@ -303,38 +304,37 @@
}
}
- Element secondRefList = null;
+ if (!secondEncrParts.isEmpty()) {
- if (encryptionToken.isDerivedKeys()) {
- try {
+ Element secondRefList = null;
- secondRefList = dkEncr.encryptForExternalRef(null,
- secondEncrParts);
- RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
- secondRefList);
+ if (encryptionToken.isDerivedKeys()) {
+ try {
- } catch (WSSecurityException e) {
- throw new RampartException("errorCreatingEncryptedKey",
- e);
- }
- } else {
- try {
- // Encrypt, get hold of the ref list and add it
- secondRefList = encr.encryptForExternalRef(null,
- secondEncrParts);
+ secondRefList = dkEncr.encryptForExternalRef(null, secondEncrParts);
+ RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem, secondRefList);
- // Insert the ref list after the encrypted key elem
- this.setInsertionLocation(RampartUtil
- .insertSiblingAfter(rmd, encrTokenElement,
- secondRefList));
- } catch (WSSecurityException e) {
- throw new RampartException("errorInEncryption", e);
- }
- }
- if(tlog.isDebugEnabled()){
- t4 = System.currentTimeMillis();
- tlog.debug("Signature protection took :" + (t4 - t3));
- }
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ }
+ } else {
+ try {
+ // Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForRef(null, secondEncrParts);
+
+ // Insert the ref list after the encrypted key elem
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ encrTokenElement, secondRefList));
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ if (tlog.isDebugEnabled()) {
+ t4 = System.currentTimeMillis();
+ tlog.debug("Signature protection took :" + (t4 - t3));
+ }
+ }
}
}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
index 6dc753c..5f18311 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -227,8 +227,8 @@
RampartUtil.setEncryptionUser(rmd, encrKey);
//TODO we do not need to pass keysize as it is taken from algorithm it self - verify
- encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
-
+ encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encrKey.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
return encrKey;