-
Bug
-
Resolution: Done
-
Major
-
jbossws-native-3.0.5
-
None
If we are using WS-Security encryption with token reference type 'x509IssuerSerial':
<encrypt type="x509v3" alias="alias1" tokenReference="x509IssuerSerial" />
the generated XML fragment is missing the enclosing X509Data element.
Example in WS-Security 1.0 Spec:
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>DC=ACMECorp, DC=com</ds:X509IssuerName>
<ds:X509SerialNumber>12345678</X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
Generated XML fragment:
<wsse:SecurityTokenReference wsu:Id='reference-x'>
<ds:X509SerialNumber>y</ds:X509SerialNumber>
</wsse:SecurityTokenReference>
I have investigated the class
org.jboss.ws.extensions.security.element.X509IssuerSerial
and think that its method "public Element getElement()" is the possible source of this bug. The local variable "element" is overriden and previously generated XML is lost. The code of this method is unchanged in jbossws-3.1.0.
public Element getElement()
{ if (cachedElement != null) return cachedElement; Element element = doc.createElementNS(Constants.XML_SIGNATURE_NS, "ds:X509Data"); Element issuerSerial = doc.createElementNS(Constants.XML_SIGNATURE_NS, "ds:X509IssuerSerial"); element.appendChild(issuerSerial); element = doc.createElementNS(Constants.XML_SIGNATURE_NS, "ds:X509IssuerName"); element.appendChild(doc.createTextNode(issuer)); issuerSerial.appendChild(element); element = doc.createElementNS(Constants.XML_SIGNATURE_NS, "ds:X509SerialNumber"); element.appendChild(doc.createTextNode(serial)); issuerSerial.appendChild(element); cachedElement = element; return cachedElement; }