in modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java [417:485]
protected void validateProtectionOrder(ValidatorData data, List<WSSecurityEngineResult> results)
throws RampartException {
String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
List<Integer> sigEncrActions = this.getSigEncrActions(results);
if(sigEncrActions.size() < 2) {
//There are no results to COMPARE
return;
}
boolean sigNotPresent = true;
boolean encrNotPresent = true;
for (Object sigEncrAction : sigEncrActions) {
Integer act = (Integer) sigEncrAction;
if (act == WSConstants.SIGN) {
sigNotPresent = false;
} else if (act == WSConstants.ENCR) {
encrNotPresent = false;
}
}
// Only one action is present, so there is no order to check
if ( sigNotPresent || encrNotPresent ) {
return;
}
boolean done = false;
if(SPConstants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
boolean sigFound = false;
for (Iterator iter = sigEncrActions.iterator();
iter.hasNext() || !done;) {
Integer act = (Integer) iter.next();
if(act == WSConstants.ENCR && ! sigFound ) {
// We found ENCR and SIGN has not been found - break and fail
break;
}
if(act == WSConstants.SIGN) {
sigFound = true;
} else if(sigFound) {
//We have an ENCR action after sig
done = true;
}
}
} else {
boolean encrFound = false;
for (Object sigEncrAction : sigEncrActions) {
Integer act = (Integer) sigEncrAction;
if (act == WSConstants.SIGN && !encrFound) {
// We found SIGN and ENCR has not been found - break and fail
break;
}
if (act == WSConstants.ENCR) {
encrFound = true;
} else if (encrFound) {
//We have an ENCR action after sig
done = true;
}
}
}
if(!done) {
throw new RampartException("protectionOrderMismatch");
}
}