You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/11/25 12:34:15 UTC

svn commit: r1771310 - in /webservices/wss4j/branches/2_1_x-fixes: ws-security-common/src/main/java/org/apache/wss4j/common/crypto/ ws-security-common/src/main/java/org/apache/wss4j/common/util/ ws-security-dom/src/main/java/org/apache/wss4j/dom/action...

Author: coheigea
Date: Fri Nov 25 12:34:15 2016
New Revision: 1771310

URL: http://svn.apache.org/viewvc?rev=1771310&view=rev
Log:
Findbugs analysis

Modified:
    webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java Fri Nov 25 12:34:15 2016
@@ -664,7 +664,7 @@ public class Merlin extends CryptoBase {
         String identifier = getIdentifier(certificate, keystore);
         if (identifier == null) {
             try {
-                String msg = "Cannot find key for alias: [" + identifier + "]";
+                String msg = "Cannot find key for certificate";
                 String logMsg = createKeyStoreErrorMessage(keystore);
                 LOG.error(msg + logMsg);
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
@@ -703,7 +703,7 @@ public class Merlin extends CryptoBase {
         String identifier = getIdentifier(publicKey, keystore);
         if (identifier == null) {
             try {
-                String msg = "Cannot find key for alias: [" + identifier + "]";
+                String msg = "Cannot find key for corresponding public key";
                 String logMsg = createKeyStoreErrorMessage(keystore);
                 LOG.error(msg + logMsg);
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java Fri Nov 25 12:34:15 2016
@@ -1,5 +1,5 @@
 /**
- * Licensed to the Apache Software Foundation (ASF) under one
+L * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements. See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership. The ASF licenses this file
@@ -128,7 +128,7 @@ public final class XMLUtils {
     public static String prettyDocumentToString(Document doc) throws IOException, TransformerException {
         try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
             elementToStream(doc.getDocumentElement(), baos);
-            return new String(baos.toByteArray());
+            return new String(baos.toByteArray(), "UTF-8");
         }
     }
 

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java Fri Nov 25 12:34:15 2016
@@ -100,7 +100,7 @@ public class SignatureDerivedAction exte
             wsSign.prepare(doc, reqData.getSecHeader());
 
             List<javax.xml.crypto.dsig.Reference> referenceList =
-                wsSign.addReferencesToSign(parts, reqData.getSecHeader());
+                wsSign.addReferencesToSign(wsSign.getParts(), reqData.getSecHeader());
 
             // Put the DerivedKeyToken Element in the right place in the security header
             Node nextSibling = null;

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Fri Nov 25 12:34:15 2016
@@ -1183,7 +1183,7 @@ public abstract class WSHandler {
         int doAction
     ) throws WSSecurityException {
 
-        int reason = WSPasswordCallback.UNKNOWN;
+        int reason;
 
         switch (doAction) {
         case WSConstants.UT:
@@ -1202,6 +1202,8 @@ public abstract class WSHandler {
         case WSConstants.DKT_ENCR:
             reason = WSPasswordCallback.SECRET_KEY;
             break;
+        default:
+            reason = WSPasswordCallback.UNKNOWN;
         }
         return new WSPasswordCallback(username, reason);
     }

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java Fri Nov 25 12:34:15 2016
@@ -319,4 +319,28 @@ public class KerberosSecurity extends Bi
         return false;
     }
 
+    @Override
+    public boolean equals(Object object) {
+        if (!(object instanceof KerberosSecurity)) {
+            return false;
+        }
+        
+        KerberosSecurity that = (KerberosSecurity)object;
+        if (secretKey != null && !secretKey.equals(that.secretKey)) {
+            return false;
+        } else if (secretKey == null && that.secretKey != null) {
+            return false;
+        }
+        
+        return super.equals(object);
+    }
+    
+    @Override
+    public int hashCode() {
+        int hashCode = 17;
+        if (secretKey != null) {
+            hashCode *= 31 + secretKey.hashCode();
+        }
+        return hashCode *= 31 + super.hashCode();
+    }
 }

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java Fri Nov 25 12:34:15 2016
@@ -176,7 +176,9 @@ public class EncryptedDataProcessor impl
         wsDocInfo.addTokenElement(elem);
 
         List<WSSecurityEngineResult> completeResults = new LinkedList<>();
-        completeResults.addAll(encrKeyResults);
+        if (encrKeyResults != null) {
+            completeResults.addAll(encrKeyResults);
+        }
         completeResults.add(result);
 
         WSSConfig wssConfig = request.getWssConfig();