You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2016/11/25 12:34:15 UTC
svn commit: r1771310 - in /webservices/wss4j/branches/2_1_x-fixes:
ws-security-common/src/main/java/org/apache/wss4j/common/crypto/
ws-security-common/src/main/java/org/apache/wss4j/common/util/
ws-security-dom/src/main/java/org/apache/wss4j/dom/action...
Author: coheigea
Date: Fri Nov 25 12:34:15 2016
New Revision: 1771310
URL: http://svn.apache.org/viewvc?rev=1771310&view=rev
Log:
Findbugs analysis
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java Fri Nov 25 12:34:15 2016
@@ -664,7 +664,7 @@ public class Merlin extends CryptoBase {
String identifier = getIdentifier(certificate, keystore);
if (identifier == null) {
try {
- String msg = "Cannot find key for alias: [" + identifier + "]";
+ String msg = "Cannot find key for certificate";
String logMsg = createKeyStoreErrorMessage(keystore);
LOG.error(msg + logMsg);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
@@ -703,7 +703,7 @@ public class Merlin extends CryptoBase {
String identifier = getIdentifier(publicKey, keystore);
if (identifier == null) {
try {
- String msg = "Cannot find key for alias: [" + identifier + "]";
+ String msg = "Cannot find key for corresponding public key";
String logMsg = createKeyStoreErrorMessage(keystore);
LOG.error(msg + logMsg);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java Fri Nov 25 12:34:15 2016
@@ -1,5 +1,5 @@
/**
- * Licensed to the Apache Software Foundation (ASF) under one
+L * Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
@@ -128,7 +128,7 @@ public final class XMLUtils {
public static String prettyDocumentToString(Document doc) throws IOException, TransformerException {
try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
elementToStream(doc.getDocumentElement(), baos);
- return new String(baos.toByteArray());
+ return new String(baos.toByteArray(), "UTF-8");
}
}
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/action/SignatureDerivedAction.java Fri Nov 25 12:34:15 2016
@@ -100,7 +100,7 @@ public class SignatureDerivedAction exte
wsSign.prepare(doc, reqData.getSecHeader());
List<javax.xml.crypto.dsig.Reference> referenceList =
- wsSign.addReferencesToSign(parts, reqData.getSecHeader());
+ wsSign.addReferencesToSign(wsSign.getParts(), reqData.getSecHeader());
// Put the DerivedKeyToken Element in the right place in the security header
Node nextSibling = null;
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/WSHandler.java Fri Nov 25 12:34:15 2016
@@ -1183,7 +1183,7 @@ public abstract class WSHandler {
int doAction
) throws WSSecurityException {
- int reason = WSPasswordCallback.UNKNOWN;
+ int reason;
switch (doAction) {
case WSConstants.UT:
@@ -1202,6 +1202,8 @@ public abstract class WSHandler {
case WSConstants.DKT_ENCR:
reason = WSPasswordCallback.SECRET_KEY;
break;
+ default:
+ reason = WSPasswordCallback.UNKNOWN;
}
return new WSPasswordCallback(username, reason);
}
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/token/KerberosSecurity.java Fri Nov 25 12:34:15 2016
@@ -319,4 +319,28 @@ public class KerberosSecurity extends Bi
return false;
}
+ @Override
+ public boolean equals(Object object) {
+ if (!(object instanceof KerberosSecurity)) {
+ return false;
+ }
+
+ KerberosSecurity that = (KerberosSecurity)object;
+ if (secretKey != null && !secretKey.equals(that.secretKey)) {
+ return false;
+ } else if (secretKey == null && that.secretKey != null) {
+ return false;
+ }
+
+ return super.equals(object);
+ }
+
+ @Override
+ public int hashCode() {
+ int hashCode = 17;
+ if (secretKey != null) {
+ hashCode *= 31 + secretKey.hashCode();
+ }
+ return hashCode *= 31 + super.hashCode();
+ }
}
Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java?rev=1771310&r1=1771309&r2=1771310&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java (original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java Fri Nov 25 12:34:15 2016
@@ -176,7 +176,9 @@ public class EncryptedDataProcessor impl
wsDocInfo.addTokenElement(elem);
List<WSSecurityEngineResult> completeResults = new LinkedList<>();
- completeResults.addAll(encrKeyResults);
+ if (encrKeyResults != null) {
+ completeResults.addAll(encrKeyResults);
+ }
completeResults.add(result);
WSSConfig wssConfig = request.getWssConfig();