You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2019/12/16 10:16:00 UTC
[ws-wss4j] branch master updated (6210567 -> a85fd33)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git.
from 6210567 Fixing markdown
new f76ad80 Fixing up some javadoc
new a85fd33 Fixing a few trivial bugs
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../common/crypto/AlgorithmSuiteValidator.java | 4 +-
.../org/apache/wss4j/common/crypto/Merlin.java | 5 +-
.../apache/wss4j/common/crypto/MerlinDevice.java | 5 +-
.../wss4j/common/saml/bean/ConditionsBean.java | 10 ++--
.../wss4j/dom/message/WSSecUsernameToken.java | 4 +-
.../processor/SecurityContextTokenProcessor.java | 2 +-
.../wss4j/dom/processor/SignatureProcessor.java | 2 +-
.../org/apache/wss4j/dom/str/STRParserUtil.java | 1 -
.../org/apache/wss4j/dom/util/WSSecurityUtil.java | 2 +-
.../wss4j/dom/validate/SamlAssertionValidator.java | 54 +++++++++++-----------
.../stax/enforcer/PolicyEnforcerFactory.java | 2 +-
.../stax/validate/SamlTokenValidatorImpl.java | 46 +++++++++---------
12 files changed, 66 insertions(+), 71 deletions(-)
[ws-wss4j] 02/02: Fixing a few trivial bugs
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit a85fd33f2d41f92edabb1d629946a87f524d7fd7
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Dec 16 10:15:42 2019 +0000
Fixing a few trivial bugs
---
.../org/apache/wss4j/common/crypto/Merlin.java | 5 +-
.../apache/wss4j/common/crypto/MerlinDevice.java | 5 +-
.../wss4j/common/saml/bean/ConditionsBean.java | 10 ++--
.../org/apache/wss4j/dom/util/WSSecurityUtil.java | 2 +-
.../wss4j/dom/validate/SamlAssertionValidator.java | 54 +++++++++++-----------
.../stax/validate/SamlTokenValidatorImpl.java | 46 +++++++++---------
6 files changed, 60 insertions(+), 62 deletions(-)
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
index a2919bc..ddb2a8d 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
@@ -282,10 +282,7 @@ public class Merlin extends CryptoBase {
loadCacerts = loadCacerts.trim();
}
if (Boolean.valueOf(loadCacerts)) {
- String cacertsPath = System.getProperty("java.home") + "/lib/security/cacerts";
- if (cacertsPath != null) {
- cacertsPath = cacertsPath.trim();
- }
+ String cacertsPath = (System.getProperty("java.home") + "/lib/security/cacerts").trim();
try (InputStream is = Files.newInputStream(Paths.get(cacertsPath))) {
String cacertsPasswd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (cacertsPasswd != null) {
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
index d719d26..02f460c 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
@@ -147,10 +147,7 @@ public class MerlinDevice extends Merlin {
loadCACerts = false;
}
} else if (Boolean.valueOf(loadCacerts)) {
- String cacertsPath = System.getProperty("java.home") + "/lib/security/cacerts";
- if (cacertsPath != null) {
- cacertsPath = cacertsPath.trim();
- }
+ String cacertsPath = (System.getProperty("java.home") + "/lib/security/cacerts").trim();
try (InputStream is = Files.newInputStream(Paths.get(cacertsPath))) {
String cacertsPasswd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
if (cacertsPasswd != null) {
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
index f97d041..b9665d2 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ConditionsBean.java
@@ -58,7 +58,7 @@ public class ConditionsBean {
this.notBefore = notBefore;
this.notAfter = notAfter;
}
-
+
/**
* Constructor ConditionsBean creates a new ConditionsBean instance.
*
@@ -85,7 +85,7 @@ public class ConditionsBean {
public ConditionsBean(
int tokenPeriodMinutes
) {
- this.tokenPeriodSeconds = tokenPeriodMinutes * 60;
+ this.tokenPeriodSeconds = tokenPeriodMinutes * 60L;
}
/**
@@ -105,7 +105,7 @@ public class ConditionsBean {
public void setNotBefore(DateTime notBefore) {
this.notBefore = notBefore;
}
-
+
/**
* Set the notBefore instance
*
@@ -136,7 +136,7 @@ public class ConditionsBean {
public void setNotAfter(DateTime notAfter) {
this.notAfter = notAfter;
}
-
+
/**
* Set the notAfter instance
*
@@ -165,7 +165,7 @@ public class ConditionsBean {
* @param tokenPeriodMinutes the tokenPeriodMinutes to set
*/
public void setTokenPeriodMinutes(int tokenPeriodMinutes) {
- this.tokenPeriodSeconds = tokenPeriodMinutes * 60;
+ this.tokenPeriodSeconds = tokenPeriodMinutes * 60L;
}
/**
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
index 1bee80e..28876bb 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
@@ -619,7 +619,7 @@ public final class WSSecurityUtil {
} else {
try {
int parsedAction = Integer.parseInt(single[i]);
- if (wssConfig.getAction(parsedAction) == null) {
+ if (wssConfig == null || wssConfig.getAction(parsedAction) == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
new Object[] {"Unknown action defined: " + single[i]}
);
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
index 93142ab..60dd6ed 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
@@ -147,36 +147,38 @@ public class SamlAssertionValidator extends SignatureTrustValidator {
boolean signed = samlAssertion.isSigned();
boolean requiredMethodFound = false;
boolean standardMethodFound = false;
- for (String method : methods) {
- if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
- if (samlAssertion.getSubjectKeyInfo() == null) {
- LOG.warn("There is no Subject KeyInfo to match the holder-of-key subject conf method");
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKeyInSAMLToken");
- }
+ if (methods != null) {
+ for (String method : methods) {
+ if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
+ if (samlAssertion.getSubjectKeyInfo() == null) {
+ LOG.warn("There is no Subject KeyInfo to match the holder-of-key subject conf method");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noKeyInSAMLToken");
+ }
- // The assertion must have been signed for HOK
- if (!signed) {
- LOG.warn("A holder-of-key assertion must be signed");
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ // The assertion must have been signed for HOK
+ if (!signed) {
+ LOG.warn("A holder-of-key assertion must be signed");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ }
+ standardMethodFound = true;
}
- standardMethodFound = true;
- }
- if (method != null) {
- if (method.equals(requiredSubjectConfirmationMethod)) {
- requiredMethodFound = true;
- }
- if (SAML2Constants.CONF_BEARER.equals(method)
- || SAML1Constants.CONF_BEARER.equals(method)) {
- standardMethodFound = true;
- if (requireBearerSignature && !signed) {
- LOG.warn("A Bearer Assertion was not signed");
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
- "invalidSAMLsecurity");
+ if (method != null) {
+ if (method.equals(requiredSubjectConfirmationMethod)) {
+ requiredMethodFound = true;
+ }
+ if (SAML2Constants.CONF_BEARER.equals(method)
+ || SAML1Constants.CONF_BEARER.equals(method)) {
+ standardMethodFound = true;
+ if (requireBearerSignature && !signed) {
+ LOG.warn("A Bearer Assertion was not signed");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+ "invalidSAMLsecurity");
+ }
+ } else if (SAML2Constants.CONF_SENDER_VOUCHES.equals(method)
+ || SAML1Constants.CONF_SENDER_VOUCHES.equals(method)) {
+ standardMethodFound = true;
}
- } else if (SAML2Constants.CONF_SENDER_VOUCHES.equals(method)
- || SAML1Constants.CONF_SENDER_VOUCHES.equals(method)) {
- standardMethodFound = true;
}
}
}
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
index c3f9e73..bc3ddf1 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
@@ -169,33 +169,35 @@ public class SamlTokenValidatorImpl extends SignatureTokenValidatorImpl implemen
boolean signed = samlAssertion.isSigned();
boolean requiredMethodFound = false;
boolean standardMethodFound = false;
- for (String method : methods) {
- // The assertion must have been signed for HOK
- if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
- if (!signed) {
- LOG.warn("A holder-of-key assertion must be signed");
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
- "invalidSAMLsecurity");
- }
- standardMethodFound = true;
- }
-
- if (method != null) {
- if (method.equals(requiredSubjectConfirmationMethod)) {
- requiredMethodFound = true;
- }
- if (SAML2Constants.CONF_BEARER.equals(method)
- || SAML1Constants.CONF_BEARER.equals(method)) {
- standardMethodFound = true;
- if (requireBearerSignature && !signed) {
- LOG.warn("A Bearer Assertion was not signed");
+ if (methods != null) {
+ for (String method : methods) {
+ // The assertion must have been signed for HOK
+ if (OpenSAMLUtil.isMethodHolderOfKey(method)) {
+ if (!signed) {
+ LOG.warn("A holder-of-key assertion must be signed");
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
- } else if (SAML2Constants.CONF_SENDER_VOUCHES.equals(method)
- || SAML1Constants.CONF_SENDER_VOUCHES.equals(method)) {
standardMethodFound = true;
}
+
+ if (method != null) {
+ if (method.equals(requiredSubjectConfirmationMethod)) {
+ requiredMethodFound = true;
+ }
+ if (SAML2Constants.CONF_BEARER.equals(method)
+ || SAML1Constants.CONF_BEARER.equals(method)) {
+ standardMethodFound = true;
+ if (requireBearerSignature && !signed) {
+ LOG.warn("A Bearer Assertion was not signed");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+ "invalidSAMLsecurity");
+ }
+ } else if (SAML2Constants.CONF_SENDER_VOUCHES.equals(method)
+ || SAML1Constants.CONF_SENDER_VOUCHES.equals(method)) {
+ standardMethodFound = true;
+ }
+ }
}
}
[ws-wss4j] 01/02: Fixing up some javadoc
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
commit f76ad80af477a12d4e9eba4e607faae9fe2670a1
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Dec 16 10:03:49 2019 +0000
Fixing up some javadoc
---
.../java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java | 4 ++--
.../main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java | 4 +---
.../org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java | 2 +-
.../main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java | 2 +-
.../src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java | 1 -
.../org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java | 2 +-
6 files changed, 6 insertions(+), 9 deletions(-)
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
index 36d072a..7b4ae29 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/AlgorithmSuiteValidator.java
@@ -238,7 +238,7 @@ public class AlgorithmSuiteValidator {
if (requiredKeyLength > 0 && (derivedKeyLength / 8) != requiredKeyLength) {
LOG.warn(
"The signature derived key length of " + derivedKeyLength + " does not match"
- + "the requirement of " + requiredKeyLength
+ + " the requirement of " + requiredKeyLength
);
}
}
@@ -253,7 +253,7 @@ public class AlgorithmSuiteValidator {
if (requiredKeyLength > 0 && (derivedKeyLength / 8) != requiredKeyLength) {
LOG.warn(
"The encryption derived key length of " + derivedKeyLength + " does not match"
- + "the requirement of " + requiredKeyLength
+ + " the requirement of " + requiredKeyLength
);
}
}
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
index 51f2455..b92196e 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecUsernameToken.java
@@ -161,8 +161,6 @@ public class WSSecUsernameToken extends WSSecBase {
* <code>prepare()</code> all parameters such as user, password,
* passwordType etc. must be set. A complete <code>UsernameToken</code> is
* constructed.
- *
- * @param The salt value to use if we are using a derived key
*/
public void prepare() {
prepare(null);
@@ -224,7 +222,7 @@ public class WSSecUsernameToken extends WSSecBase {
* <code>UsernameToken</code> is constructed and added to the
* <code>wsse:Security</code> header.
*
- * @param the salt value to add if we are using a derived key
+ * @param salt the salt value to add if we are using a derived key
* @return Document with UsernameToken added
*/
public Document build(byte[] salt) {
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java
index a051f9d..182aeca 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SecurityContextTokenProcessor.java
@@ -92,7 +92,7 @@ public class SecurityContextTokenProcessor implements Processor {
* Get the secret from the provided callback handler and return it.
*
* @param cb
- * @param sct
+ * @param identifier
* @return The key collected using the callback handler
*/
private byte[] getSecret(CallbackHandler cb, String identifier)
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
index 47bf540..7ac544c 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
@@ -408,8 +408,8 @@ public class SignatureProcessor implements Processor {
* Retrieve the Reference elements and set them on the ValidateContext
* @param xmlSignature the XMLSignature object to get the references from
* @param context the ValidateContext
+ * @param data The RequestData object
* @param wsDocInfo the WSDocInfo object where tokens are stored
- * @param doc the owner document from which to find elements
* @throws WSSecurityException
*/
private void setElementsOnContext(
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
index 9f22d11..f7730c2 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
@@ -64,7 +64,6 @@ public final class STRParserUtil {
* @param secRef the SecurityTokenReference to the SAML Assertion
* @param strElement The SecurityTokenReference DOM element
* @param request The RequestData instance used to obtain configuration
- * @param wsDocInfo The WSDocInfo object that holds previous results
* @return an SamlAssertionWrapper object
* @throws WSSecurityException
*/
diff --git a/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java b/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java
index 1c3a33e..6402ca6 100644
--- a/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java
+++ b/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/enforcer/PolicyEnforcerFactory.java
@@ -431,7 +431,7 @@ public class PolicyEnforcerFactory {
* @param roleOrActor The actor or role of the security processing. Must be set to the same value
* as WSSSecurityProperties#setActor()
* @param attachmentCount The number of Attachments received in the message
- * @param Whether we are using SOAP 1.2 or not
+ * @param soap12 Whether we are using SOAP 1.2 or not
* @return the newly created PolicyEnforcer instance
* @throws WSSPolicyException
*/