You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ws.apache.org by co...@apache.org on 2020/04/15 14:50:21 UTC

[ws-wss4j] branch master updated (6d3d66f -> df07479)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git.


    from 6d3d66f  Some fixes following latest Santuario changes
     new 70c768d  Fixing potential NPEs when searching for elements, if the Ids are null
     new df07479  Picking up some changes from Santuario

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../org/apache/wss4j/common/util/XMLUtils.java     |  4 +-
 .../org/apache/wss4j/stax/ext/WSSSecurePart.java   | 67 ++++++++++++++++++++++
 .../processor/output/SAMLTokenOutputProcessor.java | 10 ++--
 .../output/WSSSignatureOutputProcessor.java        |  5 +-
 4 files changed, 79 insertions(+), 7 deletions(-)
 create mode 100644 ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurePart.java

[ws-wss4j] 01/02: Fixing potential NPEs when searching for elements, if the Ids are null

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git

commit 70c768d571ffec3347691c392d9bf5dead44e18d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Apr 15 15:22:37 2020 +0100

    Fixing potential NPEs when searching for elements, if the Ids are null
---
 .../src/main/java/org/apache/wss4j/common/util/XMLUtils.java          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java b/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
index 8468424..9135ecf 100755
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/util/XMLUtils.java
@@ -283,7 +283,7 @@ public final class XMLUtils {
         Element foundElement = null;
         String id = XMLUtils.getIDFromReference(value);
 
-        while (startNode != null) {
+        while (startNode != null && id != null) {
             // start node processing at this point
             if (startNode.getNodeType() == Node.ELEMENT_NODE) {
                 Element se = (Element) startNode;
@@ -460,7 +460,7 @@ public final class XMLUtils {
         // Replace the formerly recursive implementation with a depth-first-loop
         // lookup
         //
-        if (startNode == null) {
+        if (startNode == null || value == null) {
             return null;
         }
         Node startParent = startNode.getParentNode();

[ws-wss4j] 02/02: Picking up some changes from Santuario

Posted by co...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git

commit df0747948fa5f770a7907afafb1c2966dcf3001e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Apr 15 15:46:02 2020 +0100

    Picking up some changes from Santuario
---
 .../org/apache/wss4j/stax/ext/WSSSecurePart.java   | 67 ++++++++++++++++++++++
 .../processor/output/SAMLTokenOutputProcessor.java | 10 ++--
 .../output/WSSSignatureOutputProcessor.java        |  5 +-
 3 files changed, 77 insertions(+), 5 deletions(-)

diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurePart.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurePart.java
new file mode 100644
index 0000000..4d5e4b2
--- /dev/null
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurePart.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.ext;
+
+import javax.xml.namespace.QName;
+
+import org.apache.xml.security.stax.ext.SecurePart;
+
+/**
+ * Extend the Apache Santuario SecurePart class with some additional configuration for WSS
+ */
+public class WSSSecurePart extends SecurePart {
+
+    private String idToReference;
+
+    public WSSSecurePart(QName name, Modifier modifier) {
+        super(name, modifier);
+    }
+
+    public WSSSecurePart(QName name, Modifier modifier, String[] transforms, String digestMethod) {
+        super(name, modifier, transforms, digestMethod);
+    }
+
+    public WSSSecurePart(QName name, boolean generateXPointer, Modifier modifier) {
+        super(name, generateXPointer, modifier);
+    }
+
+    public WSSSecurePart(QName name, boolean generateXPointer, Modifier modifier, String[] transforms, String digestMethod) {
+        super(name, generateXPointer, modifier, transforms, digestMethod);
+    }
+
+    public WSSSecurePart(String externalReference) {
+        super(externalReference);
+    }
+
+    public WSSSecurePart(String externalReference, Modifier modifier) {
+        super(externalReference, modifier);
+    }
+
+    public WSSSecurePart(String externalReference, String[] transforms, String digestMethod) {
+        super(externalReference, transforms, digestMethod);
+    }
+
+    public String getIdToReference() {
+        return idToReference;
+    }
+
+    public void setIdToReference(String idToReference) {
+        this.idToReference = idToReference;
+    }
+}
\ No newline at end of file
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
index 4047d46..6e22962 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
@@ -41,6 +41,7 @@ import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.stax.ext.WSSConfigurationException;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurePart;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
@@ -210,10 +211,11 @@ public class SAMLTokenOutputProcessor extends AbstractOutputProcessor {
             finalSAMLTokenOutputProcessor.init(outputProcessorChain);
 
             if (includeSTR) {
-                SecurePart securePart =
-                        new SecurePart(
-                                new QName(WSSConstants.SOAPMESSAGE_NS10_STR_TRANSFORM),
-                                tokenId, securityTokenReferenceId, SecurePart.Modifier.Element);
+                WSSSecurePart securePart =
+                        new WSSSecurePart(
+                                new QName(WSSConstants.SOAPMESSAGE_NS10_STR_TRANSFORM), SecurePart.Modifier.Element);
+                securePart.setIdToSign(tokenId);
+                securePart.setIdToReference(securityTokenReferenceId);
                 outputProcessorChain.getSecurityContext().putAsMap(WSSConstants.SIGNATURE_PARTS, tokenId, securePart);
             }
 
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
index 2d28fb3..53420d3 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/WSSSignatureOutputProcessor.java
@@ -38,6 +38,7 @@ import org.apache.wss4j.common.ext.AttachmentResultCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.AttachmentUtils;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurePart;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.impl.transformer.AttachmentContentSignatureTransform;
 import org.apache.wss4j.stax.utils.WSSUtils;
@@ -111,7 +112,9 @@ public class WSSSignatureOutputProcessor extends AbstractSignatureOutputProcesso
                         }
                     } else {
                         if (WSSConstants.SOAPMESSAGE_NS10_STR_TRANSFORM.equals(securePart.getName().getLocalPart())) {
-                            signaturePartDef.setSigRefId(securePart.getIdToReference());
+                            if (securePart instanceof WSSSecurePart) {
+                                signaturePartDef.setSigRefId(((WSSSecurePart)securePart).getIdToReference());
+                            }
                             String[] transforms = new String[]{
                                     WSSConstants.SOAPMESSAGE_NS10_STR_TRANSFORM,
                                     WSSConstants.NS_C14N_EXCL