You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2022/07/14 08:08:11 UTC
[ws-wss4j] branch master updated: Adding some NPE guards
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 172c0884d Adding some NPE guards
172c0884d is described below
commit 172c0884deb0562081aa45259ee7eddbd85ce9a8
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jul 14 09:07:59 2022 +0100
Adding some NPE guards
---
.../org/apache/wss4j/dom/util/EncryptionUtils.java | 5 +++--
.../input/SignatureConfirmationInputProcessor.java | 26 ++++++++++++----------
2 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
index 667398017..4a0074626 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
@@ -48,7 +48,6 @@ import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.xml.parsers.ParserConfigurationException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
@@ -361,7 +360,7 @@ public final class EncryptionUtils {
SecretKey symmetricKey, String symEncAlgo, CallbackHandler attachmentCallbackHandler,
String xopURI, Element encData
) throws WSSecurityException, IOException, UnsupportedCallbackException, NoSuchAlgorithmException,
- NoSuchPaddingException, ParserConfigurationException, XMLParserException {
+ NoSuchPaddingException, XMLParserException {
if (attachmentCallbackHandler == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
@@ -402,6 +401,8 @@ public final class EncryptionUtils {
String fixedElementStr = setParentPrefixes(encData, new String(bytes));
document = org.apache.xml.security.utils.XMLUtils.read(
new ByteArrayInputStream(fixedElementStr.getBytes()), true);
+ } else {
+ throw ex;
}
}
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java
index 89461d066..9bd972077 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java
@@ -69,22 +69,24 @@ public class SignatureConfirmationInputProcessor extends AbstractInputProcessor
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
}
- for (int i = 0; i < signatureValueSecurityEventList.size(); i++) {
- SignatureValueSecurityEvent signatureValueSecurityEvent = signatureValueSecurityEventList.get(i);
- byte[] signatureValue = signatureValueSecurityEvent.getSignatureValue();
+ if (signatureValueSecurityEventList != null) {
+ for (int i = 0; i < signatureValueSecurityEventList.size(); i++) {
+ SignatureValueSecurityEvent signatureValueSecurityEvent = signatureValueSecurityEventList.get(i);
+ byte[] signatureValue = signatureValueSecurityEvent.getSignatureValue();
- boolean found = false;
+ boolean found = false;
- for (int j = 0; j < signatureConfirmationTypeList.size(); j++) {
- SignatureConfirmationType signatureConfirmationType = signatureConfirmationTypeList.get(j);
- byte[] sigConfValue = signatureConfirmationType.getValue();
- if (Arrays.equals(signatureValue, sigConfValue)) {
- found = true;
+ for (int j = 0; j < signatureConfirmationTypeList.size(); j++) {
+ SignatureConfirmationType signatureConfirmationType = signatureConfirmationTypeList.get(j);
+ byte[] sigConfValue = signatureConfirmationType.getValue();
+ if (Arrays.equals(signatureValue, sigConfValue)) {
+ found = true;
+ }
}
- }
- if (!found) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ if (!found) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
}
}
}