You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2022/06/09 08:43:07 UTC
[ws-wss4j] branch master updated: PMD updates for ws-security-dom part II
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 5c414bb94 PMD updates for ws-security-dom part II
5c414bb94 is described below
commit 5c414bb9486727e34246ca13def76e7f2d449130
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jun 9 09:42:46 2022 +0100
PMD updates for ws-security-dom part II
---
.../src/main/java/org/apache/wss4j/dom/WSDocInfo.java | 8 ++------
.../org/apache/wss4j/dom/engine/WSSecurityEngineResult.java | 6 +++---
.../wss4j/dom/processor/BinarySecurityTokenProcessor.java | 4 ++--
.../apache/wss4j/dom/processor/EncryptedKeyProcessor.java | 12 ++++++------
.../org/apache/wss4j/dom/processor/SAMLTokenProcessor.java | 3 ++-
.../org/apache/wss4j/dom/processor/SignatureProcessor.java | 6 +++---
.../apache/wss4j/dom/processor/UsernameTokenProcessor.java | 2 +-
.../org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java | 6 +++---
.../main/java/org/apache/wss4j/dom/str/STRParserUtil.java | 2 +-
.../org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java | 8 ++++----
.../java/org/apache/wss4j/dom/str/SignatureSTRParser.java | 6 +++---
.../dom/transform/AttachmentCompleteSignatureTransform.java | 2 +-
.../dom/transform/AttachmentContentSignatureTransform.java | 6 +++---
.../main/java/org/apache/wss4j/dom/util/EncryptionUtils.java | 12 ++++++------
.../main/java/org/apache/wss4j/dom/util/SignatureUtils.java | 2 +-
.../main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java | 6 +-----
.../apache/wss4j/dom/validate/SamlAssertionValidator.java | 2 +-
.../apache/wss4j/dom/validate/SignatureTrustValidator.java | 9 ++++++---
18 files changed, 49 insertions(+), 53 deletions(-)
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java
index 74754bdde..cf66023c8 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java
@@ -252,11 +252,7 @@ public class WSDocInfo {
*/
public WSSecurityEngineResult getResult(String uri) {
String id = XMLUtils.getIDFromReference(uri);
- if (id == null) {
- return null;
- }
-
- if (!results.isEmpty()) {
+ if (id != null && !results.isEmpty()) {
for (WSSecurityEngineResult result : results) {
String cId = (String)result.get(WSSecurityEngineResult.TAG_ID);
if (id.equals(cId)) {
@@ -264,7 +260,7 @@ public class WSDocInfo {
}
}
}
- return null;
+ return null; //NOPMD
}
/**
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java
index 552252865..885f92610 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java
@@ -259,7 +259,7 @@ public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
put(TAG_PRINCIPAL, princ);
put(TAG_X509_CERTIFICATES, certs);
put(TAG_SIGNATURE_VALUE, sv);
- if (certs != null) {
+ if (certs != null && certs.length > 0) {
put(TAG_X509_CERTIFICATE, certs[0]);
}
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
@@ -302,7 +302,7 @@ public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes);
put(TAG_DATA_REF_URIS, dataRefUris);
put(TAG_X509_CERTIFICATES, certs);
- if (certs != null) {
+ if (certs != null && certs.length > 0) {
put(TAG_X509_CERTIFICATE, certs[0]);
}
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
@@ -351,7 +351,7 @@ public class WSSecurityEngineResult extends java.util.HashMap<String, Object> {
put(TAG_ACTION, act);
put(TAG_BINARY_SECURITY_TOKEN, token);
put(TAG_X509_CERTIFICATES, certs);
- if (certs != null) {
+ if (certs != null && certs.length > 0) {
put(TAG_X509_CERTIFICATE, certs[0]);
}
put(TAG_VALIDATED_TOKEN, Boolean.FALSE);
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
index 4c0ca0a5f..b6dfb01ad 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java
@@ -108,7 +108,7 @@ public class BinarySecurityTokenProcessor implements Processor {
}
} else if (credential.getPrincipal() != null) {
result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal());
- } else if (certs != null && certs[0] != null) {
+ } else if (certs != null && certs.length > 0 && certs[0] != null) {
result.put(WSSecurityEngineResult.TAG_PRINCIPAL, certs[0].getSubjectX500Principal());
}
result.put(WSSecurityEngineResult.TAG_SUBJECT, credential.getSubject());
@@ -139,7 +139,7 @@ public class BinarySecurityTokenProcessor implements Processor {
X509Certificate cert = ((X509Security) token).getX509Certificate(crypto);
return new X509Certificate[]{cert};
}
- return null;
+ return new X509Certificate[0];
}
/**
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
index 2edd4c924..a92c75484 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
@@ -163,7 +163,7 @@ public class EncryptedKeyProcessor implements Processor {
referenceType = parserResult.getCertificatesReferenceType();
} else {
certs = getCertificatesFromX509Data(keyInfoChildElement, data);
- if (certs == null) {
+ if (certs == null || certs.length == 0) {
XMLSignatureFactory signatureFactory;
if (provider == null) {
// Try to install the Santuario Provider - fall back to the JDK provider if this does
@@ -261,7 +261,7 @@ public class EncryptedKeyProcessor implements Processor {
RequestData data, X509Certificate[] certs, PublicKey publicKey
) throws WSSecurityException {
try {
- if (certs != null) {
+ if (certs != null && certs.length > 0) {
return data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler());
}
return data.getDecCrypto().getPrivateKey(publicKey, data.getCallbackHandler());
@@ -329,7 +329,7 @@ public class EncryptedKeyProcessor implements Processor {
PSource.PSpecified pSource = PSource.PSpecified.DEFAULT;
byte[] pSourceBytes = EncryptionUtils.getPSource(encryptedKeyElement);
- if (pSourceBytes != null) {
+ if (pSourceBytes != null && pSourceBytes.length > 0) {
pSource = new PSource.PSpecified(pSourceBytes);
}
@@ -471,7 +471,7 @@ public class EncryptedKeyProcessor implements Processor {
return data.getDecCrypto().getX509Certificates(cryptoType);
} else if (WSConstants.X509_CERT_LN.equals(x509Child.getLocalName())) {
byte[] token = EncryptionUtils.getDecodedBase64EncodedData(x509Child);
- if (token == null) {
+ if (token == null || token.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidCertData",
new Object[] {"0"});
}
@@ -489,7 +489,7 @@ public class EncryptedKeyProcessor implements Processor {
}
}
- return null;
+ return new X509Certificate[0];
}
private Element getFirstElement(Element element) {
@@ -515,7 +515,7 @@ public class EncryptedKeyProcessor implements Processor {
// to W3C XML-Enc this key is used to decrypt _any_ references contained in
// the reference list
if (refList == null) {
- return null;
+ return Collections.emptyList();
}
List<WSDataRef> dataRefs = new ArrayList<>();
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
index 5092bfd20..e8f392f2f 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java
@@ -23,6 +23,7 @@ import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.xml.crypto.MarshalException;
@@ -246,7 +247,7 @@ public class SAMLTokenProcessor implements Processor {
Element token, SamlAssertionWrapper samlAssertion, XMLSignature xmlSignature
) {
if (xmlSignature == null) {
- return null;
+ return Collections.emptyList();
}
List<WSDataRef> protectedRefs = new ArrayList<>();
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
index fc68ba183..2f2a55490 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java
@@ -182,7 +182,7 @@ public class SignatureProcessor implements Processor {
if (trusted) {
LOG.debug("Direct Trust for SAML/BST credential");
}
- if (!trusted && (publicKey != null || certs != null) && validator != null) {
+ if (!trusted && (publicKey != null || (certs != null && certs.length > 0)) && validator != null) {
credential.setPublicKey(publicKey);
credential.setCertificates(certs);
credential.setPrincipal(principal);
@@ -334,7 +334,7 @@ public class SignatureProcessor implements Processor {
// signature refers to
//
Key key = null;
- if (certs != null && certs[0] != null) {
+ if (certs != null && certs.length > 0 && certs[0] != null) {
key = certs[0].getPublicKey();
} else if (publicKey != null) {
key = publicKey;
@@ -641,7 +641,7 @@ public class SignatureProcessor implements Processor {
RequestData requestData,
WSDocInfo wsDocInfo
) throws WSSecurityException {
- ReplayCache replayCache = requestData.getTimestampReplayCache();
+ ReplayCache replayCache = requestData.getTimestampReplayCache(); //NOPMD
if (replayCache == null) {
return;
}
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
index 5222e6927..ea3835f97 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java
@@ -145,7 +145,7 @@ public class UsernameTokenProcessor implements Processor {
}
// Test for replay attacks
- ReplayCache replayCache = data.getNonceReplayCache();
+ ReplayCache replayCache = data.getNonceReplayCache(); //NOPMD
if (replayCache != null && ut.getNonce() != null) {
if (replayCache.contains(ut.getNonce())) {
throw new WSSecurityException(
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java
index 52e6dc297..475aa6c69 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java
@@ -137,7 +137,7 @@ public class DerivedKeyTokenSTRParser implements STRParser {
// Now use the callback and get it
byte[] secretKey =
STRParserUtil.getSecretKeyFromToken(uri, null, WSPasswordCallback.SECURITY_CONTEXT_TOKEN, data);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_CHECK, "unsupportedKeyId",
new Object[] {uri});
@@ -151,7 +151,7 @@ public class DerivedKeyTokenSTRParser implements STRParser {
secRef.getKeyIdentifierValue(), keyIdentifierValueType,
WSPasswordCallback.SECRET_KEY, data
);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
byte[] keyBytes = secRef.getSKIBytes();
List<WSSecurityEngineResult> resultsList =
data.getWsDocInfo().getResultsByTag(WSConstants.BST);
@@ -183,7 +183,7 @@ public class DerivedKeyTokenSTRParser implements STRParser {
secRef.getKeyIdentifierValue(), keyIdentifierValueType,
WSPasswordCallback.SECRET_KEY, data
);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_CHECK, "unsupportedKeyId",
new Object[] {uri});
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
index 41ddcf110..4e899ce5e 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java
@@ -283,7 +283,7 @@ public final class STRParserUtil {
"noPassword", new Object[] {uri});
}
- return null;
+ return new byte[0];
}
public static Element getTokenElement(
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java
index 91aaa60a7..8d71f58b2 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java
@@ -182,7 +182,7 @@ public class SecurityTokenRefSTRParser implements STRParser {
byte[] secretKey =
STRParserUtil.getSecretKeyFromToken(uri, reference.getValueType(),
WSPasswordCallback.SECRET_KEY, data);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
Element token =
STRParserUtil.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler(),
uri, reference.getValueType());
@@ -209,7 +209,7 @@ public class SecurityTokenRefSTRParser implements STRParser {
byte[] secretKey =
STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType,
WSPasswordCallback.SECRET_KEY, data);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
SamlAssertionWrapper samlAssertion =
STRParserUtil.getAssertionFromKeyIdentifier(
secRef, strElement, data
@@ -221,7 +221,7 @@ public class SecurityTokenRefSTRParser implements STRParser {
byte[] secretKey =
STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType,
WSPasswordCallback.SECRET_KEY, data);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
byte[] keyBytes = secRef.getSKIBytes();
List<WSSecurityEngineResult> resultsList =
wsDocInfo.getResultsByTag(WSConstants.BST);
@@ -250,7 +250,7 @@ public class SecurityTokenRefSTRParser implements STRParser {
secRef.getKeyIdentifierValue(), secRef.getKeyIdentifierValueType(),
WSPasswordCallback.SECRET_KEY, data
);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_CHECK, "unsupportedKeyId",
new Object[] {uri});
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
index d0752e53b..cceb00ec6 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
@@ -129,7 +129,7 @@ public class SignatureSTRParser implements STRParser {
String valueType = secRef.getKeyIdentifierValueType();
byte[] secretKey = STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType,
WSPasswordCallback.SECRET_KEY, data);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
SamlAssertionWrapper samlAssertion =
STRParserUtil.getAssertionFromKeyIdentifier(
secRef, secRef.getElement(), data
@@ -167,7 +167,7 @@ public class SignatureSTRParser implements STRParser {
byte[] secretKey =
STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType,
WSPasswordCallback.SECRET_KEY, data);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
byte[] keyBytes = secRef.getSKIBytes();
List<WSSecurityEngineResult> resultsList =
data.getWsDocInfo().getResultsByTag(WSConstants.BST);
@@ -343,7 +343,7 @@ public class SignatureSTRParser implements STRParser {
data);
Principal principal = new CustomTokenPrincipal(uri);
- if (secretKey == null) {
+ if (secretKey == null || secretKey.length == 0) {
Element token =
STRParserUtil.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler(),
uri, reference.getValueType());
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java
index b9312e5e3..2289d01a7 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java
@@ -72,7 +72,7 @@ public class AttachmentCompleteSignatureTransform extends AttachmentContentSigna
try {
OutputStream outputStream = os;
if (outputStream == null) {
- outputStream = new ByteArrayOutputStream();
+ outputStream = new ByteArrayOutputStream(); //NOPMD
}
AttachmentUtils.canonizeMimeHeaders(os, attachment.getHeaders());
processAttachment(context, os, attachmentUri, attachment);
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java
index 521b5e941..901165517 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java
@@ -165,7 +165,7 @@ public class AttachmentContentSignatureTransform extends TransformService {
Attachment attachment) throws TransformException {
try {
//try to reuse the inputStream in the hope that the provided inputStream is backed by a disk storage
- InputStream inputStream = attachment.getSourceStream();
+ InputStream inputStream = attachment.getSourceStream(); //NOPMD
if (!inputStream.markSupported()) {
inputStream = new BufferedInputStream(inputStream);
}
@@ -179,7 +179,7 @@ public class AttachmentContentSignatureTransform extends TransformService {
OutputStream outputStream = os;
if (outputStream == null) {
- outputStream = new ByteArrayOutputStream();
+ outputStream = new ByteArrayOutputStream(); //NOPMD
}
String mimeType = attachment.getMimeType();
@@ -204,7 +204,7 @@ public class AttachmentContentSignatureTransform extends TransformService {
canon.canonicalizeXPathNodeSet(xmlSignatureInput.getNodeSet(), outputStream);
} else if (mimeType != null && mimeType.matches("(?i)(text/).*")) {
- CRLFOutputStream crlfOutputStream = new CRLFOutputStream(outputStream);
+ CRLFOutputStream crlfOutputStream = new CRLFOutputStream(outputStream); //NOPMD
int numBytes;
byte[] buf = new byte[8192];
while ((numBytes = inputStream.read(buf)) != -1) {
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
index 22802ec36..667398017 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
@@ -322,7 +322,7 @@ public final class EncryptionUtils {
JCEMapper.translateURItoJCEID(encAlgo);
final Cipher cipher = Cipher.getInstance(jceAlgorithm);
- InputStream attachmentInputStream =
+ InputStream attachmentInputStream = //NOPMD
AttachmentUtils.setupAttachmentDecryptionStream(
encAlgo, cipher, symmetricKey, attachment.getSourceStream());
@@ -385,7 +385,7 @@ public final class EncryptionUtils {
JCEMapper.translateURItoJCEID(symEncAlgo);
final Cipher cipher = Cipher.getInstance(jceAlgorithm);
- InputStream attachmentInputStream =
+ InputStream attachmentInputStream = //NOPMD
AttachmentUtils.setupAttachmentDecryptionStream(
symEncAlgo, cipher, symmetricKey, attachment.getSourceStream());
@@ -426,7 +426,7 @@ public final class EncryptionUtils {
// Don't add more than 20 prefixes
int prefixAddedCount = 0;
while (parent.getParentNode() != null && prefixAddedCount < 20
- && !(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
+ && Node.DOCUMENT_NODE != parent.getParentNode().getNodeType()) {
parent = parent.getParentNode();
NamedNodeMap attributes = parent.getAttributes();
int length = attributes.getLength();
@@ -435,7 +435,7 @@ public final class EncryptionUtils {
String attrDef = "xmlns:" + attribute.getLocalName();
if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI()) && !prefix.toString().contains(attrDef)) {
attrDef += "=\"" + attribute.getNodeValue() + "\"";
- prefix.append(" " + attrDef);
+ prefix.append(' ').append(attrDef);
prefixAddedCount++;
}
if (prefixAddedCount >= 20) {
@@ -537,7 +537,7 @@ public final class EncryptionUtils {
return getDecodedBase64EncodedData(pSourceElement);
}
}
- return null;
+ return new byte[0];
}
/**
@@ -550,7 +550,7 @@ public final class EncryptionUtils {
public static byte[] getDecodedBase64EncodedData(Element element) throws WSSecurityException {
String text = XMLUtils.getElementText(element);
if (text == null) {
- return null;
+ return new byte[0];
}
return org.apache.xml.security.utils.XMLUtils.decode(text);
}
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java
index da0cabc1d..343797912 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java
@@ -76,7 +76,7 @@ public final class SignatureUtils {
Set<String> result = new LinkedHashSet<>();
Node parent = target;
while (parent.getParentNode() != null
- && !(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) {
+ && Node.DOCUMENT_NODE != parent.getParentNode().getNodeType()) {
parent = parent.getParentNode();
NamedNodeMap attributes = parent.getAttributes();
for (int i = 0; i < attributes.getLength(); i++) {
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
index 9e2a390d5..8021887f4 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
@@ -237,11 +237,7 @@ public final class WSSecurityUtil {
return true;
}
- if (hActor != null && actor != null && hActor.equalsIgnoreCase(actor)) {
- return true;
- }
-
- return false;
+ return hActor != null && actor != null && hActor.equalsIgnoreCase(actor);
}
/**
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
index 16bb3842e..9303cd36a 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
@@ -252,7 +252,7 @@ public class SamlAssertionValidator extends SignatureTrustValidator {
&& data.getSamlOneTimeUseReplayCache() != null) {
String identifier = samlAssertion.getId();
- ReplayCache replayCache = data.getSamlOneTimeUseReplayCache();
+ ReplayCache replayCache = data.getSamlOneTimeUseReplayCache(); //NOPMD
if (replayCache.contains(identifier)) {
throw new WSSecurityException(
WSSecurityException.ErrorCode.INVALID_SECURITY,
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
index 1e106136c..8f15004a0 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java
@@ -55,16 +55,19 @@ public class SignatureTrustValidator implements Validator {
X509Certificate[] certs = credential.getCertificates();
PublicKey publicKey = credential.getPublicKey();
Crypto crypto = getCrypto(data);
- if (crypto == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
- }
if (certs != null && certs.length > 0) {
validateCertificates(certs);
+ if (crypto == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
+ }
verifyTrustInCerts(certs, crypto, data, data.isRevocationEnabled());
return credential;
}
if (publicKey != null) {
+ if (crypto == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
+ }
validatePublicKey(publicKey, crypto);
return credential;
}