You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/03/02 15:42:00 UTC
[ws-wss4j] branch master updated: Fixing a few issues flagged by
LGTM
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new d7b76d4 Fixing a few issues flagged by LGTM
d7b76d4 is described below
commit d7b76d43aa0031c3e09f2c8faf4b5123a5a0d5d2
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Mar 2 15:41:41 2020 +0000
Fixing a few issues flagged by LGTM
---
.../src/main/java/org/apache/wss4j/dom/message/WSSecBase.java | 3 ++-
.../java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java | 6 ++++++
.../wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java | 3 ++-
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
index 24ba394..9ec1b3d 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
@@ -65,7 +65,8 @@ public class WSSecBase {
}
// Explicitly add the WSU Namespace if we already have a different prefix
- addWSUNamespace = securityHeader.getWsuPrefix() != null && !WSConstants.WSU_PREFIX.equals(securityHeader.getWsuPrefix());
+ addWSUNamespace = securityHeader != null && securityHeader.getWsuPrefix() != null
+ && !WSConstants.WSU_PREFIX.equals(securityHeader.getWsuPrefix());
}
public WSSecBase(Document doc) {
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
index 8a4c0fe..0a0fa1a 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
@@ -140,6 +140,12 @@ public class EncryptedDataProcessor implements Processor {
);
}
+ if (key == null) {
+ throw new WSSecurityException(
+ WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncKey"
+ );
+ }
+
// Check for compliance against the defined AlgorithmSuite
AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
if (algorithmSuite != null) {
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
index a8de826..3ac3bc5 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
@@ -124,7 +124,8 @@ public class UsernameSecurityTokenImpl extends AbstractInboundSecurityToken impl
}
}
- return UsernameTokenUtil.generateDerivedKey(password, salt, iteration.intValue());
+ int iterationCount = iteration != null ? iteration.intValue() : (int)DEFAULT_ITERATION;
+ return UsernameTokenUtil.generateDerivedKey(password, salt, iterationCount);
}
@Override