You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2020/03/02 15:42:00 UTC

[ws-wss4j] branch master updated: Fixing a few issues flagged by LGTM

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/master by this push:
     new d7b76d4  Fixing a few issues flagged by LGTM
d7b76d4 is described below

commit d7b76d43aa0031c3e09f2c8faf4b5123a5a0d5d2
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Mar 2 15:41:41 2020 +0000

    Fixing a few issues flagged by LGTM
---
 .../src/main/java/org/apache/wss4j/dom/message/WSSecBase.java       | 3 ++-
 .../java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java | 6 ++++++
 .../wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java    | 3 ++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
index 24ba394..9ec1b3d 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecBase.java
@@ -65,7 +65,8 @@ public class WSSecBase {
         }
 
         // Explicitly add the WSU Namespace if we already have a different prefix
-        addWSUNamespace = securityHeader.getWsuPrefix() != null && !WSConstants.WSU_PREFIX.equals(securityHeader.getWsuPrefix());
+        addWSUNamespace = securityHeader != null && securityHeader.getWsuPrefix() != null
+            && !WSConstants.WSU_PREFIX.equals(securityHeader.getWsuPrefix());
     }
 
     public WSSecBase(Document doc) {
diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
index 8a4c0fe..0a0fa1a 100644
--- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
+++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedDataProcessor.java
@@ -140,6 +140,12 @@ public class EncryptedDataProcessor implements Processor {
             );
         }
 
+        if (key == null) {
+            throw new WSSecurityException(
+                WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, "noEncKey"
+            );
+        }
+
         // Check for compliance against the defined AlgorithmSuite
         AlgorithmSuite algorithmSuite = data.getAlgorithmSuite();
         if (algorithmSuite != null) {
diff --git a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
index a8de826..3ac3bc5 100644
--- a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
+++ b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/securityToken/UsernameSecurityTokenImpl.java
@@ -124,7 +124,8 @@ public class UsernameSecurityTokenImpl extends AbstractInboundSecurityToken impl
             }
         }
 
-        return UsernameTokenUtil.generateDerivedKey(password, salt, iteration.intValue());
+        int iterationCount = iteration != null ? iteration.intValue() : (int)DEFAULT_ITERATION;
+        return UsernameTokenUtil.generateDerivedKey(password, salt, iterationCount);
     }
 
     @Override