Author: giger
Date: Sun Apr 8 11:37:27 2012
New Revision: 1310980
URL: http://svn.apache.org/viewvc?rev=1310980&view=rev
Log:
Handle possible NPE's more gracefully
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
Sun Apr 8 11:37:27 2012
@@ -45,30 +45,26 @@ import java.util.List;
*/
public class DecryptInputProcessor extends AbstractDecryptInputProcessor {
- public DecryptInputProcessor(ReferenceList referenceList,
WSSSecurityProperties securityProperties,
- WSSecurityContext securityContext) throws
WSSecurityException {
- super(referenceList, securityProperties);
- checkBSPCompliance(referenceList, securityContext,
WSSConstants.BSPRule.R5608);
- }
-
public DecryptInputProcessor(KeyInfoType keyInfoType, ReferenceList
referenceList,
WSSSecurityProperties securityProperties,
WSSecurityContext securityContext)
- throws WSSecurityException {
+ throws XMLSecurityException {
super(keyInfoType, referenceList, securityProperties);
+ checkBSPCompliance(keyInfoType, referenceList, securityContext,
WSSConstants.BSPRule.R3006);
+ }
- if (keyInfoType.getContent().size() != 1) {
- securityContext.handleBSPRule(WSSConstants.BSPRule.R5424);
- }
- SecurityTokenReferenceType securityTokenReferenceType =
XMLSecurityUtils.getQNameType(keyInfoType.getContent(),
- WSSConstants.TAG_wsse_SecurityTokenReference);
- if (securityTokenReferenceType == null) {
- securityContext.handleBSPRule(WSSConstants.BSPRule.R5426);
+ private void checkBSPCompliance(KeyInfoType keyInfoType, ReferenceList
referenceList, WSSecurityContext securityContext, WSSConstants.BSPRule bspRule)
throws WSSecurityException {
+ if (keyInfoType != null) {
+ if (keyInfoType.getContent().size() != 1) {
+ securityContext.handleBSPRule(WSSConstants.BSPRule.R5424);
+ }
+ SecurityTokenReferenceType securityTokenReferenceType =
XMLSecurityUtils.getQNameType(keyInfoType.getContent(),
+ WSSConstants.TAG_wsse_SecurityTokenReference);
+ if (securityTokenReferenceType == null) {
+ securityContext.handleBSPRule(WSSConstants.BSPRule.R5426);
+ }
}
- checkBSPCompliance(referenceList, securityContext,
WSSConstants.BSPRule.R3006);
- }
- private void checkBSPCompliance(ReferenceList referenceList,
WSSecurityContext securityContext, WSSConstants.BSPRule bspRule) throws
WSSecurityException {
if (referenceList != null) {
List<JAXBElement<ReferenceType>> references =
referenceList.getDataReferenceOrKeyReference();
Iterator<JAXBElement<ReferenceType>> referenceTypeIterator =
references.iterator();
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
Sun Apr 8 11:37:27 2012
@@ -59,6 +59,10 @@ public class EncryptedKeyInputHandler ex
@SuppressWarnings("unchecked")
final EncryptedKeyType encryptedKeyType =
((JAXBElement<EncryptedKeyType>) parseStructure(eventQueue, index)).getValue();
+ if (encryptedKeyType.getEncryptionMethod() == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM,
"noEncAlgo");
+ }
+
checkBSPCompliance(inputProcessorChain, encryptedKeyType);
if (encryptedKeyType.getId() == null) {
@@ -151,6 +155,10 @@ public class EncryptedKeyInputHandler ex
Cipher cipher =
Cipher.getInstance(asyncEncAlgo.getJCEName(), asyncEncAlgo.getJCEProvider());
cipher.init(Cipher.DECRYPT_MODE,
wrappingSecurityToken.getSecretKey(algorithmURI, keyUsage));
+ if (encryptedKeyType.getCipherData() == null
+ ||
encryptedKeyType.getCipherData().getCipherValue() == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
+ }
return
cipher.doFinal(encryptedKeyType.getCipherData().getCipherValue());
} catch (NoSuchPaddingException e) {
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
Sun Apr 8 11:37:27 2012
@@ -45,6 +45,7 @@ public class ReferenceListInputHandler e
//instantiate a new DecryptInputProcessor and add it to the chain
inputProcessorChain.addProcessor(
- new DecryptInputProcessor(referenceList,
(WSSSecurityProperties) securityProperties, (WSSecurityContext)
inputProcessorChain.getSecurityContext()));
+ new DecryptInputProcessor(null, referenceList,
(WSSSecurityProperties) securityProperties,
+ (WSSecurityContext)
inputProcessorChain.getSecurityContext()));
}
}
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
Sun Apr 8 11:37:27 2012
@@ -48,7 +48,21 @@ public class SignatureInputHandler exten
protected SignatureVerifier newSignatureVerifier(InputProcessorChain
inputProcessorChain,
XMLSecurityProperties
securityProperties,
final SignatureType
signatureType) throws XMLSecurityException {
-
+ if (signatureType.getSignedInfo() == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
+ if (signatureType.getSignedInfo().getSignatureMethod() == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
+ if (signatureType.getSignedInfo().getCanonicalizationMethod() == null)
{
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
+ if (signatureType.getSignatureValue() == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
+ if (signatureType.getKeyInfo() == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
checkBSPCompliance(inputProcessorChain, signatureType);
final WSSecurityContext securityContext = (WSSecurityContext)
inputProcessorChain.getSecurityContext();
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
Sun Apr 8 11:37:27 2012
@@ -43,6 +43,16 @@ import java.util.Iterator;
*/
public class TimestampInputHandler extends AbstractInputSecurityHeaderHandler {
+ private static final DatatypeFactory datatypeFactory;
+
+ static {
+ try {
+ datatypeFactory = DatatypeFactory.newInstance();
+ } catch (DatatypeConfigurationException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
//Chapter 10 Security Timestamps: ...may only be present at most once per
header (that is, per SOAP actor/role)
@Override
public void handle(final InputProcessorChain inputProcessorChain, final
XMLSecurityProperties securityProperties,
@@ -64,20 +74,28 @@ public class TimestampInputHandler exten
}
try {
- DatatypeFactory datatypeFactory = DatatypeFactory.newInstance();
-
// Validate whether the security semantics have expired
//created and expires is optional per spec. But we enforce the
created element in the validation
Calendar crea = null;
if (timestampType.getCreated() != null) {
- XMLGregorianCalendar created =
datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+ XMLGregorianCalendar created;
+ try {
+ created =
datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+ } catch (IllegalArgumentException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+ }
logger.debug("Timestamp created: " + created);
crea = created.toGregorianCalendar();
}
Calendar exp = null;
if (timestampType.getExpires() != null) {
- XMLGregorianCalendar expires =
datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+ XMLGregorianCalendar expires;
+ try {
+ expires =
datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+ } catch (IllegalArgumentException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+ }
logger.debug("Timestamp expires: " + expires);
exp = expires.toGregorianCalendar();
}
@@ -110,8 +128,6 @@ public class TimestampInputHandler exten
((WSSecurityContext)
inputProcessorChain.getSecurityContext()).registerSecurityEvent(timestampSecurityEvent);
inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_TIMESTAMP_SECURITYEVENT,
timestampSecurityEvent);
- } catch (DatatypeConfigurationException e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
} catch (IllegalArgumentException e) {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
}
@@ -156,14 +172,13 @@ public class TimestampInputHandler exten
curIdx++;
}
- DatatypeFactory datatypeFactory = null;
- try {
- datatypeFactory = DatatypeFactory.newInstance();
- } catch (DatatypeConfigurationException e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
- }
if (timestampType.getCreated() != null) {
- XMLGregorianCalendar createdCalendar =
datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+ XMLGregorianCalendar createdCalendar;
+ try {
+ createdCalendar =
datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+ } catch (IllegalArgumentException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+ }
if (createdCalendar.getFractionalSecond().scale() > 3) {
((WSSecurityContext)
inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3220);
}
@@ -179,7 +194,12 @@ public class TimestampInputHandler exten
}
}
if (timestampType.getExpires() != null) {
- XMLGregorianCalendar expiresCalendar =
datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+ XMLGregorianCalendar expiresCalendar;
+ try {
+ expiresCalendar =
datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+ } catch (IllegalArgumentException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
+ }
if (expiresCalendar.getFractionalSecond().scale() > 3) {
((WSSecurityContext)
inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3229);
}
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
Sun Apr 8 11:37:27 2012
@@ -50,12 +50,16 @@ public class UsernameTokenInputHandler e
private static final String cacheRegionName = "usernameToken";
private static JCS cache;
+ private static final DatatypeFactory datatypeFactory;
static {
try {
cache = JCS.getInstance(cacheRegionName);
+ datatypeFactory = DatatypeFactory.newInstance();
} catch (CacheException e) {
throw new RuntimeException(e);
+ } catch (DatatypeConfigurationException e) {
+ throw new RuntimeException(e);
}
}
@@ -90,6 +94,9 @@ public class UsernameTokenInputHandler e
}
final AttributedString username = usernameTokenType.getUsername();
+ if (username == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badTokenType01");
+ }
final EncodedString encodedNonce =
XMLSecurityUtils.getQNameType(usernameTokenType.getAny(),
WSSConstants.TAG_wsse_Nonce);
final AttributedDateTime attributedDateTimeCreated =
XMLSecurityUtils.getQNameType(usernameTokenType.getAny(),
WSSConstants.TAG_wsu_Created);
@@ -121,13 +128,12 @@ public class UsernameTokenInputHandler e
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
}
- DatatypeFactory datatypeFactory = null;
+ XMLGregorianCalendar xmlGregorianCalendar;
try {
- datatypeFactory = DatatypeFactory.newInstance();
- } catch (DatatypeConfigurationException e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+ xmlGregorianCalendar =
datatypeFactory.newXMLGregorianCalendar(created);
+ } catch (IllegalArgumentException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
}
- XMLGregorianCalendar xmlGregorianCalendar =
datatypeFactory.newXMLGregorianCalendar(created);
GregorianCalendar createdCal =
xmlGregorianCalendar.toGregorianCalendar();
GregorianCalendar now = new GregorianCalendar();
if (createdCal.after(now)) {
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
Sun Apr 8 11:37:27 2012
@@ -22,6 +22,7 @@ import org.swssf.binding.xmldsig.X509Dat
import org.swssf.binding.xmldsig.X509IssuerSerialType;
import org.swssf.wss.ext.WSSConstants;
import org.swssf.wss.ext.WSSecurityContext;
+import org.swssf.wss.ext.WSSecurityException;
import org.swssf.xmlsec.crypto.Crypto;
import org.swssf.xmlsec.crypto.CryptoType;
import org.swssf.xmlsec.ext.XMLSecurityException;
@@ -49,11 +50,19 @@ public class X509DataSecurityToken exten
if (this.alias == null) {
X509IssuerSerialType x509IssuerSerialType =
XMLSecurityUtils.getQNameType(
x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(),
WSSConstants.TAG_dsig_X509IssuerSerial);
+ if (x509IssuerSerialType == null
+ || x509IssuerSerialType.getX509IssuerName() == null
+ || x509IssuerSerialType.getX509SerialNumber() == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+ }
CryptoType cryptoType = new
CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
cryptoType.setIssuerSerial(
x509IssuerSerialType.getX509IssuerName(),
x509IssuerSerialType.getX509SerialNumber()
);
X509Certificate[] certs =
getCrypto().getX509Certificates(cryptoType);
+ if (certs == null) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+ }
this.alias = getCrypto().getX509Identifier(certs[0]);
}
return this.alias;
Modified:
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
Sun Apr 8 11:37:27 2012
@@ -28,9 +28,7 @@ import org.swssf.xmlsec.test.utils.StAX2
import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
import org.testng.Assert;
import org.testng.annotations.Test;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
+import org.w3c.dom.*;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
@@ -40,10 +38,7 @@ import javax.xml.transform.stream.Stream
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import java.io.*;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
+import java.util.*;
/**
* @author $Author$
@@ -1002,4 +997,126 @@ public class InteroperabilityTest extend
properties.setProperty(WSHandlerConstants.ACTOR, "test");
doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action, properties, false);
}
+
+ @Test(invocationCount = 1)
+ public void testInvalidXML() throws Exception {
+
+ int i = 0;
+ int e = 10000;
+
+ while (i < e) {
+
+ String action = WSHandlerConstants.USERNAME_TOKEN + " " +
WSHandlerConstants.TIMESTAMP + " " + WSHandlerConstants.SIGNATURE + " " +
WSHandlerConstants.ENCRYPT;
+ Properties properties = new Properties();
+ InputStream sourceDocument =
this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ Document securedDocument =
doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ if (i == 0) {
+ i = indexOfNode(securedDocument.getDocumentElement(), new
NodeIndex(), WSSConstants.TAG_wsse_Security.getLocalPart()).index;
+ e = indexOfNode(securedDocument.getDocumentElement(), new
NodeIndex(), "definitions").index;
+ }
+ i++;
+ Node nodeToRemove =
nodeOnIndex(securedDocument.getDocumentElement(), new NodeIndex(), i).node;
+ if (nodeToRemove.getNodeType() == Node.ATTRIBUTE_NODE) {
+ ((Attr)
nodeToRemove).getOwnerElement().removeAttributeNode((Attr) nodeToRemove);
+ } else {
+ Node parentNode = nodeToRemove.getParentNode();
+ parentNode.removeChild(nodeToRemove);
+ }
+
+ javax.xml.transform.Transformer transformer =
TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new
StreamResult(baos));
+
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+
securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+
securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+ Iterator<WSSConstants.BSPRule> bspRules =
EnumSet.allOf(WSSConstants.BSPRule.class).iterator();
+ while (bspRules.hasNext()) {
+ securityProperties.addIgnoreBSPRule(bspRules.next());
+ }
+
+ try {
+ Document document = doInboundSecurity(securityProperties,
+ xmlInputFactory.createXMLStreamReader(
+ new ByteArrayInputStream(baos.toByteArray())));
+
+ //read the whole stream:
+ transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(document), new
StreamResult(
+ new OutputStream() {
+ @Override
+ public void write(int b) throws IOException {
+ // > /dev/null
+ }
+ }
+ ));
+ } catch (XMLStreamException ex) {
+ int k = 0;
+ Throwable t = ex.getCause();
+ while (t != null && k < 100) {
+ StringWriter stringWriter = new StringWriter();
+ PrintWriter pw = new PrintWriter(stringWriter);
+ ex.printStackTrace(pw);
+ Assert.assertTrue(!(t instanceof NullPointerException),
stringWriter.toString());
+ t = t.getCause();
+ }
+ }
+ }
+ }
+
+ private NodeIndex indexOfNode(Node node, NodeIndex index, String name) {
+ if (node.getLocalName() != null && node.getLocalName().equals(name)) {
+ return index;
+ }
+ index.index++;
+ if (node.getNodeType() == Node.ELEMENT_NODE) {
+ NamedNodeMap namedNodeMap = node.getAttributes();
+ for (int i = 0; i < namedNodeMap.getLength(); i++) {
+ NodeIndex n = indexOfNode(namedNodeMap.item(i), index, name);
+ if (n != null) {
+ return n;
+ }
+ }
+ }
+ NodeList nodeList = node.getChildNodes();
+ for (int i = 0; i < nodeList.getLength(); i++) {
+ NodeIndex n = indexOfNode(nodeList.item(i), index, name);
+ if (n != null) {
+ return n;
+ }
+ }
+ return null;
+ }
+
+ private NodeIndex nodeOnIndex(Node node, NodeIndex index, int indexToFind)
{
+ if (index.index == indexToFind) {
+ index.node = node;
+ return index;
+ }
+ index.index++;
+ if (node.getNodeType() == Node.ELEMENT_NODE) {
+ NamedNodeMap namedNodeMap = node.getAttributes();
+ for (int i = 0; i < namedNodeMap.getLength(); i++) {
+ NodeIndex n = nodeOnIndex(namedNodeMap.item(i), index,
indexToFind);
+ if (n != null) {
+ return n;
+ }
+ }
+ }
+ NodeList nodeList = node.getChildNodes();
+ for (int i = 0; i < nodeList.getLength(); i++) {
+ NodeIndex n = nodeOnIndex(nodeList.item(i), index, indexToFind);
+ if (n != null) {
+ return n;
+ }
+ }
+ return null;
+ }
+
+ class NodeIndex {
+ Node node;
+ int index;
+ }
}
Modified:
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
---
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
(original)
+++
webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
Sun Apr 8 11:37:27 2012
@@ -70,15 +70,22 @@ public abstract class AbstractDecryptInp
private ArrayDeque<XMLEvent> tmpXmlEventList = new ArrayDeque<XMLEvent>();
private XMLEvent parentStartXMLEvent;
- public AbstractDecryptInputProcessor(ReferenceList referenceList,
XMLSecurityProperties securityProperties) {
- super(securityProperties);
- this.referenceList = referenceList;
- }
-
- public AbstractDecryptInputProcessor(KeyInfoType keyInfoType,
ReferenceList referenceList, XMLSecurityProperties securityProperties) {
+ public AbstractDecryptInputProcessor(KeyInfoType keyInfoType,
ReferenceList referenceList,
+ XMLSecurityProperties
securityProperties) throws XMLSecurityException {
super(securityProperties);
this.keyInfoType = keyInfoType;
this.referenceList = referenceList;
+
+ if (referenceList != null) {
+ List<JAXBElement<ReferenceType>> references =
referenceList.getDataReferenceOrKeyReference();
+ Iterator<JAXBElement<ReferenceType>> referenceTypeIterator =
references.iterator();
+ while (referenceTypeIterator.hasNext()) {
+ ReferenceType referenceType =
referenceTypeIterator.next().getValue();
+ if (referenceType.getURI() == null) {
+ throw new
XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
+ }
+ }
+ }
}
/*
