This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push: new 5c414bb94 PMD updates for ws-security-dom part II 5c414bb94 is described below commit 5c414bb9486727e34246ca13def76e7f2d449130 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Jun 9 09:42:46 2022 +0100 PMD updates for ws-security-dom part II --- .../src/main/java/org/apache/wss4j/dom/WSDocInfo.java | 8 ++------ .../org/apache/wss4j/dom/engine/WSSecurityEngineResult.java | 6 +++--- .../wss4j/dom/processor/BinarySecurityTokenProcessor.java | 4 ++-- .../apache/wss4j/dom/processor/EncryptedKeyProcessor.java | 12 ++++++------ .../org/apache/wss4j/dom/processor/SAMLTokenProcessor.java | 3 ++- .../org/apache/wss4j/dom/processor/SignatureProcessor.java | 6 +++--- .../apache/wss4j/dom/processor/UsernameTokenProcessor.java | 2 +- .../org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java | 6 +++--- .../main/java/org/apache/wss4j/dom/str/STRParserUtil.java | 2 +- .../org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java | 8 ++++---- .../java/org/apache/wss4j/dom/str/SignatureSTRParser.java | 6 +++--- .../dom/transform/AttachmentCompleteSignatureTransform.java | 2 +- .../dom/transform/AttachmentContentSignatureTransform.java | 6 +++--- .../main/java/org/apache/wss4j/dom/util/EncryptionUtils.java | 12 ++++++------ .../main/java/org/apache/wss4j/dom/util/SignatureUtils.java | 2 +- .../main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java | 6 +----- .../apache/wss4j/dom/validate/SamlAssertionValidator.java | 2 +- .../apache/wss4j/dom/validate/SignatureTrustValidator.java | 9 ++++++--- 18 files changed, 49 insertions(+), 53 deletions(-) diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java index 74754bdde..cf66023c8 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/WSDocInfo.java @@ -252,11 +252,7 @@ public class WSDocInfo { */ public WSSecurityEngineResult getResult(String uri) { String id = XMLUtils.getIDFromReference(uri); - if (id == null) { - return null; - } - - if (!results.isEmpty()) { + if (id != null && !results.isEmpty()) { for (WSSecurityEngineResult result : results) { String cId = (String)result.get(WSSecurityEngineResult.TAG_ID); if (id.equals(cId)) { @@ -264,7 +260,7 @@ public class WSDocInfo { } } } - return null; + return null; //NOPMD } /** diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java index 552252865..885f92610 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/engine/WSSecurityEngineResult.java @@ -259,7 +259,7 @@ public class WSSecurityEngineResult extends java.util.HashMap<String, Object> { put(TAG_PRINCIPAL, princ); put(TAG_X509_CERTIFICATES, certs); put(TAG_SIGNATURE_VALUE, sv); - if (certs != null) { + if (certs != null && certs.length > 0) { put(TAG_X509_CERTIFICATE, certs[0]); } put(TAG_VALIDATED_TOKEN, Boolean.FALSE); @@ -302,7 +302,7 @@ public class WSSecurityEngineResult extends java.util.HashMap<String, Object> { put(TAG_ENCRYPTED_EPHEMERAL_KEY, encryptedKeyBytes); put(TAG_DATA_REF_URIS, dataRefUris); put(TAG_X509_CERTIFICATES, certs); - if (certs != null) { + if (certs != null && certs.length > 0) { put(TAG_X509_CERTIFICATE, certs[0]); } put(TAG_VALIDATED_TOKEN, Boolean.FALSE); @@ -351,7 +351,7 @@ public class WSSecurityEngineResult extends java.util.HashMap<String, Object> { put(TAG_ACTION, act); put(TAG_BINARY_SECURITY_TOKEN, token); put(TAG_X509_CERTIFICATES, certs); - if (certs != null) { + if (certs != null && certs.length > 0) { put(TAG_X509_CERTIFICATE, certs[0]); } put(TAG_VALIDATED_TOKEN, Boolean.FALSE); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java index 4c0ca0a5f..b6dfb01ad 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/BinarySecurityTokenProcessor.java @@ -108,7 +108,7 @@ public class BinarySecurityTokenProcessor implements Processor { } } else if (credential.getPrincipal() != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, credential.getPrincipal()); - } else if (certs != null && certs[0] != null) { + } else if (certs != null && certs.length > 0 && certs[0] != null) { result.put(WSSecurityEngineResult.TAG_PRINCIPAL, certs[0].getSubjectX500Principal()); } result.put(WSSecurityEngineResult.TAG_SUBJECT, credential.getSubject()); @@ -139,7 +139,7 @@ public class BinarySecurityTokenProcessor implements Processor { X509Certificate cert = ((X509Security) token).getX509Certificate(crypto); return new X509Certificate[]{cert}; } - return null; + return new X509Certificate[0]; } /** diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java index 2edd4c924..a92c75484 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java @@ -163,7 +163,7 @@ public class EncryptedKeyProcessor implements Processor { referenceType = parserResult.getCertificatesReferenceType(); } else { certs = getCertificatesFromX509Data(keyInfoChildElement, data); - if (certs == null) { + if (certs == null || certs.length == 0) { XMLSignatureFactory signatureFactory; if (provider == null) { // Try to install the Santuario Provider - fall back to the JDK provider if this does @@ -261,7 +261,7 @@ public class EncryptedKeyProcessor implements Processor { RequestData data, X509Certificate[] certs, PublicKey publicKey ) throws WSSecurityException { try { - if (certs != null) { + if (certs != null && certs.length > 0) { return data.getDecCrypto().getPrivateKey(certs[0], data.getCallbackHandler()); } return data.getDecCrypto().getPrivateKey(publicKey, data.getCallbackHandler()); @@ -329,7 +329,7 @@ public class EncryptedKeyProcessor implements Processor { PSource.PSpecified pSource = PSource.PSpecified.DEFAULT; byte[] pSourceBytes = EncryptionUtils.getPSource(encryptedKeyElement); - if (pSourceBytes != null) { + if (pSourceBytes != null && pSourceBytes.length > 0) { pSource = new PSource.PSpecified(pSourceBytes); } @@ -471,7 +471,7 @@ public class EncryptedKeyProcessor implements Processor { return data.getDecCrypto().getX509Certificates(cryptoType); } else if (WSConstants.X509_CERT_LN.equals(x509Child.getLocalName())) { byte[] token = EncryptionUtils.getDecodedBase64EncodedData(x509Child); - if (token == null) { + if (token == null || token.length == 0) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidCertData", new Object[] {"0"}); } @@ -489,7 +489,7 @@ public class EncryptedKeyProcessor implements Processor { } } - return null; + return new X509Certificate[0]; } private Element getFirstElement(Element element) { @@ -515,7 +515,7 @@ public class EncryptedKeyProcessor implements Processor { // to W3C XML-Enc this key is used to decrypt _any_ references contained in // the reference list if (refList == null) { - return null; + return Collections.emptyList(); } List<WSDataRef> dataRefs = new ArrayList<>(); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java index 5092bfd20..e8f392f2f 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SAMLTokenProcessor.java @@ -23,6 +23,7 @@ import java.security.NoSuchProviderException; import java.security.Provider; import java.security.PublicKey; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import javax.xml.crypto.MarshalException; @@ -246,7 +247,7 @@ public class SAMLTokenProcessor implements Processor { Element token, SamlAssertionWrapper samlAssertion, XMLSignature xmlSignature ) { if (xmlSignature == null) { - return null; + return Collections.emptyList(); } List<WSDataRef> protectedRefs = new ArrayList<>(); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java index fc68ba183..2f2a55490 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/SignatureProcessor.java @@ -182,7 +182,7 @@ public class SignatureProcessor implements Processor { if (trusted) { LOG.debug("Direct Trust for SAML/BST credential"); } - if (!trusted && (publicKey != null || certs != null) && validator != null) { + if (!trusted && (publicKey != null || (certs != null && certs.length > 0)) && validator != null) { credential.setPublicKey(publicKey); credential.setCertificates(certs); credential.setPrincipal(principal); @@ -334,7 +334,7 @@ public class SignatureProcessor implements Processor { // signature refers to // Key key = null; - if (certs != null && certs[0] != null) { + if (certs != null && certs.length > 0 && certs[0] != null) { key = certs[0].getPublicKey(); } else if (publicKey != null) { key = publicKey; @@ -641,7 +641,7 @@ public class SignatureProcessor implements Processor { RequestData requestData, WSDocInfo wsDocInfo ) throws WSSecurityException { - ReplayCache replayCache = requestData.getTimestampReplayCache(); + ReplayCache replayCache = requestData.getTimestampReplayCache(); //NOPMD if (replayCache == null) { return; } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java index 5222e6927..ea3835f97 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/UsernameTokenProcessor.java @@ -145,7 +145,7 @@ public class UsernameTokenProcessor implements Processor { } // Test for replay attacks - ReplayCache replayCache = data.getNonceReplayCache(); + ReplayCache replayCache = data.getNonceReplayCache(); //NOPMD if (replayCache != null && ut.getNonce() != null) { if (replayCache.contains(ut.getNonce())) { throw new WSSecurityException( diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java index 52e6dc297..475aa6c69 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/DerivedKeyTokenSTRParser.java @@ -137,7 +137,7 @@ public class DerivedKeyTokenSTRParser implements STRParser { // Now use the callback and get it byte[] secretKey = STRParserUtil.getSecretKeyFromToken(uri, null, WSPasswordCallback.SECURITY_CONTEXT_TOKEN, data); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { throw new WSSecurityException( WSSecurityException.ErrorCode.FAILED_CHECK, "unsupportedKeyId", new Object[] {uri}); @@ -151,7 +151,7 @@ public class DerivedKeyTokenSTRParser implements STRParser { secRef.getKeyIdentifierValue(), keyIdentifierValueType, WSPasswordCallback.SECRET_KEY, data ); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { byte[] keyBytes = secRef.getSKIBytes(); List<WSSecurityEngineResult> resultsList = data.getWsDocInfo().getResultsByTag(WSConstants.BST); @@ -183,7 +183,7 @@ public class DerivedKeyTokenSTRParser implements STRParser { secRef.getKeyIdentifierValue(), keyIdentifierValueType, WSPasswordCallback.SECRET_KEY, data ); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { throw new WSSecurityException( WSSecurityException.ErrorCode.FAILED_CHECK, "unsupportedKeyId", new Object[] {uri}); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java index 41ddcf110..4e899ce5e 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/STRParserUtil.java @@ -283,7 +283,7 @@ public final class STRParserUtil { "noPassword", new Object[] {uri}); } - return null; + return new byte[0]; } public static Element getTokenElement( diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java index 91aaa60a7..8d71f58b2 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SecurityTokenRefSTRParser.java @@ -182,7 +182,7 @@ public class SecurityTokenRefSTRParser implements STRParser { byte[] secretKey = STRParserUtil.getSecretKeyFromToken(uri, reference.getValueType(), WSPasswordCallback.SECRET_KEY, data); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { Element token = STRParserUtil.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler(), uri, reference.getValueType()); @@ -209,7 +209,7 @@ public class SecurityTokenRefSTRParser implements STRParser { byte[] secretKey = STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, WSPasswordCallback.SECRET_KEY, data); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { SamlAssertionWrapper samlAssertion = STRParserUtil.getAssertionFromKeyIdentifier( secRef, strElement, data @@ -221,7 +221,7 @@ public class SecurityTokenRefSTRParser implements STRParser { byte[] secretKey = STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, WSPasswordCallback.SECRET_KEY, data); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { byte[] keyBytes = secRef.getSKIBytes(); List<WSSecurityEngineResult> resultsList = wsDocInfo.getResultsByTag(WSConstants.BST); @@ -250,7 +250,7 @@ public class SecurityTokenRefSTRParser implements STRParser { secRef.getKeyIdentifierValue(), secRef.getKeyIdentifierValueType(), WSPasswordCallback.SECRET_KEY, data ); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { throw new WSSecurityException( WSSecurityException.ErrorCode.FAILED_CHECK, "unsupportedKeyId", new Object[] {uri}); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java index d0752e53b..cceb00ec6 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java @@ -129,7 +129,7 @@ public class SignatureSTRParser implements STRParser { String valueType = secRef.getKeyIdentifierValueType(); byte[] secretKey = STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, WSPasswordCallback.SECRET_KEY, data); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { SamlAssertionWrapper samlAssertion = STRParserUtil.getAssertionFromKeyIdentifier( secRef, secRef.getElement(), data @@ -167,7 +167,7 @@ public class SignatureSTRParser implements STRParser { byte[] secretKey = STRParserUtil.getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, WSPasswordCallback.SECRET_KEY, data); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { byte[] keyBytes = secRef.getSKIBytes(); List<WSSecurityEngineResult> resultsList = data.getWsDocInfo().getResultsByTag(WSConstants.BST); @@ -343,7 +343,7 @@ public class SignatureSTRParser implements STRParser { data); Principal principal = new CustomTokenPrincipal(uri); - if (secretKey == null) { + if (secretKey == null || secretKey.length == 0) { Element token = STRParserUtil.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler(), uri, reference.getValueType()); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java index b9312e5e3..2289d01a7 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentCompleteSignatureTransform.java @@ -72,7 +72,7 @@ public class AttachmentCompleteSignatureTransform extends AttachmentContentSigna try { OutputStream outputStream = os; if (outputStream == null) { - outputStream = new ByteArrayOutputStream(); + outputStream = new ByteArrayOutputStream(); //NOPMD } AttachmentUtils.canonizeMimeHeaders(os, attachment.getHeaders()); processAttachment(context, os, attachmentUri, attachment); diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java index 521b5e941..901165517 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/transform/AttachmentContentSignatureTransform.java @@ -165,7 +165,7 @@ public class AttachmentContentSignatureTransform extends TransformService { Attachment attachment) throws TransformException { try { //try to reuse the inputStream in the hope that the provided inputStream is backed by a disk storage - InputStream inputStream = attachment.getSourceStream(); + InputStream inputStream = attachment.getSourceStream(); //NOPMD if (!inputStream.markSupported()) { inputStream = new BufferedInputStream(inputStream); } @@ -179,7 +179,7 @@ public class AttachmentContentSignatureTransform extends TransformService { OutputStream outputStream = os; if (outputStream == null) { - outputStream = new ByteArrayOutputStream(); + outputStream = new ByteArrayOutputStream(); //NOPMD } String mimeType = attachment.getMimeType(); @@ -204,7 +204,7 @@ public class AttachmentContentSignatureTransform extends TransformService { canon.canonicalizeXPathNodeSet(xmlSignatureInput.getNodeSet(), outputStream); } else if (mimeType != null && mimeType.matches("(?i)(text/).*")) { - CRLFOutputStream crlfOutputStream = new CRLFOutputStream(outputStream); + CRLFOutputStream crlfOutputStream = new CRLFOutputStream(outputStream); //NOPMD int numBytes; byte[] buf = new byte[8192]; while ((numBytes = inputStream.read(buf)) != -1) { diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java index 22802ec36..667398017 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java @@ -322,7 +322,7 @@ public final class EncryptionUtils { JCEMapper.translateURItoJCEID(encAlgo); final Cipher cipher = Cipher.getInstance(jceAlgorithm); - InputStream attachmentInputStream = + InputStream attachmentInputStream = //NOPMD AttachmentUtils.setupAttachmentDecryptionStream( encAlgo, cipher, symmetricKey, attachment.getSourceStream()); @@ -385,7 +385,7 @@ public final class EncryptionUtils { JCEMapper.translateURItoJCEID(symEncAlgo); final Cipher cipher = Cipher.getInstance(jceAlgorithm); - InputStream attachmentInputStream = + InputStream attachmentInputStream = //NOPMD AttachmentUtils.setupAttachmentDecryptionStream( symEncAlgo, cipher, symmetricKey, attachment.getSourceStream()); @@ -426,7 +426,7 @@ public final class EncryptionUtils { // Don't add more than 20 prefixes int prefixAddedCount = 0; while (parent.getParentNode() != null && prefixAddedCount < 20 - && !(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) { + && Node.DOCUMENT_NODE != parent.getParentNode().getNodeType()) { parent = parent.getParentNode(); NamedNodeMap attributes = parent.getAttributes(); int length = attributes.getLength(); @@ -435,7 +435,7 @@ public final class EncryptionUtils { String attrDef = "xmlns:" + attribute.getLocalName(); if (WSConstants.XMLNS_NS.equals(attribute.getNamespaceURI()) && !prefix.toString().contains(attrDef)) { attrDef += "=\"" + attribute.getNodeValue() + "\""; - prefix.append(" " + attrDef); + prefix.append(' ').append(attrDef); prefixAddedCount++; } if (prefixAddedCount >= 20) { @@ -537,7 +537,7 @@ public final class EncryptionUtils { return getDecodedBase64EncodedData(pSourceElement); } } - return null; + return new byte[0]; } /** @@ -550,7 +550,7 @@ public final class EncryptionUtils { public static byte[] getDecodedBase64EncodedData(Element element) throws WSSecurityException { String text = XMLUtils.getElementText(element); if (text == null) { - return null; + return new byte[0]; } return org.apache.xml.security.utils.XMLUtils.decode(text); } diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java index da0cabc1d..343797912 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/SignatureUtils.java @@ -76,7 +76,7 @@ public final class SignatureUtils { Set<String> result = new LinkedHashSet<>(); Node parent = target; while (parent.getParentNode() != null - && !(Node.DOCUMENT_NODE == parent.getParentNode().getNodeType())) { + && Node.DOCUMENT_NODE != parent.getParentNode().getNodeType()) { parent = parent.getParentNode(); NamedNodeMap attributes = parent.getAttributes(); for (int i = 0; i < attributes.getLength(); i++) { diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java index 9e2a390d5..8021887f4 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java @@ -237,11 +237,7 @@ public final class WSSecurityUtil { return true; } - if (hActor != null && actor != null && hActor.equalsIgnoreCase(actor)) { - return true; - } - - return false; + return hActor != null && actor != null && hActor.equalsIgnoreCase(actor); } /** diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java index 16bb3842e..9303cd36a 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java @@ -252,7 +252,7 @@ public class SamlAssertionValidator extends SignatureTrustValidator { && data.getSamlOneTimeUseReplayCache() != null) { String identifier = samlAssertion.getId(); - ReplayCache replayCache = data.getSamlOneTimeUseReplayCache(); + ReplayCache replayCache = data.getSamlOneTimeUseReplayCache(); //NOPMD if (replayCache.contains(identifier)) { throw new WSSecurityException( WSSecurityException.ErrorCode.INVALID_SECURITY, diff --git a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java index 1e106136c..8f15004a0 100644 --- a/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java +++ b/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SignatureTrustValidator.java @@ -55,16 +55,19 @@ public class SignatureTrustValidator implements Validator { X509Certificate[] certs = credential.getCertificates(); PublicKey publicKey = credential.getPublicKey(); Crypto crypto = getCrypto(data); - if (crypto == null) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile"); - } if (certs != null && certs.length > 0) { validateCertificates(certs); + if (crypto == null) { + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile"); + } verifyTrustInCerts(certs, crypto, data, data.isRevocationEnabled()); return credential; } if (publicKey != null) { + if (crypto == null) { + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile"); + } validatePublicKey(publicKey, crypto); return credential; }