jrihtarsic commented on code in PR #264: URL: https://github.com/apache/ws-wss4j/pull/264#discussion_r1465212141
########## ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java: ########## @@ -142,55 +144,22 @@ public List<WSSecurityEngineResult> handleToken( throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher"); } - Element keyInfoChildElement = getKeyInfoChildElement(elem, data); - X509Certificate[] certs = null; STRParser.REFERENCE_TYPE referenceType = null; PublicKey publicKey = null; boolean symmetricKeyWrap = isSymmetricKeyWrap(encryptedKeyTransportMethod); - if (!symmetricKeyWrap) { - if (SecurityTokenReference.SECURITY_TOKEN_REFERENCE.equals(keyInfoChildElement.getLocalName()) - && WSConstants.WSSE_NS.equals(keyInfoChildElement.getNamespaceURI())) { - STRParserParameters parameters = new STRParserParameters(); - parameters.setData(data); - parameters.setStrElement(keyInfoChildElement); - - STRParser strParser = new EncryptedKeySTRParser(); - STRParserResult parserResult = strParser.parseSecurityTokenReference(parameters); - - certs = parserResult.getCertificates(); - publicKey = parserResult.getPublicKey(); - referenceType = parserResult.getCertificatesReferenceType(); - } else { - certs = getCertificatesFromX509Data(keyInfoChildElement, data); - if (certs == null || certs.length == 0) { - XMLSignatureFactory signatureFactory; - if (provider == null) { - // Try to install the Santuario Provider - fall back to the JDK provider if this does - // not work - try { - signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig"); - } catch (NoSuchProviderException ex) { - signatureFactory = XMLSignatureFactory.getInstance("DOM"); - } - } else { - signatureFactory = XMLSignatureFactory.getInstance("DOM", provider); - } - - publicKey = X509Util.parseKeyValue((Element)keyInfoChildElement.getParentNode(), - signatureFactory); - } - } - - if (publicKey == null && (certs == null || certs.length < 1 || certs[0] == null)) { - throw new WSSecurityException( - WSSecurityException.ErrorCode.FAILURE, - "noCertsFound", - new Object[] {"decryption (KeyId)"}); - } - if (certs != null && certs.length > 0) { - publicKey = certs[0].getPublicKey(); - } + AgreementMethod agreementMethod = null; + if (isDHKeyWrap) { + // get key agreement method value + agreementMethod = getAgreementMethodFromElement(keyInfoChildElement); + // get the recipient key info element + keyInfoChildElement = getRecipientKeyInfoChildElement(agreementMethod); Review Comment: Added null validation for keyInfoChildElement -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org