This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 412bc7b74 PMD updates for ws-security-stax - part I
412bc7b74 is described below
commit 412bc7b745bffd1398b7083f87f1f22cbc60f300
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Fri Jun 10 08:15:19 2022 +0100
PMD updates for ws-security-stax - part I
---
.../wss4j/stax/ext/WSSSecurityProperties.java | 8 ++--
.../processor/input/DecryptInputProcessor.java | 4 +-
.../processor/input/SAMLTokenInputHandler.java | 44 ++++++++++----------
.../input/SecurityHeaderInputProcessor.java | 2 +-
.../input/SecurityTokenReferenceInputHandler.java | 2 +-
.../processor/input/UsernameTokenInputHandler.java | 2 +-
.../WSSSignatureReferenceVerifyInputProcessor.java | 47 ++++++++++------------
.../processor/output/SAMLTokenOutputProcessor.java | 13 +++---
8 files changed, 57 insertions(+), 65 deletions(-)
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
index 4250587fe..7d765ef3d 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/ext/WSSSecurityProperties.java
@@ -334,7 +334,7 @@ public class WSSSecurityProperties extends
XMLSecurityProperties {
if (signatureWSSCrypto != null) {
return signatureWSSCrypto.getCryptoProperties();
}
- return null;
+ return null; //NOPMD
}
public void setSignatureCryptoProperties(Properties cryptoProperties) {
@@ -409,7 +409,7 @@ public class WSSSecurityProperties extends
XMLSecurityProperties {
if (signatureVerificationWSSCrypto != null) {
return signatureVerificationWSSCrypto.getCryptoProperties();
}
- return null;
+ return null; //NOPMD
}
public void setSignatureVerificationCryptoProperties(Properties
cryptoProperties) {
@@ -488,7 +488,7 @@ public class WSSSecurityProperties extends
XMLSecurityProperties {
if (decryptionWSSCrypto != null) {
return decryptionWSSCrypto.getCryptoProperties();
}
- return null;
+ return null; //NOPMD
}
public void setDecryptionCryptoProperties(Properties cryptoProperties) {
@@ -582,7 +582,7 @@ public class WSSSecurityProperties extends
XMLSecurityProperties {
if (encryptionWSSCrypto != null) {
return encryptionWSSCrypto.getCryptoProperties();
}
- return null;
+ return null; //NOPMD
}
public void setEncryptionCryptoProperties(Properties cryptoProperties) {
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
index 40079a37f..709d8ca5a 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/DecryptInputProcessor.java
@@ -200,7 +200,7 @@ public class DecryptInputProcessor extends
AbstractDecryptInputProcessor {
//1.) if an attachment is encrypted and signed the order is
preserved
//2.) the attachments are processed after the SOAP-Document which
allows us to stream everything
attachmentReferences.add(
- new DeferredAttachment(encryptedDataType, cipher,
inboundSecurityToken)
+ new DeferredAttachment(encryptedDataType, cipher,
inboundSecurityToken) //NOPMD
);
}
}
@@ -354,7 +354,7 @@ public class DecryptInputProcessor extends
AbstractDecryptInputProcessor {
final Key symmetricKey =
inboundSecurityToken.getSecretKey(encAlgo,
XMLSecurityConstants.Enc, encryptedDataType.getId());
- InputStream attachmentInputStream =
+ InputStream attachmentInputStream = //NOPMD
AttachmentUtils.setupAttachmentDecryptionStream(encAlgo,
cipher, symmetricKey, attachment.getSourceStream());
Attachment resultAttachment = new Attachment();
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
index d392a6679..c47c247f3 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.java
@@ -232,23 +232,22 @@ public class SAMLTokenInputHandler extends
AbstractInputSecurityHeaderHandler {
while (xmlSecEventIterator.hasNext()) {
XMLSecEvent xmlSecEvent = xmlSecEventIterator.next();
idx++;
- switch (xmlSecEvent.getEventType()) {
- case XMLStreamConstants.START_ELEMENT:
- QName elementName = xmlSecEvent.asStartElement().getName();
- if (WSSConstants.TAG_dsig_KeyInfo.equals(elementName)) {
- List<QName> elementPath =
xmlSecEvent.asStartElement().getElementPath();
- if (elementPath.size() >= 4) {
- int lastIndex = elementPath.size() - 2;
- if
("SubjectConfirmationData".equals(elementPath.get(lastIndex).getLocalPart())
+ if (XMLStreamConstants.START_ELEMENT ==
xmlSecEvent.getEventType()) {
+ QName elementName = xmlSecEvent.asStartElement().getName();
+ if (WSSConstants.TAG_dsig_KeyInfo.equals(elementName)) {
+ List<QName> elementPath =
xmlSecEvent.asStartElement().getElementPath();
+ if (elementPath.size() >= 4) {
+ int lastIndex = elementPath.size() - 2;
+ if
("SubjectConfirmationData".equals(elementPath.get(lastIndex).getLocalPart())
&&
"SubjectConfirmation".equals(elementPath.get(lastIndex - 1).getLocalPart())
&& "Subject".equals(elementPath.get(lastIndex
- 2).getLocalPart())) {
- return idx;
- } else if
("SubjectConfirmation".equals(elementPath.get(lastIndex).getLocalPart())
+ return idx;
+ } else if
("SubjectConfirmation".equals(elementPath.get(lastIndex).getLocalPart())
&& "Subject".equals(elementPath.get(lastIndex
- 1).getLocalPart())) {
- return idx;
- }
+ return idx;
}
}
+ }
}
}
return idx;
@@ -260,19 +259,18 @@ public class SAMLTokenInputHandler extends
AbstractInputSecurityHeaderHandler {
while (xmlSecEventIterator.hasNext()) {
XMLSecEvent xmlSecEvent = xmlSecEventIterator.next();
idx++;
- switch (xmlSecEvent.getEventType()) {
- case XMLStreamConstants.START_ELEMENT:
- QName elementName = xmlSecEvent.asStartElement().getName();
- if (WSSConstants.TAG_dsig_KeyInfo.equals(elementName)) {
- List<QName> elementPath =
xmlSecEvent.asStartElement().getElementPath();
- if (elementPath.size() >= 4) {
- int lastIndex = elementPath.size() - 2;
- if
("Signature".equals(elementPath.get(lastIndex).getLocalPart())
+ if (XMLStreamConstants.START_ELEMENT ==
xmlSecEvent.getEventType()) {
+ QName elementName = xmlSecEvent.asStartElement().getName();
+ if (WSSConstants.TAG_dsig_KeyInfo.equals(elementName)) {
+ List<QName> elementPath =
xmlSecEvent.asStartElement().getElementPath();
+ if (elementPath.size() >= 4) {
+ int lastIndex = elementPath.size() - 2;
+ if
("Signature".equals(elementPath.get(lastIndex).getLocalPart())
&&
"Assertion".equals(elementPath.get(lastIndex - 1).getLocalPart())) {
- return idx;
- }
+ return idx;
}
}
+ }
}
}
return idx;
@@ -308,7 +306,7 @@ public class SAMLTokenInputHandler extends
AbstractInputSecurityHeaderHandler {
loop:
while (xmlSecEventIterator.hasNext()) {
xmlSecEvent = xmlSecEventIterator.next();
- switch (xmlSecEvent.getEventType()) {
+ switch (xmlSecEvent.getEventType()) { //NOPMD
case XMLStreamConstants.END_ELEMENT:
if
(xmlSecEvent.asEndElement().getName().equals(elementName)) {
break loop;
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityHeaderInputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityHeaderInputProcessor.java
index b9cb72406..8a9932c82 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityHeaderInputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityHeaderInputProcessor.java
@@ -85,7 +85,7 @@ public class SecurityHeaderInputProcessor extends
AbstractInputProcessor {
subInputProcessorChain.reset();
xmlSecEvent = subInputProcessorChain.processHeaderEvent();
- switch (xmlSecEvent.getEventType()) {
+ switch (xmlSecEvent.getEventType()) { //NOPMD
case XMLStreamConstants.START_ELEMENT:
XMLSecStartElement xmlSecStartElement =
xmlSecEvent.asStartElement();
int documentLevel = xmlSecStartElement.getDocumentLevel();
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
index 94708cbee..241900c9e 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.java
@@ -128,7 +128,7 @@ public class SecurityTokenReferenceInputHandler extends
AbstractInputSecurityHea
public XMLSecEvent processEvent(final InputProcessorChain
inputProcessorChain)
throws XMLStreamException, XMLSecurityException {
XMLSecEvent xmlSecEvent = inputProcessorChain.processEvent();
- switch (xmlSecEvent.getEventType()) {
+ switch (xmlSecEvent.getEventType()) { //NOPMD
case XMLStreamConstants.START_ELEMENT:
XMLSecStartElement xmlSecStartElement =
xmlSecEvent.asStartElement();
Attribute attribute =
xmlSecStartElement.getAttributeByName(this.attribute);
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/UsernameTokenInputHandler.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/UsernameTokenInputHandler.java
index 5046ea675..6ba7e9e56 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/UsernameTokenInputHandler.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/UsernameTokenInputHandler.java
@@ -76,7 +76,7 @@ public class UsernameTokenInputHandler extends
AbstractInputSecurityHeaderHandle
final WSSSecurityProperties wssSecurityProperties =
(WSSSecurityProperties) securityProperties;
Instant created = verifyCreated(wssSecurityProperties,
usernameTokenType);
- ReplayCache replayCache = wssSecurityProperties.getNonceReplayCache();
+ ReplayCache replayCache = wssSecurityProperties.getNonceReplayCache();
//NOPMD
final EncodedString encodedNonce =
XMLSecurityUtils.getQNameType(usernameTokenType.getAny(),
WSSConstants.TAG_WSSE_NONCE);
if (encodedNonce != null && replayCache != null) {
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
index 881d1bff7..8dd4f85ca 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/WSSSignatureReferenceVerifyInputProcessor.java
@@ -124,7 +124,7 @@ public class WSSSignatureReferenceVerifyInputProcessor
extends AbstractSignature
final Attachment attachment = attachments.get(0);
- InputStream attachmentInputStream = attachment.getSourceStream();
+ InputStream attachmentInputStream = attachment.getSourceStream();
//NOPMD
if (!attachmentInputStream.markSupported()) {
attachmentInputStream = new
BufferedInputStream(attachmentInputStream);
}
@@ -134,30 +134,27 @@ public class WSSSignatureReferenceVerifyInputProcessor
extends AbstractSignature
try {
DigestOutputStream digestOutputStream =
createMessageDigestOutputStream(referenceType,
inputProcessorChain.getSecurityContext());
- UnsyncBufferedOutputStream bufferedDigestOutputStream =
- new UnsyncBufferedOutputStream(digestOutputStream);
-
- if (referenceType.getTransforms() != null) {
- Transformer transformer =
- buildTransformerChain(referenceType,
bufferedDigestOutputStream, inputProcessorChain, null);
- if (!(transformer instanceof
AttachmentContentSignatureTransform)) {
- throw new WSSecurityException(
- WSSecurityException.ErrorCode.INVALID_SECURITY,
- "empty",
- new Object[] {"First transform must be
Attachment[Content|Complete]SignatureTransform"}
- );
- }
- Map<String, Object> transformerProperties = new
HashMap<>(2);
- transformerProperties.put(
- AttachmentContentSignatureTransform.ATTACHMENT,
attachment);
- transformer.setProperties(transformerProperties);
-
- transformer.transform(attachmentInputStream);
+ try (UnsyncBufferedOutputStream bufferedDigestOutputStream =
+ new UnsyncBufferedOutputStream(digestOutputStream)) {
+ if (referenceType.getTransforms() != null) {
+ Transformer transformer =
+ buildTransformerChain(referenceType,
bufferedDigestOutputStream, inputProcessorChain, null);
+ if (!(transformer instanceof
AttachmentContentSignatureTransform)) {
+ throw new WSSecurityException(
+
WSSecurityException.ErrorCode.INVALID_SECURITY,
+ "empty",
+ new Object[]{"First transform must be
Attachment[Content|Complete]SignatureTransform"}
+ );
+ }
+ Map<String, Object> transformerProperties = new
HashMap<>(2);
+ transformerProperties.put(
+
AttachmentContentSignatureTransform.ATTACHMENT, attachment);
+ transformer.setProperties(transformerProperties);
- bufferedDigestOutputStream.close();
- } else {
- XMLSecurityUtils.copy(attachmentInputStream,
bufferedDigestOutputStream);
- bufferedDigestOutputStream.close();
+ transformer.transform(attachmentInputStream);
+ } else {
+ XMLSecurityUtils.copy(attachmentInputStream,
bufferedDigestOutputStream);
+ }
}
compareDigest(digestOutputStream.getDigestValue(),
referenceType);
@@ -310,7 +307,7 @@ public class WSSSignatureReferenceVerifyInputProcessor
extends AbstractSignature
private void detectReplayAttack(InputProcessorChain inputProcessorChain)
throws WSSecurityException {
TimestampSecurityEvent timestampSecurityEvent =
inputProcessorChain.getSecurityContext().get(WSSConstants.PROP_TIMESTAMP_SECURITYEVENT);
- ReplayCache replayCache =
+ ReplayCache replayCache = //NOPMD
((WSSSecurityProperties)getSecurityProperties()).getTimestampReplayCache();
if (timestampSecurityEvent != null && replayCache != null) {
final String cacheKey =
diff --git
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
index 6eab257a0..3a4cd5aa2 100644
---
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
+++
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/output/SAMLTokenOutputProcessor.java
@@ -335,7 +335,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
return key;
}
byte[] secretKey = getSecretKeyUsingCallback();
- if (secretKey != null) {
+ if (secretKey != null && secretKey.length > 0) {
String algoFamily =
JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
key = new SecretKeySpec(secretKey, algoFamily);
setSecretKey(algorithmURI, key);
@@ -398,7 +398,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
}
}
- return null;
+ return new X509Certificate[0];
}
@@ -413,7 +413,7 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
}
}
- return null;
+ return new byte[0];
}
@Override
@@ -488,15 +488,12 @@ public class SAMLTokenOutputProcessor extends
AbstractOutputProcessor {
}
private boolean includeBST() {
- if (senderVouches
+ return senderVouches
&&
getSecurityProperties().getSignatureKeyIdentifiers().contains(
WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE)
&& securityToken != null
&& !(WSSConstants.SAML_TOKEN_SIGNED.equals(action)
- &&
((WSSSecurityProperties)getSecurityProperties()).isIncludeSignatureToken())) {
- return true;
- }
- return false;
+ &&
((WSSSecurityProperties)getSecurityProperties()).isIncludeSignatureToken());
}
}
