[ws-wss4j] branch master updated: Adding some NPE guards

Thu, 14 Jul 2022 01:08:19 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git


The following commit(s) were added to refs/heads/master by this push:
     new 172c0884d Adding some NPE guards
172c0884d is described below

commit 172c0884deb0562081aa45259ee7eddbd85ce9a8
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Jul 14 09:07:59 2022 +0100

    Adding some NPE guards
---
 .../org/apache/wss4j/dom/util/EncryptionUtils.java |  5 +++--
 .../input/SignatureConfirmationInputProcessor.java | 26 ++++++++++++----------
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git 
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java 
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
index 667398017..4a0074626 100644
--- 
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
+++ 
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/EncryptionUtils.java
@@ -48,7 +48,6 @@ import javax.crypto.SecretKey;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.xml.parsers.ParserConfigurationException;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -361,7 +360,7 @@ public final class EncryptionUtils {
        SecretKey symmetricKey, String symEncAlgo, CallbackHandler 
attachmentCallbackHandler,
        String xopURI, Element encData
    ) throws WSSecurityException, IOException, UnsupportedCallbackException, 
NoSuchAlgorithmException,
-        NoSuchPaddingException, ParserConfigurationException, 
XMLParserException {
+        NoSuchPaddingException, XMLParserException {
 
         if (attachmentCallbackHandler == null) {
             throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
@@ -402,6 +401,8 @@ public final class EncryptionUtils {
                 String fixedElementStr = setParentPrefixes(encData, new 
String(bytes));
                 document = org.apache.xml.security.utils.XMLUtils.read(
                     new ByteArrayInputStream(fixedElementStr.getBytes()), 
true);
+            } else {
+                throw ex;
             }
         }
 
diff --git 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java
 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java
index 89461d066..9bd972077 100644
--- 
a/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java
+++ 
b/ws-security-stax/src/main/java/org/apache/wss4j/stax/impl/processor/input/SignatureConfirmationInputProcessor.java
@@ -69,22 +69,24 @@ public class SignatureConfirmationInputProcessor extends 
AbstractInputProcessor
                     throw new 
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
                 }
 
-                for (int i = 0; i < signatureValueSecurityEventList.size(); 
i++) {
-                    SignatureValueSecurityEvent signatureValueSecurityEvent = 
signatureValueSecurityEventList.get(i);
-                    byte[] signatureValue = 
signatureValueSecurityEvent.getSignatureValue();
+                if (signatureValueSecurityEventList != null) {
+                    for (int i = 0; i < 
signatureValueSecurityEventList.size(); i++) {
+                        SignatureValueSecurityEvent 
signatureValueSecurityEvent = signatureValueSecurityEventList.get(i);
+                        byte[] signatureValue = 
signatureValueSecurityEvent.getSignatureValue();
 
-                    boolean found = false;
+                        boolean found = false;
 
-                    for (int j = 0; j < signatureConfirmationTypeList.size(); 
j++) {
-                        SignatureConfirmationType signatureConfirmationType = 
signatureConfirmationTypeList.get(j);
-                        byte[] sigConfValue = 
signatureConfirmationType.getValue();
-                        if (Arrays.equals(signatureValue, sigConfValue)) {
-                            found = true;
+                        for (int j = 0; j < 
signatureConfirmationTypeList.size(); j++) {
+                            SignatureConfirmationType 
signatureConfirmationType = signatureConfirmationTypeList.get(j);
+                            byte[] sigConfValue = 
signatureConfirmationType.getValue();
+                            if (Arrays.equals(signatureValue, sigConfValue)) {
+                                found = true;
+                            }
                         }
-                    }
 
-                    if (!found) {
-                        throw new 
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+                        if (!found) {
+                            throw new 
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+                        }
                     }
                 }
             }

Reply via email to