jrihtarsic commented on code in PR #264:
URL: https://github.com/apache/ws-wss4j/pull/264#discussion_r1465212141
##########
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java:
##########
@@ -142,55 +144,22 @@ public List<WSSecurityEngineResult> handleToken(
throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
}
- Element keyInfoChildElement = getKeyInfoChildElement(elem, data);
-
X509Certificate[] certs = null;
STRParser.REFERENCE_TYPE referenceType = null;
PublicKey publicKey = null;
boolean symmetricKeyWrap =
isSymmetricKeyWrap(encryptedKeyTransportMethod);
- if (!symmetricKeyWrap) {
- if
(SecurityTokenReference.SECURITY_TOKEN_REFERENCE.equals(keyInfoChildElement.getLocalName())
- &&
WSConstants.WSSE_NS.equals(keyInfoChildElement.getNamespaceURI())) {
- STRParserParameters parameters = new STRParserParameters();
- parameters.setData(data);
- parameters.setStrElement(keyInfoChildElement);
-
- STRParser strParser = new EncryptedKeySTRParser();
- STRParserResult parserResult =
strParser.parseSecurityTokenReference(parameters);
-
- certs = parserResult.getCertificates();
- publicKey = parserResult.getPublicKey();
- referenceType = parserResult.getCertificatesReferenceType();
- } else {
- certs = getCertificatesFromX509Data(keyInfoChildElement, data);
- if (certs == null || certs.length == 0) {
- XMLSignatureFactory signatureFactory;
- if (provider == null) {
- // Try to install the Santuario Provider - fall back
to the JDK provider if this does
- // not work
- try {
- signatureFactory =
XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
- } catch (NoSuchProviderException ex) {
- signatureFactory =
XMLSignatureFactory.getInstance("DOM");
- }
- } else {
- signatureFactory =
XMLSignatureFactory.getInstance("DOM", provider);
- }
-
- publicKey =
X509Util.parseKeyValue((Element)keyInfoChildElement.getParentNode(),
- signatureFactory);
- }
- }
-
- if (publicKey == null && (certs == null || certs.length < 1 ||
certs[0] == null)) {
- throw new WSSecurityException(
-
WSSecurityException.ErrorCode.FAILURE,
- "noCertsFound",
- new Object[] {"decryption (KeyId)"});
- }
- if (certs != null && certs.length > 0) {
- publicKey = certs[0].getPublicKey();
- }
+ AgreementMethod agreementMethod = null;
+ if (isDHKeyWrap) {
+ // get key agreement method value
+ agreementMethod =
getAgreementMethodFromElement(keyInfoChildElement);
+ // get the recipient key info element
+ keyInfoChildElement =
getRecipientKeyInfoChildElement(agreementMethod);
Review Comment:
Added null validation for keyInfoChildElement
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
