ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1310980 - in /webservices/wss4j/branches/swssf: streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/ streaming-ws-security/src/test/java/org/swssf/wss...
Date Sun, 08 Apr 2012 11:37:27 GMT
Author: giger
Date: Sun Apr  8 11:37:27 2012
New Revision: 1310980

URL: http://svn.apache.org/viewvc?rev=1310980&view=rev
Log:
Handle possible NPE's more gracefully

Modified:
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
    webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
    webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/DecryptInputProcessor.java
Sun Apr  8 11:37:27 2012
@@ -45,30 +45,26 @@ import java.util.List;
  */
 public class DecryptInputProcessor extends AbstractDecryptInputProcessor {
 
-    public DecryptInputProcessor(ReferenceList referenceList, WSSSecurityProperties securityProperties,
-                                 WSSecurityContext securityContext) throws WSSecurityException
{
-        super(referenceList, securityProperties);
-        checkBSPCompliance(referenceList, securityContext, WSSConstants.BSPRule.R5608);
-    }
-
     public DecryptInputProcessor(KeyInfoType keyInfoType, ReferenceList referenceList,
                                  WSSSecurityProperties securityProperties, WSSecurityContext
securityContext)
-            throws WSSecurityException {
+            throws XMLSecurityException {
 
         super(keyInfoType, referenceList, securityProperties);
+        checkBSPCompliance(keyInfoType, referenceList, securityContext, WSSConstants.BSPRule.R3006);
+    }
 
-        if (keyInfoType.getContent().size() != 1) {
-            securityContext.handleBSPRule(WSSConstants.BSPRule.R5424);
-        }
-        SecurityTokenReferenceType securityTokenReferenceType = XMLSecurityUtils.getQNameType(keyInfoType.getContent(),
-                WSSConstants.TAG_wsse_SecurityTokenReference);
-        if (securityTokenReferenceType == null) {
-            securityContext.handleBSPRule(WSSConstants.BSPRule.R5426);
+    private void checkBSPCompliance(KeyInfoType keyInfoType, ReferenceList referenceList,
WSSecurityContext securityContext, WSSConstants.BSPRule bspRule) throws WSSecurityException
{
+        if (keyInfoType != null) {
+            if (keyInfoType.getContent().size() != 1) {
+                securityContext.handleBSPRule(WSSConstants.BSPRule.R5424);
+            }
+            SecurityTokenReferenceType securityTokenReferenceType = XMLSecurityUtils.getQNameType(keyInfoType.getContent(),
+                    WSSConstants.TAG_wsse_SecurityTokenReference);
+            if (securityTokenReferenceType == null) {
+                securityContext.handleBSPRule(WSSConstants.BSPRule.R5426);
+            }
         }
-        checkBSPCompliance(referenceList, securityContext, WSSConstants.BSPRule.R3006);
-    }
 
-    private void checkBSPCompliance(ReferenceList referenceList, WSSecurityContext securityContext,
WSSConstants.BSPRule bspRule) throws WSSecurityException {
         if (referenceList != null) {
             List<JAXBElement<ReferenceType>> references = referenceList.getDataReferenceOrKeyReference();
             Iterator<JAXBElement<ReferenceType>> referenceTypeIterator = references.iterator();

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/EncryptedKeyInputHandler.java
Sun Apr  8 11:37:27 2012
@@ -59,6 +59,10 @@ public class EncryptedKeyInputHandler ex
         @SuppressWarnings("unchecked")
         final EncryptedKeyType encryptedKeyType = ((JAXBElement<EncryptedKeyType>)
parseStructure(eventQueue, index)).getValue();
 
+        if (encryptedKeyType.getEncryptionMethod() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM,
"noEncAlgo");
+        }
+
         checkBSPCompliance(inputProcessorChain, encryptedKeyType);
 
         if (encryptedKeyType.getId() == null) {
@@ -151,6 +155,10 @@ public class EncryptedKeyInputHandler ex
 
                             Cipher cipher = Cipher.getInstance(asyncEncAlgo.getJCEName(),
asyncEncAlgo.getJCEProvider());
                             cipher.init(Cipher.DECRYPT_MODE, wrappingSecurityToken.getSecretKey(algorithmURI,
keyUsage));
+                            if (encryptedKeyType.getCipherData() == null
+                                    || encryptedKeyType.getCipherData().getCipherValue()
== null) {
+                                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
"noCipher");
+                            }
                             return cipher.doFinal(encryptedKeyType.getCipherData().getCipherValue());
 
                         } catch (NoSuchPaddingException e) {

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/ReferenceListInputHandler.java
Sun Apr  8 11:37:27 2012
@@ -45,6 +45,7 @@ public class ReferenceListInputHandler e
 
         //instantiate a new DecryptInputProcessor and add it to the chain
         inputProcessorChain.addProcessor(
-                new DecryptInputProcessor(referenceList, (WSSSecurityProperties) securityProperties,
(WSSecurityContext) inputProcessorChain.getSecurityContext()));
+                new DecryptInputProcessor(null, referenceList, (WSSSecurityProperties) securityProperties,
+                        (WSSecurityContext) inputProcessorChain.getSecurityContext()));
     }
 }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureInputHandler.java
Sun Apr  8 11:37:27 2012
@@ -48,7 +48,21 @@ public class SignatureInputHandler exten
     protected SignatureVerifier newSignatureVerifier(InputProcessorChain inputProcessorChain,
                                                      XMLSecurityProperties securityProperties,
                                                      final SignatureType signatureType) throws
XMLSecurityException {
-
+        if (signatureType.getSignedInfo() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
+        if (signatureType.getSignedInfo().getSignatureMethod() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
+        if (signatureType.getSignedInfo().getCanonicalizationMethod() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
+        if (signatureType.getSignatureValue() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
+        if (signatureType.getKeyInfo() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+        }
         checkBSPCompliance(inputProcessorChain, signatureType);
 
         final WSSecurityContext securityContext = (WSSecurityContext) inputProcessorChain.getSecurityContext();

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/TimestampInputHandler.java
Sun Apr  8 11:37:27 2012
@@ -43,6 +43,16 @@ import java.util.Iterator;
  */
 public class TimestampInputHandler extends AbstractInputSecurityHeaderHandler {
 
+    private static final DatatypeFactory datatypeFactory;
+
+    static {
+        try {
+            datatypeFactory = DatatypeFactory.newInstance();
+        } catch (DatatypeConfigurationException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     //Chapter 10 Security Timestamps: ...may only be present at most once per header (that
is, per SOAP actor/role)
     @Override
     public void handle(final InputProcessorChain inputProcessorChain, final XMLSecurityProperties
securityProperties,
@@ -64,20 +74,28 @@ public class TimestampInputHandler exten
         }
 
         try {
-            DatatypeFactory datatypeFactory = DatatypeFactory.newInstance();
-
             // Validate whether the security semantics have expired
             //created and expires is optional per spec. But we enforce the created element
in the validation
             Calendar crea = null;
             if (timestampType.getCreated() != null) {
-                XMLGregorianCalendar created = datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+                XMLGregorianCalendar created;
+                try {
+                    created = datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+                } catch (IllegalArgumentException e) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
e);
+                }
                 logger.debug("Timestamp created: " + created);
                 crea = created.toGregorianCalendar();
             }
 
             Calendar exp = null;
             if (timestampType.getExpires() != null) {
-                XMLGregorianCalendar expires = datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+                XMLGregorianCalendar expires;
+                try {
+                    expires = datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+                } catch (IllegalArgumentException e) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
e);
+                }
                 logger.debug("Timestamp expires: " + expires);
                 exp = expires.toGregorianCalendar();
             }
@@ -110,8 +128,6 @@ public class TimestampInputHandler exten
             ((WSSecurityContext) inputProcessorChain.getSecurityContext()).registerSecurityEvent(timestampSecurityEvent);
             inputProcessorChain.getSecurityContext().put(WSSConstants.PROP_TIMESTAMP_SECURITYEVENT,
timestampSecurityEvent);
 
-        } catch (DatatypeConfigurationException e) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
         } catch (IllegalArgumentException e) {
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
         }
@@ -156,14 +172,13 @@ public class TimestampInputHandler exten
             curIdx++;
         }
 
-        DatatypeFactory datatypeFactory = null;
-        try {
-            datatypeFactory = DatatypeFactory.newInstance();
-        } catch (DatatypeConfigurationException e) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
-        }
         if (timestampType.getCreated() != null) {
-            XMLGregorianCalendar createdCalendar = datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+            XMLGregorianCalendar createdCalendar;
+            try {
+                createdCalendar = datatypeFactory.newXMLGregorianCalendar(timestampType.getCreated().getValue());
+            } catch (IllegalArgumentException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
e);
+            }
             if (createdCalendar.getFractionalSecond().scale() > 3) {
                 ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3220);
             }
@@ -179,7 +194,12 @@ public class TimestampInputHandler exten
             }
         }
         if (timestampType.getExpires() != null) {
-            XMLGregorianCalendar expiresCalendar = datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+            XMLGregorianCalendar expiresCalendar;
+            try {
+                expiresCalendar = datatypeFactory.newXMLGregorianCalendar(timestampType.getExpires().getValue());
+            } catch (IllegalArgumentException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY,
e);
+            }
             if (expiresCalendar.getFractionalSecond().scale() > 3) {
                 ((WSSecurityContext) inputProcessorChain.getSecurityContext()).handleBSPRule(WSSConstants.BSPRule.R3229);
             }

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/UsernameTokenInputHandler.java
Sun Apr  8 11:37:27 2012
@@ -50,12 +50,16 @@ public class UsernameTokenInputHandler e
 
     private static final String cacheRegionName = "usernameToken";
     private static JCS cache;
+    private static final DatatypeFactory datatypeFactory;
 
     static {
         try {
             cache = JCS.getInstance(cacheRegionName);
+            datatypeFactory = DatatypeFactory.newInstance();
         } catch (CacheException e) {
             throw new RuntimeException(e);
+        } catch (DatatypeConfigurationException e) {
+            throw new RuntimeException(e);
         }
     }
 
@@ -90,6 +94,9 @@ public class UsernameTokenInputHandler e
         }
 
         final AttributedString username = usernameTokenType.getUsername();
+        if (username == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN,
"badTokenType01");
+        }
         final EncodedString encodedNonce = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(),
WSSConstants.TAG_wsse_Nonce);
         final AttributedDateTime attributedDateTimeCreated = XMLSecurityUtils.getQNameType(usernameTokenType.getAny(),
WSSConstants.TAG_wsu_Created);
 
@@ -121,13 +128,12 @@ public class UsernameTokenInputHandler e
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
             }
 
-            DatatypeFactory datatypeFactory = null;
+            XMLGregorianCalendar xmlGregorianCalendar;
             try {
-                datatypeFactory = DatatypeFactory.newInstance();
-            } catch (DatatypeConfigurationException e) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
+                xmlGregorianCalendar = datatypeFactory.newXMLGregorianCalendar(created);
+            } catch (IllegalArgumentException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
             }
-            XMLGregorianCalendar xmlGregorianCalendar = datatypeFactory.newXMLGregorianCalendar(created);
             GregorianCalendar createdCal = xmlGregorianCalendar.toGregorianCalendar();
             GregorianCalendar now = new GregorianCalendar();
             if (createdCal.after(now)) {

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/securityToken/X509DataSecurityToken.java
Sun Apr  8 11:37:27 2012
@@ -22,6 +22,7 @@ import org.swssf.binding.xmldsig.X509Dat
 import org.swssf.binding.xmldsig.X509IssuerSerialType;
 import org.swssf.wss.ext.WSSConstants;
 import org.swssf.wss.ext.WSSecurityContext;
+import org.swssf.wss.ext.WSSecurityException;
 import org.swssf.xmlsec.crypto.Crypto;
 import org.swssf.xmlsec.crypto.CryptoType;
 import org.swssf.xmlsec.ext.XMLSecurityException;
@@ -49,11 +50,19 @@ public class X509DataSecurityToken exten
         if (this.alias == null) {
             X509IssuerSerialType x509IssuerSerialType = XMLSecurityUtils.getQNameType(
                     x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509IssuerSerial);
+            if (x509IssuerSerialType == null
+                    || x509IssuerSerialType.getX509IssuerName() == null
+                    || x509IssuerSerialType.getX509SerialNumber() == null) {
+                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+            }
             CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
             cryptoType.setIssuerSerial(
                     x509IssuerSerialType.getX509IssuerName(), x509IssuerSerialType.getX509SerialNumber()
             );
             X509Certificate[] certs = getCrypto().getX509Certificates(cryptoType);
+            if (certs == null) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+            }
             this.alias = getCrypto().getX509Identifier(certs[0]);
         }
         return this.alias;

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/test/java/org/swssf/wss/test/InteroperabilityTest.java
Sun Apr  8 11:37:27 2012
@@ -28,9 +28,7 @@ import org.swssf.xmlsec.test.utils.StAX2
 import org.swssf.xmlsec.test.utils.XmlReaderToWriter;
 import org.testng.Assert;
 import org.testng.annotations.Test;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
+import org.w3c.dom.*;
 
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
@@ -40,10 +38,7 @@ import javax.xml.transform.stream.Stream
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpression;
 import java.io.*;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
+import java.util.*;
 
 /**
  * @author $Author$
@@ -1002,4 +997,126 @@ public class InteroperabilityTest extend
         properties.setProperty(WSHandlerConstants.ACTOR, "test");
         doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action, properties, false);
     }
+
+    @Test(invocationCount = 1)
+    public void testInvalidXML() throws Exception {
+
+        int i = 0;
+        int e = 10000;
+
+        while (i < e) {
+
+            String action = WSHandlerConstants.USERNAME_TOKEN + " " + WSHandlerConstants.TIMESTAMP
+ " " + WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT;
+            Properties properties = new Properties();
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action,
properties);
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+            if (i == 0) {
+                i = indexOfNode(securedDocument.getDocumentElement(), new NodeIndex(), WSSConstants.TAG_wsse_Security.getLocalPart()).index;
+                e = indexOfNode(securedDocument.getDocumentElement(), new NodeIndex(), "definitions").index;
+            }
+            i++;
+            Node nodeToRemove = nodeOnIndex(securedDocument.getDocumentElement(), new NodeIndex(),
i).node;
+            if (nodeToRemove.getNodeType() == Node.ATTRIBUTE_NODE) {
+                ((Attr) nodeToRemove).getOwnerElement().removeAttributeNode((Attr) nodeToRemove);
+            } else {
+                Node parentNode = nodeToRemove.getParentNode();
+                parentNode.removeChild(nodeToRemove);
+            }
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+            securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+            Iterator<WSSConstants.BSPRule> bspRules = EnumSet.allOf(WSSConstants.BSPRule.class).iterator();
+            while (bspRules.hasNext()) {
+                securityProperties.addIgnoreBSPRule(bspRules.next());
+            }
+
+            try {
+                Document document = doInboundSecurity(securityProperties,
+                        xmlInputFactory.createXMLStreamReader(
+                                new ByteArrayInputStream(baos.toByteArray())));
+
+                //read the whole stream:
+                transformer = TRANSFORMER_FACTORY.newTransformer();
+                transformer.transform(new DOMSource(document), new StreamResult(
+                        new OutputStream() {
+                            @Override
+                            public void write(int b) throws IOException {
+                                // > /dev/null
+                            }
+                        }
+                ));
+            } catch (XMLStreamException ex) {
+                int k = 0;
+                Throwable t = ex.getCause();
+                while (t != null && k < 100) {
+                    StringWriter stringWriter = new StringWriter();
+                    PrintWriter pw = new PrintWriter(stringWriter);
+                    ex.printStackTrace(pw);
+                    Assert.assertTrue(!(t instanceof NullPointerException), stringWriter.toString());
+                    t = t.getCause();
+                }
+            }
+        }
+    }
+
+    private NodeIndex indexOfNode(Node node, NodeIndex index, String name) {
+        if (node.getLocalName() != null && node.getLocalName().equals(name)) {
+            return index;
+        }
+        index.index++;
+        if (node.getNodeType() == Node.ELEMENT_NODE) {
+            NamedNodeMap namedNodeMap = node.getAttributes();
+            for (int i = 0; i < namedNodeMap.getLength(); i++) {
+                NodeIndex n = indexOfNode(namedNodeMap.item(i), index, name);
+                if (n != null) {
+                    return n;
+                }
+            }
+        }
+        NodeList nodeList = node.getChildNodes();
+        for (int i = 0; i < nodeList.getLength(); i++) {
+            NodeIndex n = indexOfNode(nodeList.item(i), index, name);
+            if (n != null) {
+                return n;
+            }
+        }
+        return null;
+    }
+
+    private NodeIndex nodeOnIndex(Node node, NodeIndex index, int indexToFind) {
+        if (index.index == indexToFind) {
+            index.node = node;
+            return index;
+        }
+        index.index++;
+        if (node.getNodeType() == Node.ELEMENT_NODE) {
+            NamedNodeMap namedNodeMap = node.getAttributes();
+            for (int i = 0; i < namedNodeMap.getLength(); i++) {
+                NodeIndex n = nodeOnIndex(namedNodeMap.item(i), index, indexToFind);
+                if (n != null) {
+                    return n;
+                }
+            }
+        }
+        NodeList nodeList = node.getChildNodes();
+        for (int i = 0; i < nodeList.getLength(); i++) {
+            NodeIndex n = nodeOnIndex(nodeList.item(i), index, indexToFind);
+            if (n != null) {
+                return n;
+            }
+        }
+        return null;
+    }
+
+    class NodeIndex {
+        Node node;
+        int index;
+    }
 }

Modified: webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1310980&r1=1310979&r2=1310980&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-xml-security/src/main/java/org/swssf/xmlsec/impl/processor/input/AbstractDecryptInputProcessor.java
Sun Apr  8 11:37:27 2012
@@ -70,15 +70,22 @@ public abstract class AbstractDecryptInp
     private ArrayDeque<XMLEvent> tmpXmlEventList = new ArrayDeque<XMLEvent>();
     private XMLEvent parentStartXMLEvent;
 
-    public AbstractDecryptInputProcessor(ReferenceList referenceList, XMLSecurityProperties
securityProperties) {
-        super(securityProperties);
-        this.referenceList = referenceList;
-    }
-
-    public AbstractDecryptInputProcessor(KeyInfoType keyInfoType, ReferenceList referenceList,
XMLSecurityProperties securityProperties) {
+    public AbstractDecryptInputProcessor(KeyInfoType keyInfoType, ReferenceList referenceList,
+                                         XMLSecurityProperties securityProperties) throws
XMLSecurityException {
         super(securityProperties);
         this.keyInfoType = keyInfoType;
         this.referenceList = referenceList;
+
+        if (referenceList != null) {
+            List<JAXBElement<ReferenceType>> references = referenceList.getDataReferenceOrKeyReference();
+            Iterator<JAXBElement<ReferenceType>> referenceTypeIterator = references.iterator();
+            while (referenceTypeIterator.hasNext()) {
+                ReferenceType referenceType = referenceTypeIterator.next().getValue();
+                if (referenceType.getURI() == null) {
+                    throw new XMLSecurityException(XMLSecurityException.ErrorCode.FAILED_CHECK);
+                }
+            }
+        }
     }
 
     /*



Mime
View raw message