ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gi...@apache.org
Subject svn commit: r1325363 - /webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java
Date Thu, 12 Apr 2012 16:32:40 GMT
Author: giger
Date: Thu Apr 12 16:32:40 2012
New Revision: 1325363

URL: http://svn.apache.org/viewvc?rev=1325363&view=rev
Log:
Prevent NPE when no transformations are set

Modified:
    webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java

Modified: webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java?rev=1325363&r1=1325362&r2=1325363&view=diff
==============================================================================
--- webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java
(original)
+++ webservices/wss4j/branches/swssf/streaming-ws-security/src/main/java/org/swssf/wss/impl/processor/input/SignatureReferenceVerifyInputProcessor.java
Thu Apr 12 16:32:40 2012
@@ -240,7 +240,9 @@ public class SignatureReferenceVerifyInp
         protected void buildTransformerChain(ReferenceType referenceType, InputProcessorChain
inputProcessorChain)
                 throws XMLSecurityException, XMLStreamException, NoSuchMethodException, InstantiationException,
IllegalAccessException, InvocationTargetException {
 
-            //todo Transforms can be null
+            if (referenceType.getTransforms() == null || referenceType.getTransforms().getTransform().size()
== 0) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
+            }
             List<TransformType> transformTypeList = (List<TransformType>) (List<?>)
referenceType.getTransforms().getTransform();
 
             String algorithm = null;
@@ -268,7 +270,6 @@ public class SignatureReferenceVerifyInp
                     }
                 }
                 algorithm = transformType.getAlgorithm();
-                //todo can algorithm be null? this means we have incl. C14N!
                 AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
                 algorithmSuiteSecurityEvent.setAlgorithmURI(algorithm);
                 algorithmSuiteSecurityEvent.setKeyUsage(WSSConstants.C14n);



Mime
View raw message