[cxf] branch master updated: cxf-rt-rs-security-jose: fix possible NPE

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[cxf] branch master updated: cxf-rt-rs-security-jose: fix possible NPE

buhhunyx
This is an automated email from the ASF dual-hosted git repository.

buhhunyx pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new aebfb0d  cxf-rt-rs-security-jose: fix possible NPE
aebfb0d is described below

commit aebfb0d712b503bee9627c036b67a1ed5c40db9a
Author: Alexey Markevich <[hidden email]>
AuthorDate: Tue Sep 8 10:12:12 2020 +0300

    cxf-rt-rs-security-jose: fix possible NPE
---
 .../main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java    | 2 +-
 .../java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java     | 7 ++++++-
 .../jose-parent/jose/src/test/resources/jws/signature.properties   | 1 +
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
index 2c70129..cf45d06 100644
--- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
+++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsUtils.java
@@ -416,7 +416,7 @@ public final class JwsUtils {
         } else {
             SignatureAlgorithm signatureAlgo = getSignatureAlgorithm(m, props, null, null);
             if (signatureAlgo == SignatureAlgorithm.NONE
-                && SignatureAlgorithm.NONE.getJwaName().equals(inHeaders.getAlgorithm())) {
+                && (null == inHeaders || SignatureAlgorithm.NONE.getJwaName().equals(inHeaders.getAlgorithm()))) {
                 theVerifier = new NoneJwsSignatureVerifier();
             } else {
                 X509Certificate[] certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
index 4ba20f2..7565c83 100644
--- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
+++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsUtilsTest.java
@@ -86,6 +86,11 @@ public class JwsUtilsTest {
         assertNotNull(jws);
     }
     @Test
+    public void testLoadSignatureVerifierFromProperties() throws Exception {
+        JwsSignatureVerifier jws = JwsUtils.loadSignatureVerifier("classpath:/jws/signature.properties", null);
+        assertEquals(SignatureAlgorithm.NONE, jws.getAlgorithm());
+    }
+    @Test
     public void testLoadVerificationKey() throws Exception {
         Properties p = new Properties();
         p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
@@ -127,7 +132,7 @@ public class JwsUtilsTest {
         assertEquals(2, chain.size());
     }
 
-    private Message createMessage() {
+    private static Message createMessage() {
         Message m = new MessageImpl();
         Exchange e = new ExchangeImpl();
         e.put(Bus.class, BusFactory.getThreadDefaultBus());
diff --git a/rt/rs/security/jose-parent/jose/src/test/resources/jws/signature.properties b/rt/rs/security/jose-parent/jose/src/test/resources/jws/signature.properties
new file mode 100644
index 0000000..e27a329
--- /dev/null
+++ b/rt/rs/security/jose-parent/jose/src/test/resources/jws/signature.properties
@@ -0,0 +1 @@
+rs.security.signature.algorithm=none