| Code with Misuse: |
class WSSecurityUtil {
public static void verifySignedElement(Element elem, Document doc, Element securityHeader)
throws WSSecurityException {
final Element envelope = doc.getDocumentElement();
final Set<String> signatureRefIDs = getSignatureReferenceIDs(securityHeader);
if (!signatureRefIDs.isEmpty()) {
Node cur = elem;
while (!cur.isSameNode(envelope)) {
if (cur.getNodeType() == Node.ELEMENT_NODE) {
if (WSConstants.SIG_LN.equals(cur.getLocalName())
&& WSConstants.SIG_NS.equals(cur.getNamespaceURI())) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK,
"requiredElementNotSigned", elem);
} else if (isLinkedBySignatureRefs((Element)cur, signatureRefIDs)) {
return;
}
}
cur = cur.getParentNode();
}
}
throw new WSSecurityException(
WSSecurityException.ErrorCode.FAILED_CHECK, "requiredElementNotSigned", elem);
}
}
|
