santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ralph-xmlsecur...@ralphholz.de
Subject Re: Decryption fails on receiving host, but not on local - pointers?
Date Thu, 08 Nov 2007 15:48:01 GMT
Hi,

Ah, thanks for your help. That would explain, of course, why the Document is 
decrypted OK when the receiver saves it to disk and reads it in again

The Document gets transmitted by Pastry from Bob to Alice. Pastry's routines 
serialise it so the other side just needs to deserialise it, and has a 
Document without anyneed to call a DocumentBuilder of its own.

Thus, I only use the standard Java libs as of JDK 1.5 (Sun Linux 
implementation) to create my Documents. I could, of course, output the 
Document into a String, transmit that and read it in and build it again. I 
wonder if an identity transformation would solve this as well.

However, it might also make sense not to have XMLSecurity break over this 
issue - someone might want to transfer a Document the way I do, be it even in 
local memory.

Ralph

On Thursday 08 November 2007 15:46:53 Sean Mullan wrote:
> The exception is thrown by the following method in ElementProxy:
>
>     public void guaranteeThatElementInCorrectSpace()
>             throws XMLSecurityException {
>
>        String localnameSHOULDBE = this.getBaseLocalName();
>        String namespaceSHOULDBE = this.getBaseNamespace();
>
>        String localnameIS = this._constructionElement.getLocalName();
>        String namespaceIS = this._constructionElement.getNamespaceURI();
>        if ((namespaceSHOULDBE!=namespaceIS) ||
>         !localnameSHOULDBE.equals(localnameIS) ) {
>           Object exArgs[] = { namespaceIS +":"+ localnameIS,
>             namespaceSHOULDBE +":"+ localnameSHOULDBE};
>           throw new XMLSecurityException("xml.WrongElement", exArgs);
>        }
>     }
>
>
> It sounds like the namespaces, though equal, are not the same object,
> thus the test is failing. Comparing by reference is done for performance
> reasons, since most XML parsers intern the namespace Strings.
>
> There has been some discussion about this issue. What XML parser are you
> using? See http://issues.apache.org/bugzilla/show_bug.cgi?id=40897
>
> --Sean
>
> ralph-xmlsecurity@ralphholz.de wrote:
> > Hi,
> >
> > I've got this strange little problem.
> >
> > When I encrypt a org.w3c.Document and decrypt it on the same host,
> > everything is fine. When I send it over the network, the receiving host
> > throws an org.apache.xml.security.encryption.XMLEncryptionException. The
> > interesting part of the stack trace is this:
> >
> > Caused by: org.apache.xml.security.encryption.XMLEncryptionException: No
> > message with ID "Error loading Key Info" found in resource
> > bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception
> > was a org.apache.xml.security.exceptions.XMLSecurityException and message
> > Cannot create a http://www.w3.org/2000/09/xmldsig#:KeyInfo from a
> > http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> > Original Exception was
> > org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a
> > http://www.w3.org/2000/09/xmldsig#:KeyInfo from a
> > http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> >
> > But here's the thing: When I write out the sent and received messages to
> > an XML file, and diff them, I find that they are exactly the same. To the
> > character. Surely I miss something simple. Do I need to normalise before
> > decrpytion? But why should that be necessary as I use Java serialisation
> > and the Document objects should be the same on byte level?
> >
> > The encryption I use is AES-128-Keywrap + AES.
> >
> > Thanks for any pointers!
> >
> > Here's the stack trace - I've marked the interesting part:
> >
> > PDPA1Control: Sender in my domain, using symmetric cryptography. Key for
> > bob. Decryption of message failed, but key was OK. Aborting.
> > NotRecoverableException reason: Decryption of message failed, but key was
> > OK. This is the stack trace:
> > NotRecoverableException caught by NodeControl - this should really not
> > happen. tue.pdp.cryptography.DecryptionFailedException: Decryption of
> > message failed. at
> > tue.pdp.pdpa1.PDPA1Control.decryptAndVerify(PDPA1Control.java:368) at
> > tue.pdp.handlers.PDPA1DASHandler.processMessage(PDPA1DASHandler.java:84)
> > at tue.pdp.handlers.PDPCHandler.processMessage(PDPCHandler.java:63) at
> > tue.pdp.handlers.MessageHandler.processMessage(MessageHandler.java:37) at
> > tue.p2pdomain.NodeControl.callback(NodeControl.java:125)
> > 	at
> > tue.pdp.connectors.PastryConnector.callbackControl(PastryConnector.java:6
> >6) at tue.pdp.connectors.PastryConnector.deliver(PastryConnector.java:116)
> > at
> > rice.pastry.commonapi.PastryEndpoint.receiveMessage(PastryEndpoint.java:4
> >71) at
> > rice.pastry.messaging.MessageDispatch.dispatchMessage(MessageDispatch.jav
> >a:146) at rice.pastry.PastryNode.receiveMessage(PastryNode.java:366)
> > 	at
> > rice.pastry.standard.StandardRouter.receiveRouteMessage(StandardRouter.ja
> >va:185) at
> > rice.pastry.standard.StandardRouter.route(StandardRouter.java:84) at
> > rice.pastry.standard.StandardRouter.receiveMessage(StandardRouter.java:76
> >) at
> > rice.pastry.client.PastryAppl.receiveMessageInternal(PastryAppl.java:183)
> > at
> > rice.pastry.messaging.MessageDispatch.dispatchMessage(MessageDispatch.jav
> >a:167) at rice.pastry.PastryNode.receiveMessage(PastryNode.java:370)
> > 	at rice.pastry.socket.SocketManager.receive(SocketManager.java:513)
> > 	at rice.pastry.socket.SocketManager.read(SocketManager.java:340)
> > 	at rice.selector.SelectorManager.doSelections(SelectorManager.java:387)
> > 	at rice.selector.SelectorManager.run(SelectorManager.java:253)
> >
> > ===> interesting part here:
> >
> > Caused by: org.apache.xml.security.encryption.XMLEncryptionException: No
> > message with ID "Error loading Key Info" found in resource
> > bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception
> > was a org.apache.xml.security.exceptions.XMLSecurityException and message
> > Cannot create a http://www.w3.org/2000/09/xmldsig#:KeyInfo from a
> > http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> > Original Exception was
> > org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a
> > http://www.w3.org/2000/09/xmldsig#:KeyInfo from a
> > http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> > 	at
> > org.apache.xml.security.encryption.XMLCipher$Factory.newEncryptedData(Unk
> >nown Source)
> > 	at
> > org.apache.xml.security.encryption.XMLCipher.loadEncryptedData(Unknown
> > Source)
> > 	at
> > tue.pdp.cryptography.PDPCryptoOperator.symDecrypt(PDPCryptoOperator.java:
> >296) at tue.pdp.pdpa1.PDPA1Control.decryptAndVerify(PDPA1Control.java:366)
> > ... 19 more



-- 
For contact details, please see www.ralphholz.de.

Mime
View raw message