santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Decryption fails on receiving host, but not on local - pointers?
Date Thu, 08 Nov 2007 14:46:53 GMT
The exception is thrown by the following method in ElementProxy:

    public void guaranteeThatElementInCorrectSpace()
            throws XMLSecurityException {

       String localnameSHOULDBE = this.getBaseLocalName();
       String namespaceSHOULDBE = this.getBaseNamespace();

       String localnameIS = this._constructionElement.getLocalName();
       String namespaceIS = this._constructionElement.getNamespaceURI();
       if ((namespaceSHOULDBE!=namespaceIS) ||
        !localnameSHOULDBE.equals(localnameIS) ) {
          Object exArgs[] = { namespaceIS +":"+ localnameIS,
            namespaceSHOULDBE +":"+ localnameSHOULDBE};
          throw new XMLSecurityException("xml.WrongElement", exArgs);
       }
    }


It sounds like the namespaces, though equal, are not the same object, 
thus the test is failing. Comparing by reference is done for performance 
reasons, since most XML parsers intern the namespace Strings.

There has been some discussion about this issue. What XML parser are you 
using? See http://issues.apache.org/bugzilla/show_bug.cgi?id=40897

--Sean

ralph-xmlsecurity@ralphholz.de wrote:
> Hi,
> 
> I've got this strange little problem.
> 
> When I encrypt a org.w3c.Document and decrypt it on the same host, everything 
> is fine. When I send it over the network, the receiving host throws an 
> org.apache.xml.security.encryption.XMLEncryptionException. The interesting 
> part of the stack trace is this:
> 
> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: No 
> message with ID "Error loading Key Info" found in resource 
> bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception was 
> a org.apache.xml.security.exceptions.XMLSecurityException and message Cannot 
> create a http://www.w3.org/2000/09/xmldsig#:KeyInfo from a 
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> Original Exception was 
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a 
> http://www.w3.org/2000/09/xmldsig#:KeyInfo from a 
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> 
> But here's the thing: When I write out the sent and received messages to an 
> XML file, and diff them, I find that they are exactly the same. To the 
> character. Surely I miss something simple. Do I need to normalise before 
> decrpytion? But why should that be necessary as I use Java serialisation and 
> the Document objects should be the same on byte level?
> 
> The encryption I use is AES-128-Keywrap + AES.
> 
> Thanks for any pointers!
> 
> Here's the stack trace - I've marked the interesting part:
> 
> PDPA1Control: Sender in my domain, using symmetric cryptography. Key for bob.
> Decryption of message failed, but key was OK. Aborting.
> NotRecoverableException reason: Decryption of message failed, but key was OK.
> This is the stack trace:
> NotRecoverableException caught by NodeControl - this should really not happen.
> tue.pdp.cryptography.DecryptionFailedException: Decryption of message failed.
> 	at tue.pdp.pdpa1.PDPA1Control.decryptAndVerify(PDPA1Control.java:368)
> 	at tue.pdp.handlers.PDPA1DASHandler.processMessage(PDPA1DASHandler.java:84)
> 	at tue.pdp.handlers.PDPCHandler.processMessage(PDPCHandler.java:63)
> 	at tue.pdp.handlers.MessageHandler.processMessage(MessageHandler.java:37)
> 	at tue.p2pdomain.NodeControl.callback(NodeControl.java:125)
> 	at 
> tue.pdp.connectors.PastryConnector.callbackControl(PastryConnector.java:66)
> 	at tue.pdp.connectors.PastryConnector.deliver(PastryConnector.java:116)
> 	at 
> rice.pastry.commonapi.PastryEndpoint.receiveMessage(PastryEndpoint.java:471)
> 	at 
> rice.pastry.messaging.MessageDispatch.dispatchMessage(MessageDispatch.java:146)
> 	at rice.pastry.PastryNode.receiveMessage(PastryNode.java:366)
> 	at 
> rice.pastry.standard.StandardRouter.receiveRouteMessage(StandardRouter.java:185)
> 	at rice.pastry.standard.StandardRouter.route(StandardRouter.java:84)
> 	at rice.pastry.standard.StandardRouter.receiveMessage(StandardRouter.java:76)
> 	at rice.pastry.client.PastryAppl.receiveMessageInternal(PastryAppl.java:183)
> 	at 
> rice.pastry.messaging.MessageDispatch.dispatchMessage(MessageDispatch.java:167)
> 	at rice.pastry.PastryNode.receiveMessage(PastryNode.java:370)
> 	at rice.pastry.socket.SocketManager.receive(SocketManager.java:513)
> 	at rice.pastry.socket.SocketManager.read(SocketManager.java:340)
> 	at rice.selector.SelectorManager.doSelections(SelectorManager.java:387)
> 	at rice.selector.SelectorManager.run(SelectorManager.java:253)
> 
> ===> interesting part here:
> 
> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: No 
> message with ID "Error loading Key Info" found in resource 
> bundle "org/apache/xml/security/resource/xmlsecurity". Original Exception was 
> a org.apache.xml.security.exceptions.XMLSecurityException and message Cannot 
> create a http://www.w3.org/2000/09/xmldsig#:KeyInfo from a 
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> Original Exception was 
> org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a 
> http://www.w3.org/2000/09/xmldsig#:KeyInfo from a 
> http://www.w3.org/2000/09/xmldsig#:KeyInfo element
> 	at 
> org.apache.xml.security.encryption.XMLCipher$Factory.newEncryptedData(Unknown 
> Source)
> 	at org.apache.xml.security.encryption.XMLCipher.loadEncryptedData(Unknown 
> Source)
> 	at 
> tue.pdp.cryptography.PDPCryptoOperator.symDecrypt(PDPCryptoOperator.java:296)
> 	at tue.pdp.pdpa1.PDPA1Control.decryptAndVerify(PDPA1Control.java:366)
> 	... 19 more
> 
> 
> 
> 


Mime
View raw message