Mailing-List: contact dev-help@ws.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@ws.apache.org
Date: Mon, 2 Nov 2015 19:45:27 +0000 (UTC)
From: "Ross M. Lodge (JIRA)" <jira@apache.org>
To: dev@ws.apache.org
Message-ID: <JIRA.12909746.1446490440000.128263.1446493527727@Atlassian.JIRA>
In-Reply-To: <JIRA.12909746.1446490440000@Atlassian.JIRA>
References: <JIRA.12909746.1446490440000@Atlassian.JIRA>
 <JIRA.12909746.1446490440335@arcas>
Subject: [jira] [Updated] (WSS-560) NullPointerException in WSSecEncrypt
 when encrypted header element has attributes
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


     [ https://issues.apache.org/jira/browse/WSS-560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ross M. Lodge updated WSS-560:
------------------------------
    Attachment: WSS-560-Test-2.1.4.patch
                WSS-560-2.1.4.patch
                WSS-560-2.0.6.patch
                WSS-560-Test-2.0.6.patch

Failing tests against 2.1.4 and 2.0.6, and fixes for both.

> NullPointerException in WSSecEncrypt when encrypted header element has attributes
> ---------------------------------------------------------------------------------
>
>                 Key: WSS-560
>                 URL: https://issues.apache.org/jira/browse/WSS-560
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Handlers
>    Affects Versions: 2.0.6, 2.1.4
>            Reporter: Ross M. Lodge
>            Assignee: Colm O hEigeartaigh
>            Priority: Critical
>         Attachments: WSS-560-2.0.6.patch, WSS-560-2.1.4.patch, WSS-560-Test-2.0.6.patch, WSS-560-Test-2.1.4.patch
>
>
> If any header to be encrypted has an attribute that doesn't have an explicit namespace (which would include any unqualified attributes, which for me is almost all of them), WSSecEncrypt throws an NPE:
> {code:title=Exception|borderStyle=solid}
> org.apache.wss4j.common.ext.WSSecurityException: null
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.createEncryptedHeaderElement(WSSecEncrypt.java:711)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encryptElement(WSSecEncrypt.java:667)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:417)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encryptForRef(WSSecEncrypt.java:255)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encrypt(WSSecEncrypt.java:221)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:199)
> 	at org.apache.wss4j.dom.message.EncryptionPartsTest.testSOAPEncryptedHeaderWithAttributes(EncryptionPartsTest.java:321)
> {code}
> This is because Node.getNamespaceURI() returns null, and the code checks with:
> {code:title=WSSecEncrypt.java Excerpt|borderStyle=solid}
>             if (attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
>                 || attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) {                         
> {code}
> Solution is to switch the equals condition:
> {code:title=WSSecEncrypt.java Fix|borderStyle=solid}
>             if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
>                 || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
> {code}
> I'm adding four patches:
> - a test for code vs. version 2.0.6
> - code fix vs. version 2.0.6
> - a test for code vs. version 2.1.4
> - a code fix vs. version 2.1.4


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org