'[jira] [Resolved] (WSS-560) NullPointerException in WSSecEncrypt when encrypted header element has a'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jaxme-dev
Subject:    [jira] [Resolved] (WSS-560) NullPointerException in WSSecEncrypt when encrypted header element has a
From:       "Colm O hEigeartaigh (JIRA)" <jira () apache ! org>
Date:       2015-11-03 10:52:27
Message-ID: JIRA.12909746.1446490440000.135155.1446547947882 () Atlassian ! JIRA
[Download RAW message or body]


     [ https://issues.apache.org/jira/browse/WSS-560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel \
]

Colm O hEigeartaigh resolved WSS-560.
-------------------------------------
    Resolution: Fixed

> NullPointerException in WSSecEncrypt when encrypted header element has attributes
> ---------------------------------------------------------------------------------
> 
> Key: WSS-560
> URL: https://issues.apache.org/jira/browse/WSS-560
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Affects Versions: 2.0.6, 2.1.4
> Reporter: Ross M. Lodge
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 2.0.7, 2.1.5, 2.2.0
> 
> Attachments: WSS-560-2.0.6.patch, WSS-560-2.1.4.patch, WSS-560-Test-2.0.6.patch, \
> WSS-560-Test-2.1.4.patch 
> 
> If any header to be encrypted has an attribute that doesn't have an explicit \
> namespace (which would include any unqualified attributes, which for me is almost \
> all of them), WSSecEncrypt throws an NPE: {code:title=Exception|borderStyle=solid}
> org.apache.wss4j.common.ext.WSSecurityException: null
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.createEncryptedHeaderElement(WSSecEncrypt.java:711)
>   at org.apache.wss4j.dom.message.WSSecEncrypt.encryptElement(WSSecEncrypt.java:667)
>   at org.apache.wss4j.dom.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:417)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encryptForRef(WSSecEncrypt.java:255)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.encrypt(WSSecEncrypt.java:221)
> 	at org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:199)
> 	at org.apache.wss4j.dom.message.EncryptionPartsTest.testSOAPEncryptedHeaderWithAttributes(EncryptionPartsTest.java:321)
>  {code}
> This is because Node.getNamespaceURI() returns null, and the code checks with:
> {code:title=WSSecEncrypt.java Excerpt|borderStyle=solid}
> if (attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
> > > attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) {                    \
> > > 
> {code}
> Solution is to switch the equals condition:
> {code:title=WSSecEncrypt.java Fix|borderStyle=solid}
> if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
> > > WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
> {code}
> I'm adding four patches:
> - a test for code vs. version 2.0.6
> - code fix vs. version 2.0.6
> - a test for code vs. version 2.1.4
> - a code fix vs. version 2.1.4



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic