Transform NullPointerException

[Bill Speirs <bi...@gmail.com>]

I'm trying to apply a DSA signature to the XML output of a JAXB object
by following this example: http://goo.gl/vVNxy. I'm able to convert
the JAXB object to a Document; however, when I go to create the
XMLSignature I'm unsure what BaseURI I should use as my XML is not
coming from a file like in the example.

The real problem though is that when I attempt to add a Transform, I
keep getting a NullPointerException on this line:
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);

Exception in thread "main" java.lang.NullPointerException
	at org.apache.xml.security.transforms.Transform.getTransformSpi(Unknown Source)
	at org.apache.xml.security.transforms.Transform.<init>(Unknown Source)
	at org.apache.xml.security.transforms.Transform.getInstance(Unknown Source)
	at org.apache.xml.security.transforms.Transform.getInstance(Unknown Source)
	at org.apache.xml.security.transforms.Transforms.addTransform(Unknown Source)
	at test.Test.main(Test.java:64)

I have attached my source example file and the associated XSD file I
used to generate the Token & Principal JAXB objects.

Any help or insight would be greatly appreciated.

Thanks in advance...

Bill-

Re: Transform NullPointerException

["Cantor, Scott E." <ca...@osu.edu>]

On 3/28/11 6:15 PM, "Bill Speirs" <bi...@gmail.com> wrote:
>> No.
>
>OK, any ideas on why it wasn't writing to this file?

Eithet you're not running 1.6, or the other option is that there's
actually no data being digested (the selection is empty).

>Agreed... I'm confused/uneducated. As I understand it an enveloped
>signature is one that is included in the XML document I'm signing.

It's a Signature element that's included in the Reference.

> So because I was signing <token>, the root element, I needed to include
>TRANSFORM_ENVELOPED_SIGNATURE. I just tried creating a signature only
>signing principal (inside token) without using
>TRANSFORM_ENVELOPED_SIGNATURE and it worked.

If the thing you're signing contains the signature being created, then
it's enveloped. If it's a sibling or off in a branch, it's not.

-- Scott

Re: Transform NullPointerException

[Bill Speirs <bi...@gmail.com>]

> No.

OK, any ideas on why it wasn't writing to this file?

> You can't exactly "guess" about whether to include an enveloped transform.
> If it's an enveloped signature, it obviously won't work without that.
>
> I don't know of any reason the order would matter.
>
> Well, I guess that might suggest confusion over what enveloped signatures
> are. If you need it, you can't really omit it.

Agreed... I'm confused/uneducated. As I understand it an enveloped
signature is one that is included in the XML document I'm signing. So
because I was signing <token>, the root element, I needed to include
TRANSFORM_ENVELOPED_SIGNATURE. I just tried creating a signature only
signing principal (inside token) without using
TRANSFORM_ENVELOPED_SIGNATURE and it worked.

Still not sure why I cannot apply the TRANSFORM_ENVELOPED_SIGNATURE
before TRANSFORM_ENVELOPED_SIGNATURE.

Thanks for the help...

Bill-

Re: Transform NullPointerException

["Cantor, Scott E." <ca...@osu.edu>]

On 3/28/11 5:44 PM, "Bill Speirs" <bi...@gmail.com> wrote:
>Thanks for the reply. I'm running a slightly modified version of the
>sample code that uses my "raw" (not a certificate) DSA key and my XML
>file. I set XSEC_DEBUG_FILE in my environment to a world writable
>file, but it never wrote anything to that file. Do I need to trigger
>this debug output somehow?

No.

>I have signing & verifying working; however, there is something
>strange. If I ONLY apply the TRANSFORM_C14N_WITH_COMMENTS transform,
>the signature does not work. If I apply TRANSFORM_ENVELOPED_SIGNATURE,
>then TRANSFORM_C14N_WITH_COMMENTS it works, but the other way around
>does not.

You can't exactly "guess" about whether to include an enveloped transform.
If it's an enveloped signature, it obviously won't work without that.

I don't know of any reason the order would matter.

>Any thoughts on why I cannot use TRANSFORM_C14N_WITH_COMMENTS without
>TRANSFORM_ENVELOPED_SIGNATURE? What am I missing/not understanding
>here?

Well, I guess that might suggest confusion over what enveloped signatures
are. If you need it, you can't really omit it.

-- Scott

Re: Transform NullPointerException

[Bill Speirs <bi...@gmail.com>]

Scott-

Thanks for the reply. I'm running a slightly modified version of the
sample code that uses my "raw" (not a certificate) DSA key and my XML
file. I set XSEC_DEBUG_FILE in my environment to a world writable
file, but it never wrote anything to that file. Do I need to trigger
this debug output somehow?

I have signing & verifying working; however, there is something
strange. If I ONLY apply the TRANSFORM_C14N_WITH_COMMENTS transform,
the signature does not work. If I apply TRANSFORM_ENVELOPED_SIGNATURE,
then TRANSFORM_C14N_WITH_COMMENTS it works, but the other way around
does not.

Any thoughts on why I cannot use TRANSFORM_C14N_WITH_COMMENTS without
TRANSFORM_ENVELOPED_SIGNATURE? What am I missing/not understanding
here?

Bill-

On Sat, Mar 26, 2011 at 3:40 PM, Cantor, Scott E. <ca...@osu.edu> wrote:
>>So I am able to create a signed XML document; however, now I'm having
>>issues trying to validate the XML signature in C++. I've attached the
>>C++ code to this document.
>
> Assuming that's the sample from the library, if it's not working, it's
> possible you're corrupting the XML before verifying it.
>
> Either way, the latest library finally has support for directing the
> digested octets to a logfile so you can compare them to what the Java
> logger is seeing. Just set XSEC_DEBUG_FILE to a path to dump the data to.
>
> -- Scott
>
>

Re: Transform NullPointerException

["Cantor, Scott E." <ca...@osu.edu>]

>So I am able to create a signed XML document; however, now I'm having
>issues trying to validate the XML signature in C++. I've attached the
>C++ code to this document.

Assuming that's the sample from the library, if it's not working, it's
possible you're corrupting the XML before verifying it.

Either way, the latest library finally has support for directing the
digested octets to a logfile so you can compare them to what the Java
logger is seeing. Just set XSEC_DEBUG_FILE to a path to dump the data to.

-- Scott

Re: Transform NullPointerException

[Bill Speirs <bi...@gmail.com>]

I was able to solve my issue, I had forgotten the init block: static {
org.apache.xml.security.Init.init(); }

So I am able to create a signed XML document; however, now I'm having
issues trying to validate the XML signature in C++. I've attached the
C++ code to this document.

Does anyone notice that I'm doing something completely wrong?

Thanks...

Bill-

On Thu, Mar 24, 2011 at 10:37 PM, Bill Speirs <bi...@gmail.com> wrote:
> I'm trying to apply a DSA signature to the XML output of a JAXB object
> by following this example: http://goo.gl/vVNxy. I'm able to convert
> the JAXB object to a Document; however, when I go to create the
> XMLSignature I'm unsure what BaseURI I should use as my XML is not
> coming from a file like in the example.
>
> The real problem though is that when I attempt to add a Transform, I
> keep getting a NullPointerException on this line:
> transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
>
> Exception in thread "main" java.lang.NullPointerException
>        at org.apache.xml.security.transforms.Transform.getTransformSpi(Unknown Source)
>        at org.apache.xml.security.transforms.Transform.<init>(Unknown Source)
>        at org.apache.xml.security.transforms.Transform.getInstance(Unknown Source)
>        at org.apache.xml.security.transforms.Transform.getInstance(Unknown Source)
>        at org.apache.xml.security.transforms.Transforms.addTransform(Unknown Source)
>        at test.Test.main(Test.java:64)
>
> I have attached my source example file and the associated XSD file I
> used to generate the Token & Principal JAXB objects.
>
> Any help or insight would be greatly appreciated.
>
> Thanks in advance...
>
> Bill-
>