You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2006/10/18 10:46:11 UTC
DO NOT REPLY [Bug 40783] New: - NPE in ResolverDirectHTTP.engineCanResolve
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40783>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40783
Summary: NPE in ResolverDirectHTTP.engineCanResolve
Product: Security
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: info@frankcornelis.be
When executing the following code using XML Security 1.4.Beta2 you'll get an
NPE. I think a better error reporting would be something like: cannot resolve URI.
XMLSignature signature = new XMLSignature(testDocument, null,
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA512,
Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
Element signatureElement = signature.getElement();
Element rootElement = (Element) testDocument.getFirstChild();
rootElement.appendChild(signatureElement);
Transforms transforms = new Transforms(testDocument);
signature.addDocument("urn:unknown:uri", transforms,
MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA512);
signature.addKeyInfo(publicKey);
signature.sign(privateKey);
The NPE stack trace:
java.lang.NullPointerException
at
org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP.engineCanResolve(Unknown
Source)
at org.apache.xml.security.utils.resolver.ResourceResolver.canResolve(Unknown
Source)
at org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(Unknown
Source)
at org.apache.xml.security.utils.resolver.ResourceResolver.getInstance(Unknown
Source)
at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
Source)
at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 40783] - NPE in ResolverDirectHTTP.engineCanResolve
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40783>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40783
------- Additional Comments From sean.mullan@sun.com 2006-10-18 11:34 -------
Do you know if this is a regression from 1.3? I don't think it is. In
any case, the fix is trivial (diffs below), but I'll leave it up to Raul to
decide if we can squeeze it in for 1.4.
$ svn diff ResolverDirectHTTP.java
Index: ResolverDirectHTTP.java
===================================================================
--- ResolverDirectHTTP.java (revision 433241)
+++ ResolverDirectHTTP.java (working copy)
@@ -262,7 +262,7 @@
log.debug("I was asked whether I can resolve " + uriNodeValue);
if ( uriNodeValue.startsWith("http:") ||
- BaseURI.startsWith("http:")) {
+ (BaseURI != null && BaseURI.startsWith("http:"))) {
if (log.isDebugEnabled())
log.debug("I state that I can resolve " + uriNodeValue);
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 40783] - NPE in ResolverDirectHTTP.engineCanResolve
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40783>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40783
sean.mullan@sun.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
------- Additional Comments From sean.mullan@sun.com 2007-09-19 12:19 -------
Closing old bugs. Fixed in 1.4.1
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
DO NOT REPLY [Bug 40783] - NPE in ResolverDirectHTTP.engineCanResolve
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40783>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40783
raul-info@r-bg.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From raul-info@r-bg.com 2006-10-18 11:47 -------
Hi, thanks for noticing.
The problem was not url, the problem was the null BaseURI ,i.e. the second
parameter in the XMLSignature constructor.
Anyway after one line patch now it is fixed in SVN head. Please take a look.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.