You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Ross M. Lodge (JIRA)" <ji...@apache.org> on 2015/11/02 19:54:27 UTC
[jira] [Created] (WSS-560) NullPointerException in WSSecEncrypt
when encrypted header element has attributes
Ross M. Lodge created WSS-560:
---------------------------------
Summary: NullPointerException in WSSecEncrypt when encrypted header element has attributes
Key: WSS-560
URL: https://issues.apache.org/jira/browse/WSS-560
Project: WSS4J
Issue Type: Bug
Components: WSS4J Handlers
Affects Versions: 2.1.4, 2.0.6
Reporter: Ross M. Lodge
Assignee: Colm O hEigeartaigh
Priority: Critical
If any header to be encrypted has an attribute that doesn't have an explicit namespace (which would include any unqualified attributes, which for me is almost all of them), WSSecEncrypt throws an NPE:
{code:title=Exception|borderStyle=solid}
org.apache.wss4j.common.ext.WSSecurityException: null
at org.apache.wss4j.dom.message.WSSecEncrypt.createEncryptedHeaderElement(WSSecEncrypt.java:711)
at org.apache.wss4j.dom.message.WSSecEncrypt.encryptElement(WSSecEncrypt.java:667)
at org.apache.wss4j.dom.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:417)
at org.apache.wss4j.dom.message.WSSecEncrypt.encryptForRef(WSSecEncrypt.java:255)
at org.apache.wss4j.dom.message.WSSecEncrypt.encrypt(WSSecEncrypt.java:221)
at org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:199)
at org.apache.wss4j.dom.message.EncryptionPartsTest.testSOAPEncryptedHeaderWithAttributes(EncryptionPartsTest.java:321)
{code}
This is because Node.getNamespaceURI() returns null, and the code checks with:
{code:title=WSSecEncrypt.java Excerpt|borderStyle=solid}
if (attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
|| attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) {
{code}
Solution is to switch the equals condition:
{code:title=WSSecEncrypt.java Fix|borderStyle=solid}
if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
|| WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
{code}
I'm adding four patches:
- a test for code vs. version 2.0.6
- code fix vs. version 2.0.6
- a test for code vs. version 2.1.4
- a code fix vs. version 2.1.4
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org