You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Rami Jaamour <rj...@parasoft.com> on 2004/05/04 23:53:03 UTC
Absense of KeyInfo causes NullPointerException
OASIS WSS soap message security v1.0 reads, section 7.5, line 809 reads:
<<
7.5 ds:KeyInfo
The <ds:KeyInfo> element (from XML Signature) can be used for carrying
the key information 810 and is allowed for different key types and for
future extensibility.
...
>>
This implies to me that the KeyInfo Element is optional for XML
signature verification, is it? I couldn't confirm this so far. However,
when attempting to verify a signed message without KeyInfo, WSS4J throws
a NullPointerException from WSSecurityEngine.verifyXMLSignature() near
line 457 because "info" is returned null at
KeyInfo info = sig.getKeyInfo();
Should WSS4J be able to verify a signature even when there is no KeyInfo
element as long as the certificate information is available to it in the
properties?
Thanks,
--
Rami Jaamour
Software Engineer
SOAPtest <http://www.parasoft.com/jsp/products/home.jsp?product=SOAP>
Development
Parasoft Corporation <http://www.parasoft.com>
/
We Make Software Work/