You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Rami Jaamour <rj...@parasoft.com> on 2004/05/04 23:53:03 UTC

Absense of KeyInfo causes NullPointerException

OASIS WSS soap message security v1.0 reads, section 7.5, line 809 reads:

<<
7.5 ds:KeyInfo
The <ds:KeyInfo> element (from XML Signature) can be used for carrying 
the key information 810 and is allowed for different key types and for 
future extensibility.
...
 >>

This implies to me that the KeyInfo Element is optional for XML 
signature verification, is it? I couldn't confirm this so far. However, 
when attempting to verify a signed message without KeyInfo, WSS4J throws 
a NullPointerException from WSSecurityEngine.verifyXMLSignature() near 
line 457 because "info" is returned null at
KeyInfo info = sig.getKeyInfo();

Should WSS4J be able to verify a signature even when there is no KeyInfo 
element as long as the certificate information is available to it in the 
properties?

Thanks,
-- 
Rami Jaamour
Software Engineer
SOAPtest <http://www.parasoft.com/jsp/products/home.jsp?product=SOAP> 
Development
Parasoft Corporation <http://www.parasoft.com>
/
We Make Software Work/