No luck. Now I don't get any exception (after fixing a npe) but the
signature verification still fails.
I had to apply this tiny patch to get to the stage of signature verification
failing. All long
it has been exceptions!. Not sure whether the patch is the right one.I would
appreciate if you could verify the xml file that I sent earlier at your end.
Or if you have any tools/utilities to verify a standlone xml message.
--- org/apache/axiom/om/impl/dom/ElementImpl.java.orig 2006-09-19 09:55:
31.445213500 -0400
+++ org/apache/axiom/om/impl/dom/ElementImpl.java 2006-09-19 09:32:
13.461364400 -0400
@@ -361,8 +361,9 @@
if (namespaceURI == OMConstants.XMLNS_NS_URI) {
OMNamespace ns = this.findNamespaceURI(localName);
- AttrImpl namespaceAttr = new AttrImpl(this.ownerNode,
localName, ns
- .getNamespaceURI(), this.factory);
+ String nsuri = ns != null ? ns.getNamespaceURI() : "";
+ AttrImpl namespaceAttr = new AttrImpl(this.ownerNode,
localName, nsuri,
+ this.factory);
NamespaceImpl xmlNs = new NamespaceImpl(
OMConstants.XMLNS_NS_URI);
namespaceAttr.setOMNamespace(xmlNs);
return namespaceAttr;
On 9/18/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> This is a Bug in DOOM. Thanks for reporting it.
> I just fixed it in the latest svn - revision - 447543.
>
> Please try it out.
>
> Thanks,
> Ruchith
>
> On 9/18/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > I updated from subversion today( 20060918 10AM EST). The
> > NullPointerException is gone but a new exception
> > UnsupportedOperationException is being thrown.
> >
> > A basic question. Does axiom+wss4j support blank URI's? Using
> > XPath? The xml message that fails actually uses blank URIs and XPath to
> > refer to the subset that is signed. Here is the stack trace.
> >
> > Thread [http-8888-Processor25] (Suspended (exception
> > UnsupportedOperationException))
> > SOAPMessageImpl(DocumentImpl).getNextSibling() line: 111
> > XMLUtils.circumventBug2650internal(Node) line: 490
> > XMLUtils.circumventBug2650(Document) line: 436
> >
> >
>
Canonicalizer20010315ExclOmitComments(CanonicalizerBase).engineCanonicalize(XMLSignatureInput)
> > line: 150
> >
> >
>
Canonicalizer20010315ExclOmitComments(Canonicalizer20010315Excl).engineCanonicalize(XMLSignatureInput,
> > String) line: 115
> > TransformC14NExclusive.enginePerformTransform(XMLSignatureInput,
> > OutputStream) line: 93
> > Transform.performTransform(XMLSignatureInput, OutputStream) line:
> 340
> >
> > Transforms.performTransforms(XMLSignatureInput, OutputStream) line:
> > 237
> > Reference.getContentsAfterTransformation(XMLSignatureInput,
> > OutputStream) line: 433
> > Reference.dereferenceURIandPerformTransforms(OutputStream) line: 603
> > Reference.calculateDigest() line: 688
> > Reference.verify() line: 736
> > SignedInfo(Manifest).verifyReferences(boolean) line: 317
> > SignedInfo.verify(boolean) line: 224
> > XMLSignature.checkSignatureValue(Key) line: 590
> > XMLSignature.checkSignatureValue(X509Certificate) line: 557
> > SignatureProcessor.verifyXMLSignature(Element, Crypto,
> > X509Certificate[], Set, byte[][]) line: 264
> > SignatureProcessor.handleToken(Element, Crypto, Crypto,
> CallbackHandler,
> > WSDocInfo, Vector, WSSConfig) line: 79
> > WSSecurityEngine.processSecurityHeader(Element, CallbackHandler,
> Crypto,
> > Crypto) line: 269
> > WSSecurityEngine.processSecurityHeader(Document, String,
> > CallbackHandler, Crypto, Crypto) line: 191
> > WSDoAllReceiver.processMessage(MessageContext) line: 180
> > WSDoAllReceiver(WSDoAllHandler).invoke(MessageContext) line: 82
> > Phase.invoke(MessageContext) line: 381
> > AxisEngine.invoke(MessageContext) line: 473
> > AxisEngine.receive(MessageContext) line: 445
> > OutInAxisOperationClient.send(MessageContext) line: 355
> > OutInAxisOperationClient.execute(boolean) line: 279
> > CustomerInformationServiceStub.isAliveRequest
> (IsAliveRequestDocument)
> > line: 317
> > CustomerInformationClient.queryIsAlive() line: 66
> > IsAliveRequestAction.processRequest(HttpServletRequest,
> > HttpServletResponse) line: 42
> > IsAliveRequestAction(SimpleAction).executeAction(ActionConfigExt,
> > ActionForm, HttpServletRequest, HttpServletResponse) line: 185
> >
> >
> IsAliveRequestAction(AbstractRequestAction).executeAction(ActionConfigExt,
> > ActionForm, HttpServletRequest, HttpServletResponse) line: 162
> > IsAliveRequestAction(SimpleAction).execute(ActionMapping,
> ActionForm,
> > HttpServletRequest, HttpServletResponse) line: 123
> >
> >
> RequestProcessorExt(RequestProcessor).processActionPerform(HttpServletRequest,
> > HttpServletResponse, Action, ActionForm, ActionMapping) line: 484
> > RequestProcessorExt(RequestProcessor).process(HttpServletRequest,
> > HttpServletResponse) line: 274
> > RequestProcessorExt.process(HttpServletRequest, HttpServletResponse)
> > line: 126
> > ActionServletExt(ActionServlet).process(HttpServletRequest,
> > HttpServletResponse) line: 1482
> > ActionServletExt.process(HttpServletRequest, HttpServletResponse)
> line:
> > 111
> > ActionServletExt(ActionServlet).doGet(HttpServletRequest,
> > HttpServletResponse) line: 507
> > ActionServletExt(HttpServlet).service(HttpServletRequest,
> > HttpServletResponse) line: 697
> > ActionServletExt(HttpServlet).service(ServletRequest,
> ServletResponse)
> > line: 810
> > ApplicationFilterChain.internalDoFilter(ServletRequest,
> ServletResponse)
> > line: 237
> > ApplicationFilterChain.doFilter(ServletRequest, ServletResponse)
> line:
> > 157
> > StandardWrapperValve.invoke(Request, Response, ValveContext) line:
> > 214
> > StandardValveContext.invokeNext(Request, Response) line: 104
> > StandardPipeline.invoke(Request, Response) line: 520
> > StandardContextValve.invokeInternal(Wrapper, Request, Response)
> line:
> > 198
> > StandardContextValve.invoke(Request, Response, ValveContext) line:
> > 152
> > StandardValveContext.invokeNext(Request, Response) line: 104
> > StandardPipeline.invoke(Request, Response) line: 520
> > StandardHostValve.invoke(Request, Response, ValveContext) line: 137
> > StandardValveContext.invokeNext(Request, Response) line: 104
> > ErrorReportValve.invoke(Request, Response, ValveContext) line: 118
> > StandardValveContext.invokeNext(Request, Response) line: 102
> > StandardPipeline.invoke(Request, Response) line: 520
> > StandardEngineValve.invoke(Request, Response, ValveContext) line:
> 109
> >
> > StandardValveContext.invokeNext(Request, Response) line: 104
> > StandardPipeline.invoke(Request, Response) line: 520
> > StandardEngine(ContainerBase).invoke(Request, Response) line: 929
> > CoyoteAdapter.service(Request, Response) line: 160
> > Http11Processor.process(InputStream, OutputStream) line: 799
> >
> Http11Protocol$Http11ConnectionHandler.processConnection(TcpConnection,
> > Object[]) line: 705
> > TcpWorkerThread.runIt(Object[]) line: 577
> > ThreadPool$ControlRunnable.run() line: 684
> > ThreadWithAttributes(Thread).run() line: 534
> >
> >
> >
> >
> >
> >
> > On 9/18/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > >
> > > Hi Aravind,
> > >
> > > I just checked the latest axiom-dom impl code and there is a null
> > > check in line #353 in ElementImpl. Therefore IMHO this exception is
> > > not possible. Are you sure you are using the latest axiom-*-SNAPSHOT
> > > jars?
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > On 9/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > > > I upgraded to stax-1.0.1 and wstx-asl-3.0.0.jar as you said. And I
> get a
> > > > NullPointerException. Here is the stack trace. I have also attached
> the
> > > xml
> > > > message.
> > > > In the soap message that causes the problem,I have commented out the
> > > private
> > > > information as confidential. I hope that doesn't cause a problem
> for
> > > you as
> > > > it is outside
> > > > the signed part. The odd thing is the URI is blank and the message
> uses
> > > > XPath to refer to the part that is signed. I am not sure how good is
> the
> > > > support for XPath in xmlsecurity library suite.
> > > >
> > > > Any help will be greatly appreciated. Thanks in advance.
> > > >
> > > > Aravind
> > > >
> > > > >
> > > >
> > >
>
-------------------------------------------------------------------------------------
> > > > >
> > > > > SOAPEnvelopeImpl(ElementImpl).getAttributeNodeNS(String,
> > > > String) line: 353
> > > > > XMLUtils.circumventBug2650(Document) line: 429
> > > > >
> > > >
> > >
>
Canonicalizer20010315ExclOmitComments(CanonicalizerBase).engineCanonicalize(XMLSignatureInput)
> > > > line: 150
> > > > >
> > > >
> > >
>
Canonicalizer20010315ExclOmitComments(Canonicalizer20010315Excl).engineCanonicalize(XMLSignatureInput,
> > > > String) line: 115
> > > > >
> > > > TransformC14NExclusive.enginePerformTransform(XMLSignatureInput,
> > > > OutputStream) line: 93
> > > > > Transform.performTransform(XMLSignatureInput, OutputStream) line:
> 340
> > > > > Transforms.performTransforms(XMLSignatureInput, OutputStream)
> line:
> > > 237
> > > > >
> > > > Reference.getContentsAfterTransformation(XMLSignatureInput,
> > > > OutputStream) line: 433
> > > > >
> > > > Reference.dereferenceURIandPerformTransforms(OutputStream)
> > > > line: 603
> > > > > Reference.calculateDigest() line: 688
> > > > > Reference.verify() line: 736
> > > > > SignedInfo(Manifest).verifyReferences(boolean) line: 317
> > > >
> > > > > SignedInfo.verify(boolean) line: 224
> > > > > XMLSignature.checkSignatureValue(Key) line: 590
> > > > > XMLSignature.checkSignatureValue(X509Certificate) line:
> > > > 557
> > > > > SignatureProcessor.verifyXMLSignature(Element, Crypto,
> > > > X509Certificate[], Set, byte[][]) line: 264
> > > > > SignatureProcessor.handleToken(Element, Crypto, Crypto,
> > > CallbackHandler,
> > > > WSDocInfo, Vector, WSSConfig) line: 79
> > > > > WSSecurityEngine.processSecurityHeader(Element,
> > > > CallbackHandler, Crypto, Crypto) line: 269
> > > > > WSSecurityEngine.processSecurityHeader(Document, String,
> > > > CallbackHandler, Crypto, Crypto) line: 191
> > > > > WSDoAllReceiver.processMessage(MessageContext) line: 180
> > > > > WSDoAllReceiver(WSDoAllHandler).invoke(MessageContext)
> > > > line: 82
> > > > > Phase.invoke(MessageContext) line: 381
> > > > > AxisEngine.invoke(MessageContext) line: 473
> > > > > AxisEngine.receive(MessageContext) line: 445
> > > > > OutInAxisOperationClient.send(MessageContext) line: 355
> > > > > OutInAxisOperationClient.execute (boolean) line: 279
> > > > >
> > > >
> > >
> -------------------------------------------------------------------------
> > > >
> > > >
> > > >
> > > > On 9/13/06, Ruchith Fernando < [EMAIL PROTECTED]> wrote:
> > > > > Yes !
> > > > >
> > > > > You have to use stax-1.0.1. Please replace your stax-api jar with
> this
> > > > > [1] and woodstox (wstx-asl-*.jar) with this [2].
> > > > >
> > > > > Thanks,
> > > > > Ruchith
> > > > >
> > > > > [1]
> > > > http://www.ibiblio.org/maven/stax/jars/stax-api-1.0.1.jar
> > > > > [2]
> > > > http://www.ibiblio.org/maven/woodstox/jars/wstx-asl-3.0.0.jar
> > > > >
> > > > > On 9/14/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > > > > > Hi,
> > > > > >
> > > > > > Do I need to upgrade any other libraries? When I used the the
> latest
> > > > > > snapshot I get this error in my application. I have pasted only
> > > > > > the relevant portion of the stack trace as the other parts are
> > > > > > confidential.
> > > > > >
> > > > > > thanks
> > > > > >
> > > > > > Aravind
> > > > > >
> > > > > > Error is
> > > > > >
> > > > > > java.lang.NoSuchMethodError:
> > > > > > javax.xml.stream.XMLOutputFactory.newInstance
> > > >
> > >
> (Ljava/lang/String;Ljava/lang/ClassLoader;)Ljavax/xml/stream/XMLOutputFactory;
> > > > > > at
> > > > org.apache.axiom.om.util.StAXUtils.getXMLOutputFactory(
> StAXUtils.java
> > > :97)
> > > > > > at
> > > > org.apache.axiom.om.util.StAXUtils.createXMLStreamWriter
> > > > (StAXUtils.java:111)
> > > > > > at
> > > > org.apache.axiom.om.impl.dom.NodeImpl.serialize(NodeImpl.java:577)
> > > > > > at
> > > > org.apache.axiom.om.impl.dom.ElementImpl.toString(ElementImpl.java
> :1139)
> > > > > >
> > > > > >
> > > > > >
> > > > > > On 9/13/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> > > > > > >
> > > > > > > Hi,
> > > > > > >
> > > > > > > Can you please try this with the latest axiom-*-SNAPSHOT jars.
> > > > > > >
> > > > > > >
> > > >
> > >
> http://people.apache.org/repository/ws-commons/jars/axiom-api-SNAPSHOT.jar
> > > > > > >
> > > >
> > >
> http://people.apache.org/repository/ws-commons/jars/axiom-dom-SNAPSHOT.jar
> > > > > > >
> > > > > > >
> > > >
> > >
> http://people.apache.org/repository/ws-commons/jars/axiom-impl-SNAPSHOT.jar
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Ruchith
> > > > > > >
> > > > > > > On 9/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED] >
> wrote:
> > > > > > > > At ResolverFragment.java:60
> > > > > > > >
> > > > > > > > Document doc = uri.getOwnerElement().getOwnerDocument();
> > > > > > > >
> > > > > > > > This happens when we try to verify a xml signature. We are
> using
> > > > > > > > axiom(version
> > > > 1)/wss4j-1.5.0/xerces-2.7.1/xml-api-1.3.02/xmlsec-1.3.0with
> > > > > > > > Tomcat.
> > > > > > > >
> > > > > > > > uri.getOwnerElement() is of type DocumentImpl that can't be
> type
> > > > cast
> > > > > > > > into Element as none of the super classes implement the
> Element
> > > > > > > interface.
> > > > > > > > Am I right? I am new to web services and I don't understand
> > > fully.
> > > > But
> > > > > > > this
> > > > > > > > problem is always reproducible in our environment.
> > > > > > > >
> > > > > > > > Any help will be greatly appreciated.
> > > > > > > >
> > > > > > > > thanks
> > > > > > > >
> > > > > > > > Aravind
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > www.ruchith.org
> > > > > > >
> > > > > > >
> > > >
> ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > www.ruchith.org
> > > > >
> > > > >
> > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> >
>
>
> --
> www.ruchith.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
