[
https://issues.apache.org/jira/browse/WSS-560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14989724#comment-14989724
]
Ross M. Lodge commented on WSS-560:
-----------------------------------
How can I follow up and make sure that this finds its way into the next 3.0.x
release of CXF?
> NullPointerException in WSSecEncrypt when encrypted header element has
> attributes
> ---------------------------------------------------------------------------------
>
> Key: WSS-560
> URL: https://issues.apache.org/jira/browse/WSS-560
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Handlers
> Affects Versions: 2.0.6, 2.1.4
> Reporter: Ross M. Lodge
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 2.0.7, 2.1.5, 2.2.0
>
> Attachments: WSS-560-2.0.6.patch, WSS-560-2.1.4.patch,
> WSS-560-Test-2.0.6.patch, WSS-560-Test-2.1.4.patch
>
>
> If any header to be encrypted has an attribute that doesn't have an explicit
> namespace (which would include any unqualified attributes, which for me is
> almost all of them), WSSecEncrypt throws an NPE:
> {code:title=Exception|borderStyle=solid}
> org.apache.wss4j.common.ext.WSSecurityException: null
> at
> org.apache.wss4j.dom.message.WSSecEncrypt.createEncryptedHeaderElement(WSSecEncrypt.java:711)
> at
> org.apache.wss4j.dom.message.WSSecEncrypt.encryptElement(WSSecEncrypt.java:667)
> at
> org.apache.wss4j.dom.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:417)
> at
> org.apache.wss4j.dom.message.WSSecEncrypt.encryptForRef(WSSecEncrypt.java:255)
> at
> org.apache.wss4j.dom.message.WSSecEncrypt.encrypt(WSSecEncrypt.java:221)
> at
> org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:199)
> at
> org.apache.wss4j.dom.message.EncryptionPartsTest.testSOAPEncryptedHeaderWithAttributes(EncryptionPartsTest.java:321)
> {code}
> This is because Node.getNamespaceURI() returns null, and the code checks with:
> {code:title=WSSecEncrypt.java Excerpt|borderStyle=solid}
> if (attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
> || attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV))
> {
> {code}
> Solution is to switch the equals condition:
> {code:title=WSSecEncrypt.java Fix|borderStyle=solid}
> if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
> || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI()))
> {
> {code}
> I'm adding four patches:
> - a test for code vs. version 2.0.6
> - code fix vs. version 2.0.6
> - a test for code vs. version 2.1.4
> - a code fix vs. version 2.1.4
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
