Luigi De Masi created WSS-699:
---------------------------------
Summary: org.apache.wss4j.dom.transform.STRTransform not compliant
with Oracle spec
Key: WSS-699
URL: https://issues.apache.org/jira/browse/WSS-699
Project: WSS4J
Issue Type: Bug
Components: WSS4J Core
Affects Versions: 2.4.1
Reporter: Luigi De Masi
Assignee: Colm O hEigeartaigh
According to Oracle specification, implementor of transform method of class
javax.xml.crypto.dsig.Transform should return null if the data was written to
the OutputStream parameter:
https://docs.oracle.com/en/java/javase/17/docs/api/java.xml.crypto/javax/xml/crypto/dsig/Transform.html#transform(javax.xml.crypto.Data,javax.xml.crypto.XMLCryptoContext,java.io.OutputStream)
but this commit break the specification, changing the return value from null to
an empty XMLSignatureInput object:
https://github.com/apache/ws-wss4j/commit/20e8e4e0406b3053cf26f82b39e882d8dd33da9a
This is causing some issues during signature validation:
{{code}}
Caused by: javax.xml.crypto.dsig.XMLSignatureException:
javax.xml.crypto.dsig.TransformException: java.lang.RuntimeException:
unrecoverable error retrieving nodeset
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:552)
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:385)
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:278)
at
my.company.test.SignatureValidator.validateSignature(SignatureValidator.java:148)
at
my.company.test.SignatureValidator.validateSecurityHeader(SignatureValidator.java:125)
at
my.company.test.SignatureValidator.validate(SignatureValidator.java:82)
at
my.company.test.SignatureValidatorTest.testSaml1Original(SignatureValidatorTest.java:66)
... 70 more
Caused by: javax.xml.crypto.dsig.TransformException:
java.lang.RuntimeException: unrecoverable error retrieving nodeset
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:174)
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:108)
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:73)
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:493)
... 76 more
Caused by: java.lang.RuntimeException: unrecoverable error retrieving nodeset
at
org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:53)
at
java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:159)
... 79 more
Caused by: java.lang.RuntimeException: getNodeSet() called but no input data
present
at
org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:228)
at
org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:190)
at
org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:50)
... 80 more
{{code}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
