[jira] [Created] (WSS-699) org.apache.wss4j.dom.transform.STRTransform not compliant with Oracle spec

Mon, 03 Jul 2023 07:55:06 -0700 

Luigi De Masi created WSS-699:
---------------------------------

             Summary: org.apache.wss4j.dom.transform.STRTransform not compliant 
with Oracle spec
                 Key: WSS-699
                 URL: https://issues.apache.org/jira/browse/WSS-699
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
    Affects Versions: 2.4.1
            Reporter: Luigi De Masi
            Assignee: Colm O hEigeartaigh


According to Oracle specification, implementor of transform method of class  
javax.xml.crypto.dsig.Transform should return null if the data was written to 
the OutputStream parameter: 

https://docs.oracle.com/en/java/javase/17/docs/api/java.xml.crypto/javax/xml/crypto/dsig/Transform.html#transform(javax.xml.crypto.Data,javax.xml.crypto.XMLCryptoContext,java.io.OutputStream)

but this commit break the specification, changing the return value from null to 
an empty XMLSignatureInput object:

https://github.com/apache/ws-wss4j/commit/20e8e4e0406b3053cf26f82b39e882d8dd33da9a

This is causing some issues during signature validation:

{{code}}
Caused by: javax.xml.crypto.dsig.XMLSignatureException: 
javax.xml.crypto.dsig.TransformException: java.lang.RuntimeException: 
unrecoverable error retrieving nodeset
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:552)
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:385)
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:278)
        at 
my.company.test.SignatureValidator.validateSignature(SignatureValidator.java:148)
        at 
my.company.test.SignatureValidator.validateSecurityHeader(SignatureValidator.java:125)
        at 
my.company.test.SignatureValidator.validate(SignatureValidator.java:82)
        at 
my.company.test.SignatureValidatorTest.testSaml1Original(SignatureValidatorTest.java:66)
        ... 70 more
Caused by: javax.xml.crypto.dsig.TransformException: 
java.lang.RuntimeException: unrecoverable error retrieving nodeset
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:174)
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:108)
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:73)
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:493)
        ... 76 more
Caused by: java.lang.RuntimeException: unrecoverable error retrieving nodeset
        at 
org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:53)
        at 
java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:159)
        ... 79 more
Caused by: java.lang.RuntimeException: getNodeSet() called but no input data 
present
        at 
org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:228)
        at 
org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:190)
        at 
org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:50)
        ... 80 more
{{code}}

 

 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to