Decrypting the soap xml results in NP exception for soap message containing
BinarySecurityToken in request.
I am using wss4j 1.5.5 to decrypt the soap message.
The client encrypt the soap message by setting action =Encrypt and
encryptionKeyIdentifier=DirectReference.
At receiving end the receiver handler config is:
<requestFlow>
<handler name="DoSecurityReceiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="action" value="Encrypt"/>
<parameter name="decryptionPropFile"
value="server.crypto.properties"/>
<parameter name="passwordCallbackClass"
value="com.ws.server.PWCallback"/>
</handler>
</requestFlow>
At receiving end when decrypting this message, The null pointer occurs (
exception trace shown below).
The exception occurs only when "DirectReference" key identifier is used in
message encryption ie the request contains token embedded in
"BinarySecurityToken" element.
The exception does not occur when "IssuerSerial" identifier is used.
Debugging the code further I observed that
BinarySecurityTokenProcessor.getCertificatesTokenReference(Element elem,
Crypto crypto)
uses Signature Crypto instance to parse the security token from request.
Since signature crypto is null,it results in null pointer exception.
Signature crypto is null because the action is "Encrypt" only. It should be
using decryption crypto instance instead.
My understanding so far is:
if action is Signature -> Signature Crypto will be initialized.
If action is Encrypt - > Encryption crypto will be initialized.
If action is "Signature Encrypt" -> Both sign /encrypt crypto will be
initialized.
For encrypted message BinarySecurityTokenProcessor should use encryption
crypto instance to parse the
binary token instead of signature crypto.
Any comments greatly appreciated.
Exception trace:
Caused by: java.lang.NullPointerException
at
org.apache.ws.security.message.token.X509Security.getX509Certificate(
X509Security.java:94)
at
org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCert
ificatesTokenReference(BinarySecurityTokenProcessor.java:93)
at
org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleT
oken(BinarySecurityTokenProcessor.java:74)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:326)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:243)
at
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja
va:162)
--
View this message in context:
http://www.nabble.com/wss4j1.5.5%3A-Decrypting-the-soap-xml-results-in-NP-exception-for-soap-message-containing-BinarySecurityToken-in-request.-tp24286989p24286989.html
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
