[jira] [Created] (WSS-560) NullPointerException in WSSecEncrypt when encrypted header element has attributes

Mon, 02 Nov 2015 10:54:55 -0800 

Ross M. Lodge created WSS-560:
---------------------------------

             Summary: NullPointerException in WSSecEncrypt when encrypted 
header element has attributes
                 Key: WSS-560
                 URL: https://issues.apache.org/jira/browse/WSS-560
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Handlers
    Affects Versions: 2.1.4, 2.0.6
            Reporter: Ross M. Lodge
            Assignee: Colm O hEigeartaigh
            Priority: Critical


If any header to be encrypted has an attribute that doesn't have an explicit 
namespace (which would include any unqualified attributes, which for me is 
almost all of them), WSSecEncrypt throws an NPE:

{code:title=Exception|borderStyle=solid}
org.apache.wss4j.common.ext.WSSecurityException: null
        at 
org.apache.wss4j.dom.message.WSSecEncrypt.createEncryptedHeaderElement(WSSecEncrypt.java:711)
        at 
org.apache.wss4j.dom.message.WSSecEncrypt.encryptElement(WSSecEncrypt.java:667)
        at 
org.apache.wss4j.dom.message.WSSecEncrypt.doEncryption(WSSecEncrypt.java:417)
        at 
org.apache.wss4j.dom.message.WSSecEncrypt.encryptForRef(WSSecEncrypt.java:255)
        at 
org.apache.wss4j.dom.message.WSSecEncrypt.encrypt(WSSecEncrypt.java:221)
        at 
org.apache.wss4j.dom.message.WSSecEncrypt.build(WSSecEncrypt.java:199)
        at 
org.apache.wss4j.dom.message.EncryptionPartsTest.testSOAPEncryptedHeaderWithAttributes(EncryptionPartsTest.java:321)
{code}

This is because Node.getNamespaceURI() returns null, and the code checks with:

{code:title=WSSecEncrypt.java Excerpt|borderStyle=solid}
            if (attr.getNamespaceURI().equals(WSConstants.URI_SOAP11_ENV)
                || attr.getNamespaceURI().equals(WSConstants.URI_SOAP12_ENV)) { 
                        
{code}

Solution is to switch the equals condition:

{code:title=WSSecEncrypt.java Fix|borderStyle=solid}
            if (WSConstants.URI_SOAP11_ENV.equals(attr.getNamespaceURI())
                || WSConstants.URI_SOAP12_ENV.equals(attr.getNamespaceURI())) {
{code}

I'm adding four patches:
- a test for code vs. version 2.0.6
- code fix vs. version 2.0.6
- a test for code vs. version 2.1.4
- a code fix vs. version 2.1.4



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to