[
https://issues.apache.org/jira/browse/WSS-699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh updated WSS-699:
------------------------------------
Fix Version/s: 2.4.2
3.0.1
> org.apache.wss4j.dom.transform.STRTransform not compliant with Oracle spec
> --------------------------------------------------------------------------
>
> Key: WSS-699
> URL: https://issues.apache.org/jira/browse/WSS-699
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.4.1
> Reporter: Luigi De Masi
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: 2.4.2, 3.0.1
>
>
> According to Oracle specification, implementor of transform method of class
> javax.xml.crypto.dsig.Transform should return null if the data was written to
> the OutputStream parameter:
> https://docs.oracle.com/en/java/javase/17/docs/api/java.xml.crypto/javax/xml/crypto/dsig/Transform.html#transform(javax.xml.crypto.Data,javax.xml.crypto.XMLCryptoContext,java.io.OutputStream)
> but this commit break the specification, changing the return value from null
> to an empty XMLSignatureInput object:
> https://github.com/apache/ws-wss4j/commit/20e8e4e0406b3053cf26f82b39e882d8dd33da9a
> This is causing some issues during signature validation:
> {code}
> Caused by: javax.xml.crypto.dsig.XMLSignatureException:
> javax.xml.crypto.dsig.TransformException: java.lang.RuntimeException:
> unrecoverable error retrieving nodeset
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:552)
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:385)
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:278)
> at
> my.company.test.SignatureValidator.validateSignature(SignatureValidator.java:148)
> at
> my.company.test.SignatureValidator.validateSecurityHeader(SignatureValidator.java:125)
> at
> my.company.test.SignatureValidator.validate(SignatureValidator.java:82)
> at
> my.company.test.SignatureValidatorTest.testSaml1Original(SignatureValidatorTest.java:66)
> ... 70 more
> Caused by: javax.xml.crypto.dsig.TransformException:
> java.lang.RuntimeException: unrecoverable error retrieving nodeset
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:174)
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:108)
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:73)
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:493)
> ... 76 more
> Caused by: java.lang.RuntimeException: unrecoverable error retrieving nodeset
> at
> org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:53)
> at
> java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:159)
> ... 79 more
> Caused by: java.lang.RuntimeException: getNodeSet() called but no input data
> present
> at
> org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:228)
> at
> org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:190)
> at
> org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:50)
> ... 80 more
> {code}
>
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
