[
https://issues.apache.org/jira/browse/CXF-5565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910137#comment-13910137
]
Willem Jiang commented on CXF-5565:
-----------------------------------
The wsdl plugin issue can be fixed by exclude the xerces:xercesImpl from
org.opensaml artifact as WSS4J does.
But the NPE of sts-core looks strange, I cannot tell it relates to the version
change of opensaml from the stack trace.
{code}
Running org.apache.cxf.sts.operation.IssueSamlRealmUnitTest
Tests run: 5, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.476 sec <<<
FAILURE! - in org.apache.cxf.sts.operation.IssueSamlRealmUnitTest
testIssueSaml1TokenRealmBCustomCryptoPKCS12(org.apache.cxf.sts.operation.IssueSamlRealmUnitTest)
Time elapsed: 0.452 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: null cannot create instance
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.unwrapKey(Unknown
Source)
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown
Source)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:365)
at
org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
at
org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:82)
at
org.apache.cxf.sts.operation.IssueSamlRealmUnitTest.testIssueSaml1TokenRealmBCustomCryptoPKCS12(IssueSamlRealmUnitTest.java:433)
Running org.apache.cxf.sts.token.provider.SAMLProviderKeyTypeTest
Tests run: 13, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.101 sec <<<
FAILURE! - in org.apache.cxf.sts.token.provider.SAMLProviderKeyTypeTest
testDefaultSaml1BearerAssertionPKCS12(org.apache.cxf.sts.token.provider.SAMLProviderKeyTypeTest)
Time elapsed: 0.005 sec <<< ERROR!
org.apache.ws.security.WSSecurityException: null cannot create instance
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.unwrapKey(Unknown
Source)
at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown
Source)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:365)
at
org.apache.ws.security.components.crypto.Merlin.loadProperties(Merlin.java:190)
at
org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:140)
at
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:117)
at
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:82)
at
org.apache.cxf.sts.token.provider.SAMLProviderKeyTypeTest.createProviderParametersPKCS12(SAMLProviderKeyTypeTest.java:581)
at
org.apache.cxf.sts.token.provider.SAMLProviderKeyTypeTest.testDefaultSaml1BearerAssertionPKCS12(SAMLProviderKeyTypeTest.java:437)
{code}
> update to opensaml 2.6.1
> ------------------------
>
> Key: CXF-5565
> URL: https://issues.apache.org/jira/browse/CXF-5565
> Project: CXF
> Issue Type: Task
> Reporter: Jonathan Anstey
> Assignee: Willem Jiang
> Attachments: CXF-5565.patch
>
>
> Fixes CVE-2013-6440. Waiting for SMX bundles release to complete first though.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
