[jira] Created: (RAMPART-47) Not all encrypted elements are extracted by org.apache.rampart.ValidatorData:extractEncryptedPartInformation()

Mon, 04 Jun 2007 06:16:56 -0700 

Not all encrypted elements are extracted by 
org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
--------------------------------------------------------------------------------------------------------------

                 Key: RAMPART-47
                 URL: https://issues.apache.org/jira/browse/RAMPART-47
             Project: Rampart
          Issue Type: Bug
          Components: rampart-core
    Affects Versions: 1.2
            Reporter: Aaron Gourley


Not all encrypted elements are being extracted properly in Rampart 1.2, and an 
exception was incorrectly thrown because Rampart thought that the body element 
was not encrypted.  I noticed this when the server was processing a message 
that had the UsernameToken and the Body encrypted.  I used the Rampart 1.0 
configuration on the client side to encrypt the UsernameToken element, and the 
policy.xml file that I used is included at the end of this JIRA for the server 
side.  I used the EncryptedElements assertion in the policy.xml (which I am 
aware is not supported yet).  Since I think I found a way to fix it I am 
reporting the problem with a proposed solution.

This was the server-side exception:
org.apache.axis2.AxisFault: Missing encryption result for id : null
        at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
        at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
        at 
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
        at 
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at 
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at 
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at 
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
        at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)
Caused by: org.apache.rampart.RampartException: Missing encryption result for 
id : null
        at 
org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
        at 
org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
        at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
        at 
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
        ... 22 more

This is the code change that I made to fix the problem (in 
org.apache.rampart.ValidatorData):
    
    private void extractEncryptedPartInformation() {
        Node start = rmd.getDocument().getDocumentElement();
        while(start != null) {
            Element elem = (Element) WSSecurityUtil.findElement(start, 
                    EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
            if(elem != null) {
                Element parentElem = (Element)elem.getParentNode();
                if(parentElem != null && 
parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
                        
parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
                    this.bodyEncrDataId = elem.getAttribute("Id");
                } else {
                    encryptedDataRefIds.add(elem.getAttribute("Id"));
                } 
                start = elem;
            }
            
            // Find new starting point by traversing up the nodes to:
            // Case 1: The root
            // Case 2: The nearest ancestor with a next sibling 
            while( start != null && start.getNextSibling() == null )
            {
                start = start.getParentNode();
            }
            start = start != null ? start.getNextSibling() : null;            
        }
    }


An example of a message that caused this failure is attached.  The only element 
processed by the extractEncryptedPartInformation() method was 
/soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData.  The body 
was not processed later because 'start' was prematurely set to null.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to