[
https://issues.apache.org/jira/browse/RAMPART-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nandana Mihindukulasooriya resolved RAMPART-47.
-----------------------------------------------
Resolution: Fixed
This fixed in the Rampart trunk. Checked the given policy with revision 612732.
> Not all encrypted elements are extracted by
> org.apache.rampart.ValidatorData:extractEncryptedPartInformation()
> --------------------------------------------------------------------------------------------------------------
>
> Key: RAMPART-47
> URL: https://issues.apache.org/jira/browse/RAMPART-47
> Project: Rampart
> Issue Type: Bug
> Components: rampart-core
> Affects Versions: 1.2, 1.3
> Reporter: Aaron Gourley
> Attachments: ValidatorDataProblem-Message.xml,
> ValidatorDataProblem-policy.xml
>
>
> Not all encrypted elements are being extracted properly in Rampart 1.2, and
> an exception was incorrectly thrown because Rampart thought that the body
> element was not encrypted. I noticed this when the server was processing a
> message that had the UsernameToken and the Body encrypted. I used the
> Rampart 1.0 configuration on the client side to encrypt the UsernameToken
> element, and the policy.xml file that I used is included at the end of this
> JIRA for the server side. I used the EncryptedElements assertion in the
> policy.xml (which I am aware is not supported yet). Since I think I found a
> way to fix it I am reporting the problem with a proposed solution.
> This was the server-side exception:
> org.apache.axis2.AxisFault: Missing encryption result for id : null
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:81)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:383)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:203)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:131)
> at
> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:279)
> at
> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> at
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.rampart.RampartException: Missing encryption result for
> id : null
> at
> org.apache.rampart.PolicyBasedResultsValidator.validateEncryptedParts(PolicyBasedResultsValidator.java:317)
> at
> org.apache.rampart.PolicyBasedResultsValidator.validate(PolicyBasedResultsValidator.java:84)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:88)
> at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:71)
> ... 22 more
> This is the code change that I made to fix the problem (in
> org.apache.rampart.ValidatorData):
>
> private void extractEncryptedPartInformation() {
> Node start = rmd.getDocument().getDocumentElement();
> while(start != null) {
> Element elem = (Element) WSSecurityUtil.findElement(start,
> EncryptionConstants._TAG_ENCRYPTEDDATA,
> WSConstants.ENC_NS);
> if(elem != null) {
> Element parentElem = (Element)elem.getParentNode();
> if(parentElem != null &&
> parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
>
> parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI()))
> {
> this.bodyEncrDataId = elem.getAttribute("Id");
> } else {
> encryptedDataRefIds.add(elem.getAttribute("Id"));
> }
> start = elem;
> }
>
> // Find new starting point by traversing up the nodes to:
> // Case 1: The root
> // Case 2: The nearest ancestor with a next sibling
> while( start != null && start.getNextSibling() == null )
> {
> start = start.getParentNode();
> }
> start = start != null ? start.getNextSibling() : null;
> }
> }
> An example of a message that caused this failure is attached. The only
> element processed by the extractEncryptedPartInformation() method was
> /soapenv:Envelope/soapenv:Header/soapenv:Security/xenc:EncryptedData. The
> body was not processed later because 'start' was prematurely set to null.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
