Defect in KeyTransportImpl_RSAPKCS15_BC?

[Stuart Jensen]

It appears that there is a defect in the file: org. apache. xml. security. algorithms. encryption. implementations. BC. KeyTransportImpl_RSAPKCS15_BC. Before I describe the symptom I would like to show the fix because I bet it will job someone's memory.  The following code block denoted by START — STOP needs to be added to the file.      public EncryptionMethodParams engineInit(Element encryptionMethodElem)               throws org.apache.xml.security.exceptions.XMLSecurityException {         if (encryptionMethodElem.getChildNodes().getLength() != 0) {          throw new XMLSecurityException(             "encryption.algorithmCannotEatInitParams");       } // START -  Add the following code to this method            try {          Cipher rsaCipher =             Cipher.getInstance(this.getImplementedAlgorithmJCE(),                                this.getRequiredProviderName());            this._cipher = new PKCS15Cipher(rsaCipher);         } catch (NoSuchAlgorithmException ex) {          throw new XMLSecurityException("empty", ex);       } catch (NoSuchProviderException ex) {          throw new XMLSecurityException("empty", ex);       } catch (NoSuchPaddingException ex) {          throw new XMLSecurityException("empty", ex);       } // STOP       return null;  }   The problem is that, on decryption, the EncryptedKey.getEncryptionMethod() function creates a new EncryptionMethod by invoking    public EncryptionMethod(Element element, String BaseURI).  That constructor calls engineInit(Element) instead of engineInit(Document doc, EncryptionMethodParams params).  This results in the provider's member variable _cipher to still null when the provider's engineUnwrap() is called.  Result is a NullPointerException.  Adding the above code fixes the problem.   Since there is no new version of the xmlsec.jar file out, is there some way around this problem?   Thanks for your help.   Stuart Jensen [EMAIL PROTECTED]