Hi, I recently succesfully finished a test with XML Encryption for our project and am currently creating something that uses JAXB together with XML Encryption. I ran into a problem with this however when doing decryption. I have following encrypted block in my XML (removed the CypherValue to save some space):
... <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Type="http://www.w3.org/2001/04/xmlenc#Element";> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"; /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <xenc:EncryptedKey> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> <xenc:CipherData> <xenc:CipherValue>...</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>...</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> ... This piece of XML has been declared as an xsd:any in our XML Schema. I run the document through the JAXB binding classes to retrieve our application data and get the EncryptedData element using the getany() that JAXB provided on the generated classes. I then search for the EncryptedKey element and pass it to XMLCipher.loadEncryptedKey to parse it into an EncryptedKey instance. This method fails however. After debugging I find out that the reason was in the XMLCipher.Factory.newEncryptionMethod method at the line stating: String algorithm = element.getAttributeNS( null, EncryptionConstants._ATT_ALGORITHM); This call tries to get the Algorithm attribute from the EncryptionMethod element by using null as namespace. I found out however that JAXB automatically added a namespace declaration that links the prefix "" to the namespace URI "" (so no prefix means the namespace URI becomes an empty string, instead of null as the XMLCipher expects). Two questions: First (not specific for XML encryption, but I guess you guys know a bit about XML): Isn't this invalid what JAXB does? Isn't the namespace for the Algorithm attribute automatically the xenc one since the EncryptionMethod uses this namespace? Shouldn't JAXB use either null or the xenc namespace for the attribute? Second: Is it correct to get the algorithm attribute in that way in the newEncryptionMethod method? If I would change that line in the XML to <xenc:EncryptionMethod xenc:Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; /> then the XML would still be correct for XML Encryption (or am I wrong here?) and XMLCipher would fail for the same reason as it does now with JAXB... btw, the stack trace I received: java.lang.NullPointerException at org.apache.xml.security.encryption.XMLCipher$Factory$EncryptionMethodImp l.<init>(XMLCipher.java:3225) at org.apache.xml.security.encryption.XMLCipher$Factory.newEncryptionMethod (XMLCipher.java:1941) at org.apache.xml.security.encryption.XMLCipher$Factory.newEncryptionMethod (XMLCipher.java:2349) at org.apache.xml.security.encryption.XMLCipher$Factory.newEncryptedKey(XML Cipher.java:2289) at org.apache.xml.security.encryption.XMLCipher.loadEncryptedKey(XMLCipher. java:1048)
