DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40957>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40957 Summary: NullPointer Exception occurs during signature validation Product: Security Version: Java 1.3 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] If a client sends a SOAP request with wrong signature (values of the ds:... elements are missing), a NullPointerException is thrown in ElementProxy class. Request: <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <soapenv:Header> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Reference URI="#Body" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n- 20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue/> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:X509Data> <ds:X509Certificate/> </ds:X509Data> <ds:KeyValue> <ds:RSAKeyValue> <ds:Modulus/> <ds:Exponent/> </ds:RSAKeyValue> </ds:KeyValue> </ds:KeyInfo> </ds:Signature> </soapenv:Header> <soapenv:Body Id="Body"> ... </soapenv:Body> </soapenv:Envelope> Stack trace: java.lang.NullPointerException at org.apache.xml.security.utils.ElementProxy.getBytesFromTextChild (ElementProxy.java:423) at org.apache.xml.security.keys.content.x509.XMLX509Certificate.getCertificateByte s(XMLX509Certificate.java:99) at org.apache.xml.security.keys.content.x509.XMLX509Certificate.getX509Certificate (XMLX509Certificate.java:111) at org.apache.xml.security.keys.keyresolver.implementations.X509CertificateResolve r.engineResolveX509Certificate(X509CertificateResolver.java:149) at org.apache.xml.security.keys.keyresolver.KeyResolver.resolveX509Certificate (KeyResolver.java:239) at org.apache.xml.security.keys.KeyInfo.getX509CertificateFromStaticResolvers (KeyInfo.java:900) at org.apache.xml.security.keys.KeyInfo.getX509Certificate (KeyInfo.java:859) -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
