Thanks for reporting this, it looks like a bug. Can you file a bug at
http://issues.apache.org (under the "Security" product) and attach a
test case if possible?
Thanks,
Sean
Butler wrote:
Hi all,
I tried to use XMLCipher to load a EncryptedKey element into
EncryptedKey object.
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
Id="KEK" Recipient="demo">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />
<http://www.w3.org/2001/04/xmlenc#rsa-1_5"; />>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:KeyName>demo_valid1</ds:KeyName>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>a+CJUHCF1q4bSa5dL6oxpcHzsi2Y00dIAPB3cs=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED"></xenc:DataReference>
</xenc:ReferenceList>
<xenc:CarriedKeyName>datakey</xenc:CarriedKeyName>
</xenc:EncryptedKey>
It's ok to load, however, when I try to call the getRecipient()
function, it return null.
After I traced the program, I found the problem is caused by the
following code in XMLCipher.newEncryptedKey(ELement) function:
try {
result.setId (element.getAttributeNS(
null, EncryptionConstants._ATT_ID));
result.setType(new URI(
element.getAttributeNS(
null, EncryptionConstants._ATT_TYPE)).toString());
result.setMimeType(element.getAttributeNS(
null, EncryptionConstants._ATT_MIMETYPE));
result.setEncoding(new URI(
element.getAttributeNS(
null, Constants._ATT_ENCODING)).toString());
result.setRecipient (element.getAttributeNS(
null, EncryptionConstants._ATT_RECIPIENT));
} catch (URI.MalformedURIException mfue) {
// do nothing
}
The problem is caused by calling new URI() of _ATT_TYPE & _ATT_ENCODING
and these 2 parameters are not required for EncryptedKey.
it throws MalformedURIException so the recipient is never been set.
sorry for my poor english.
--
Butler
