DO NOT REPLY [Bug 47833] New: problem xml parsing: != test instead of !.equals cause a parse error

Mon, 14 Sep 2009 03:40:00 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=47833

           Summary: problem xml parsing: != test instead of !.equals cause
                    a parse error
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: Windows 2000
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: elisa.lan...@consulenti.csi.it


Hello,
i'm using cxf 2.2.2 and xmlsec-1.4.2 in BEA. 
My Exception is:
The signature or decryption was invalid (Cannot setup signature data
structure);
nested exception is:
        org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
a http://www.w3.org/2000/09/xmldsig#:Sign
ature from a http://www.w3.org/2000/09/xmldsig#:Signature element
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:514)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:277)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
        at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
        at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:89)
        at
org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:99)
        at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:368)
        at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:183)
        at
org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:163)
        at
org.apache.cxf.transport.servlet.AbstractCXFServlet.doPost(AbstractCXFServlet.java:141)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
        at
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:225)
        at
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:127)
        at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
        at
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
        at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3214)
        at
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at
weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
        at
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:1983)
        at
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1890)
        at
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1344)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
Caused by: org.apache.ws.security.WSSecurityException: The signature or
decryption was invalid (Cannot setup signature d
ata structure); nested exception is:
        org.apache.xml.security.exceptions.XMLSecurityException: Cannot create
a http://www.w3.org/2000/09/xmldsig#:Sign
ature from a http://www.w3.org/2000/09/xmldsig#:Signature element
        at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:163)
        at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:85)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
        at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
        at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:179)
        ... 22 more
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot
create a http://www.w3.org/2000/09/xmldsig#:S
ignature from a http://www.w3.org/2000/09/xmldsig#:Signature element
        at
org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.guaranteeThatElementInCorrectSpace(Unknown
 Source)
        at
org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrectSpace(Unknown
Source)
        at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
        at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
Source)
        at org.apache.xml.security.signature.XMLSignature.<init>(Unknown
Source)
        at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:161)
---------------------------------
InternedNsChecker:

 if ((str2 != str4) || (!(str1.equals(str3))))
    {
      Object[] arrayOfObject = { str4 + ":" + str3, str2 + ":" + str1 };
      throw new XMLSecurityException("xml.WrongElement", arrayOfObject);
    }
---------------------------------
if I try my web application in cxf 2.2.2 and xmlsec-1.3.0
this exception is not thrown. If I see the source code is
----------------------------------
if ((!(str1.equals(str3))) || (!(str2.equals(str4))))
    {
      Object[] arrayOfObject = { str4 + ":" + str3, str2 + ":" + str1 };
      throw new XMLSecurityException("xml.WrongElement", arrayOfObject);
    }
  }

Thanks

Elisa

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Reply via email to