It's fixed in the latest release: 1.5.8 Colm.
-----Original Message----- From: VijayM [mailto:vijum...@yahoo.com] Sent: 08 August 2009 08:12 To: wss4j-dev@ws.apache.org Subject: RE: wss4j1.5.5: Decrypting the soap xml results in NP exception for soap message containing BinarySecurityToken in request. Hi Colm, Thank you very much for the fix. Can you specify the build I should be consuming to get the fix. Best Regards, Vijay Mali Colm O hEigeartaigh wrote: > > > Good catch! I'm surprised no-one has run into this before. I'll commit a > fix for this in a few minutes. > > The BinarySecurityTokenProcessor only uses the crypto instance to > construct the certificate(s) from XML, so a simple fix is to just check > for null on the signature crypto instance. There's no way of telling > whether the BST being processed is used for encryption or signature in > advance. It's a reasonable assumption though that the same abstract > Crypto implementation (e.g. CryptoBase) is being used for signature and > encryption, even if the subclasses are different, etc. > > I also spotted the ReferenceListProcessor uses the wrong crypto instance > when I checked the others. > > Thanks, > > Colm. > > -----Original Message----- > From: VijayM [mailto:vijum...@yahoo.com] > Sent: 01 July 2009 10:40 > To: wss4j-dev@ws.apache.org > Subject: wss4j1.5.5: Decrypting the soap xml results in NP exception for > soap message containing BinarySecurityToken in request. > > > Decrypting the soap xml results in NP exception for soap message > containing > BinarySecurityToken in request. > > I am using wss4j 1.5.5 to decrypt the soap message. > The client encrypt the soap message by setting action =Encrypt and > encryptionKeyIdentifier=DirectReference. > > At receiving end the receiver handler config is: > <requestFlow> > <handler name="DoSecurityReceiver" > type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter name="action" value="Encrypt"/> > <parameter name="decryptionPropFile" > value="server.crypto.properties"/> > <parameter name="passwordCallbackClass" > value="com.ws.server.PWCallback"/> > </handler> > </requestFlow> > > At receiving end when decrypting this message, The null pointer occurs ( > exception trace shown below). > The exception occurs only when "DirectReference" key identifier is used > in > message encryption ie the request contains token embedded in > "BinarySecurityToken" element. > The exception does not occur when "IssuerSerial" identifier is used. > > Debugging the code further I observed that > BinarySecurityTokenProcessor.getCertificatesTokenReference(Element elem, > Crypto crypto) > uses Signature Crypto instance to parse the security token from request. > Since signature crypto is null,it results in null pointer exception. > Signature crypto is null because the action is "Encrypt" only. It should > be > using decryption crypto instance instead. > > My understanding so far is: > if action is Signature -> Signature Crypto will be initialized. > If action is Encrypt - > Encryption crypto will be initialized. > If action is "Signature Encrypt" -> Both sign /encrypt crypto will be > initialized. > > For encrypted message BinarySecurityTokenProcessor should use encryption > crypto instance to parse the > binary token instead of signature crypto. > > Any comments greatly appreciated. > > Exception trace: > Caused by: java.lang.NullPointerException > at > org.apache.ws.security.message.token.X509Security.getX509Certificate( > X509Security.java:94) > at > org.apache.ws.security.processor.BinarySecurityTokenProcessor.getCert > ificatesTokenReference(BinarySecurityTokenProcessor.java:93) > at > org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleT > oken(BinarySecurityTokenProcessor.java:74) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur > ityEngine.java:326) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur > ityEngine.java:243) > at > org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja > va:162) > > > > > > -- > View this message in context: > http://www.nabble.com/wss4j1.5.5%3A-Decrypting-the-soap-xml-results-in-N > P-exception-for-soap-message-containing-BinarySecurityToken-in-request.- > tp24286989p24286989.html > Sent from the WSS4J mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org > For additional commands, e-mail: wss4j-dev-h...@ws.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org > For additional commands, e-mail: wss4j-dev-h...@ws.apache.org > > > -- View this message in context: http://www.nabble.com/wss4j1.5.5%3A-Decrypting-the-soap-message-containi ng-BinarySecurityToken-results-in-NP-exception-tp24286989p24875646.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
