Bug 42986 - The </#document> node inserted at the end of SOAPEnvelop
The </#document> node inserted at the end of SOAPEnvelop
Status: RESOLVED FIXED
Product: Security - Now in JIRA
Classification: Unclassified
Component: Canonicalization
unspecified
PC Linux
: P2 normal
: ---
Assigned To: XML Security Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2007-07-27 05:21 UTC by Sumit Dubey
Modified: 2009-07-10 04:34 UTC (History)
0 users



Attachments
Test case (1.07 KB, application/octet-stream)
2008-09-09 04:01 UTC, rafa
Details
A patch for this issue. (5.15 KB, patch)
2009-06-03 06:56 UTC, coheigea
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sumit Dubey 2007-07-27 05:21:33 UTC
When Oracle's xmlparserv2 is used along with Axis WS client and WSS4J, the 
SOAPEnvelop generated after xmlsecurity processing is faulty. It puts the 
</#document> tag.

I looked thru the xmlsecurity and find out the problem is in method 
canonicalizeSubTree 
oforg.apache.xml.security.c14n.implementations.CanonicalizerBase.java. After 
line #321 it doesnt check if the parentNode type is not Node.DOCUMENT_NODE and 
it appends in the writer.

The check I added:

...
after #321

    		while (sibling==null  && parentNode!=null) {    	
	      		      			
				if(parentNode.getNodeType() != 
Node.DOCUMENT_NODE)
				{
					writer.write(_END_TAG);
					UtfHelpper.writeByte(((Element)
parentNode).getTagName(),writer,cache);        
					writer.write('>');
				}
.....
Comment 1 sean.mullan 2007-10-04 08:14:37 UTC
I need a test case for this bug. I am not sure I understand the problem or the
fix. If the type of parentNode is Node.DOCUMENT_NODE, then this statement will
throw a ClassCastException:

UtfHelpper.writeByte(((Element)parentNode).getTagName(),writer,cache);
Comment 2 rafa 2008-09-09 04:01:14 UTC
Created attachment 22545 [details]
Test case
Comment 3 rafa 2008-09-09 04:03:32 UTC
Using Apache XML Security and Oracle XML parser (xmlparserv2) to canonicalize a document generates a malformed document (always ends with tag: </#document> ). Works fine using Xerces instead of Oracle XML parser.

A simple testcase is attached. Result of testcase is a malformed xml:
<NodeRoot><NodeTest></NodeTest></NodeRoot></#document>
Comment 4 coheigea 2009-06-03 06:56:24 UTC
Created attachment 23749 [details]
A patch for this issue.


I debugged through this test-case and have come up with a patch.

The reason there's a problem with the Oracle DOM implementation is that the Document implementation seems to also implement the Element interface, and so the line:

if (!(parentNode instanceof Element)) {

in CanonicalizerBase doesn't get executed, even though "parentNode" is a document node, and hence the extra content "</#document>" gets outputted.

The good news is that this can be easily fixed by examining the Node type of parentNode rather than using reflection, i.e.:

if (parentNode == null || Node.ELEMENT_NODE != parentNode.getNodeType()) {

as the Node in question is a Document node, even if confusingly it's also an instanceof Element. 

I've confirmed that this fix works fine with the Oracle DOM implementation. The patch also replaces any other call to instanceof Element/Document in XML-Security - we should avoid using reflection when a simple API call will suffice for performance reasons.

Colm.
Comment 5 coheigea 2009-07-10 04:34:57 UTC
Patch applied.

Colm.