Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-699

org.apache.wss4j.dom.transform.STRTransform not compliant with Oracle spec

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.4.1
    • 2.4.2, 3.0.1
    • WSS4J Core
    • None

    Description

      According to Oracle specification, implementor of transform method of class  javax.xml.crypto.dsig.Transform should return null if the data was written to the OutputStream parameter: 

      https://docs.oracle.com/en/java/javase/17/docs/api/java.xml.crypto/javax/xml/crypto/dsig/Transform.html#transform(javax.xml.crypto.Data,javax.xml.crypto.XMLCryptoContext,java.io.OutputStream)

      but this commit break the specification, changing the return value from null to an empty XMLSignatureInput object:

      https://github.com/apache/ws-wss4j/commit/20e8e4e0406b3053cf26f82b39e882d8dd33da9a

      This is causing some issues during signature validation:

      Caused by: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.dsig.TransformException: java.lang.RuntimeException: unrecoverable error retrieving nodeset
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:552)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:385)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:278)
        at my.company.test.SignatureValidator.validateSignature(SignatureValidator.java:148)
        at my.company.test.SignatureValidator.validateSecurityHeader(SignatureValidator.java:125)
        at my.company.test.SignatureValidator.validate(SignatureValidator.java:82)
        at my.company.test.SignatureValidatorTest.testSaml1Original(SignatureValidatorTest.java:66)
        ... 70 more
Caused by: javax.xml.crypto.dsig.TransformException: java.lang.RuntimeException: unrecoverable error retrieving nodeset
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:174)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:108)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:73)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:493)
        ... 76 more
Caused by: java.lang.RuntimeException: unrecoverable error retrieving nodeset
        at org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:53)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:159)
        ... 79 more
Caused by: java.lang.RuntimeException: getNodeSet() called but no input data present
        at org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:228)
        at org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(XMLSignatureInput.java:190)
        at org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData.iterator(ApacheNodeSetData.java:50)
        ... 80 more

       

       

       

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            ldemasi Luigi De Masi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: