xwss
  1. xwss
  2. XWSS-5

Regression with : com.sun.xml.wss.XWSSecurityException: SignatureTarget with URI

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: current
    • Fix Version/s: milestone 1
    • Component/s: www
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      5

      Description

      There has been a regression in XWSS 2.0 with latest JDK's (1.5.0_05 onwards) due
      to a possible change in NodeSetData behaviour.

      A user has reported seeing this exception yesterday :
      com.sun.xml.wss.XWSSecurityException: SignatureTarget with URI

      {http://schemas.xmlsoap.org/soap/envelope/}

      Body is not in the message

      Local tests confirm that the order of references in SignatureTarget seemed to
      matter .

        Activity

        Hide
        kumarjayanti added a comment -

        Fixed the issue : Putback Log attached below

        Tag: XWSS_2_0
        User: kumarjayanti
        Date: 2006/09/26 03:35:21

        Modified:
        xwss/xwss-ri/src/com/sun/xml/wss/impl/dsig/SignatureProcessor.java

        Log:
        Fix for Issue#5 :
        Instead of checking all the Iterable contents of NodeSetData for equality we
        now just check the Root elements for equality. This is because for some reason
        the Iterator over the NodeSetData does not give things in expected order anymore.

        File Changes:

        Directory: /xwss/xwss-ri/src/com/sun/xml/wss/impl/dsig/
        =======================================================

        File [changed]: SignatureProcessor.java
        Url:
        https://xwss.dev.java.net/source/browse/xwss/xwss-ri/src/com/sun/xml/wss/impl/dsig/SignatureProcessor.java?r1=1.2&r2=1.2.2.1
        Delta lines: +23 -3
        --------------------
        — SignatureProcessor.java 3 Apr 2006 15:21:29 -0000 1.2
        +++ SignatureProcessor.java 26 Sep 2006 10:35:18 -0000 1.2.2.1
        @@ -18,7 +18,7 @@

        • [name of copyright owner]
          */
          /*
        • * $Id: SignatureProcessor.java,v 1.2 2006/04/03 15:21:29 kumarjayanti Exp $
          + * $Id: SignatureProcessor.java,v 1.2.2.1 2006/09/26 10:35:18 kumarjayanti Exp $
          *
        • Copyright 2004 Sun Microsystems, Inc. All rights reserved.
        • SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
          @@ -579,7 +579,7 @@
          }

        if(optionalReqList.size () ==0 && requiredReferenceList.size () !=
        signedReferenceList.size ())

        { - throw new XWSSecurityException ("Number of Targets in the message"+ + throw new XWSSecurityException ("Number of Signature Targets in the message"+ " dont match number of Targets in receiver requirements"); }

        @@ -682,6 +682,25 @@
        if(data1.isNodesetData ()&& data2.isNodesetData ()){
        NodeSetData ns1 = (NodeSetData)(data1.getData ());
        NodeSetData ns2 = (NodeSetData)(data2.getData ());
        +
        + Node nsd1Root = null;
        + Node nsd2Root = null;
        +
        + if (ns1 instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData)

        { + nsd1Root = ((org.jcp.xml.dsig.internal.dom.DOMSubTreeData)ns1).getRoot(); + }

        +
        + if (ns2 instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData)

        { + nsd2Root = ((org.jcp.xml.dsig.internal.dom.DOMSubTreeData)ns2).getRoot(); + }

        +
        + if (nsd1Root != null && nsd2Root != null) {
        + if(nsd1Root.isSameNode (nsd2Root) || nsd1Root.isEqualNode
        (nsd2Root))

        { + return true; + }


        + }
        + return false;
        + /*
        Iterator itr1 = ns1.iterator ();
        Iterator itr2 = ns2.iterator ();
        //based of property set we can reduce checking all the
        @@ -707,6 +726,7 @@
        return false;
        }
        return true;
        + */
        }else if(data1.isOctectData () && data2.isOctectData ()){
        OctetStreamData osd1 = (OctetStreamData)data1.getData ();
        OctetStreamData osd2 = (OctetStreamData)data2.getData ();

        Show
        kumarjayanti added a comment - Fixed the issue : Putback Log attached below Tag: XWSS_2_0 User: kumarjayanti Date: 2006/09/26 03:35:21 Modified: xwss/xwss-ri/src/com/sun/xml/wss/impl/dsig/SignatureProcessor.java Log: Fix for Issue#5 : Instead of checking all the Iterable contents of NodeSetData for equality we now just check the Root elements for equality. This is because for some reason the Iterator over the NodeSetData does not give things in expected order anymore. File Changes: Directory: /xwss/xwss-ri/src/com/sun/xml/wss/impl/dsig/ ======================================================= File [changed] : SignatureProcessor.java Url: https://xwss.dev.java.net/source/browse/xwss/xwss-ri/src/com/sun/xml/wss/impl/dsig/SignatureProcessor.java?r1=1.2&r2=1.2.2.1 Delta lines: +23 -3 -------------------- — SignatureProcessor.java 3 Apr 2006 15:21:29 -0000 1.2 +++ SignatureProcessor.java 26 Sep 2006 10:35:18 -0000 1.2.2.1 @@ -18,7 +18,7 @@ [name of copyright owner] */ /* * $Id: SignatureProcessor.java,v 1.2 2006/04/03 15:21:29 kumarjayanti Exp $ + * $Id: SignatureProcessor.java,v 1.2.2.1 2006/09/26 10:35:18 kumarjayanti Exp $ * Copyright 2004 Sun Microsystems, Inc. All rights reserved. SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. @@ -579,7 +579,7 @@ } if(optionalReqList.size () ==0 && requiredReferenceList.size () != signedReferenceList.size ()) { - throw new XWSSecurityException ("Number of Targets in the message"+ + throw new XWSSecurityException ("Number of Signature Targets in the message"+ " dont match number of Targets in receiver requirements"); } @@ -682,6 +682,25 @@ if(data1.isNodesetData ()&& data2.isNodesetData ()){ NodeSetData ns1 = (NodeSetData)(data1.getData ()); NodeSetData ns2 = (NodeSetData)(data2.getData ()); + + Node nsd1Root = null; + Node nsd2Root = null; + + if (ns1 instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData) { + nsd1Root = ((org.jcp.xml.dsig.internal.dom.DOMSubTreeData)ns1).getRoot(); + } + + if (ns2 instanceof org.jcp.xml.dsig.internal.dom.DOMSubTreeData) { + nsd2Root = ((org.jcp.xml.dsig.internal.dom.DOMSubTreeData)ns2).getRoot(); + } + + if (nsd1Root != null && nsd2Root != null) { + if(nsd1Root.isSameNode (nsd2Root) || nsd1Root.isEqualNode (nsd2Root)) { + return true; + } + } + return false; + /* Iterator itr1 = ns1.iterator (); Iterator itr2 = ns2.iterator (); //based of property set we can reduce checking all the @@ -707,6 +726,7 @@ return false; } return true; + */ }else if(data1.isOctectData () && data2.isOctectData ()){ OctetStreamData osd1 = (OctetStreamData)data1.getData (); OctetStreamData osd2 = (OctetStreamData)data2.getData ();

          People

          • Assignee:
            kumarjayanti
            Reporter:
            kumarjayanti
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: