NullPointerException in SignResponseVerifier.checkSignResponse

[klr8]

I keep getting the following error:

java.lang.NullPointerException: null
    at be.e_contract.dssp.client.SignResponseVerifier.checkSignResponse(SignResponseVerifier.java:234)

The reason seems to be that the DigitalSignatureServiceSession I get back from a call to DigitalSignatureServiceClient.uploadDocument contains a null "inResponseTo".

Where does this "inResponseTo" property get filled?

(using version 1.2.3)

[fcorneli]

inResponseTo gets set by PendingRequestFactory.createPendingRequest. Via DigitalSignatureServiceSession we keep track of various security properties of a protocol run, one of which is the fact that the response message must match the request message by means of the inResponseTo value.

[klr8]

Okay. The problem was that I was serializing the DigitalSignatureServiceSession before calling createPendingRequest.

[fcorneli]

Why do you serialize DigitalSignatureServiceSession? Just push it in the HttpSession as attribute.

[klr8]

Because we're doing the DSS interaction from a stateless back-end system and serializing the session allows us to pass it onto the client application which does have HTTP sessions.