search

holodeck-b2b / Holodeck-B2B

Holodeck B2B is an AS4 system-to-system messaging solution that implements the OASIS specifications for ebMS3 and it's AS4 profile. For more information visit the project website
http://holodeck-b2b.org
GNU General Public License v3.0
76 stars 38 forks source link

NPE in processing of signed message #100

Closed sfieten closed 4 years ago

sfieten commented 5 years ago

When there is white space between the ds:Signature and ds:SignedInfo elements in the WS-Security header of the received message (example below) a NPE occurs in processing of the message:

2019-06-06 00:02:38,349 (HttpConnection-8080-96)[ERROR] org.apache.axis2.engine.AxisEngine - Internal error
org.apache.axis2.AxisFault: Internal error
        at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:98) ~[holodeckb2b-common-4.1.2.jar:?]
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:335) ~[axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.engine.Phase.invoke(Phase.java:308) ~[axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:250) ~[axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:156) [axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:178) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:294) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.holodeckb2b.as2.axis2.http.AS2CapableWorker.service(AS2CapableWorker.java:120) [hb2b-as2-1.1.0.jar:?]
        at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) [axis2-transport-http-1.7.7.jar:1.7.7]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_152]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_152]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
Caused by: java.lang.ClassCastException: com.sun.org.apache.xerces.internal.dom.DeferredTextImpl cannot be cast to org.w3c.dom.Element
        at org.holodeckb2b.security.util.SecurityUtils.getSignatureReferences(SecurityUtils.java:250) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.util.SecurityUtils.getSignedPartsInfo(SecurityUtils.java:108) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.SecurityHeaderProcessor.convertResults(SecurityHeaderProcessor.java:400) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.SecurityHeaderProcessor.processSecurityHeader(SecurityHeaderProcessor.java:363) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.SecurityHeaderProcessor.processHeaders(SecurityHeaderProcessor.java:181) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.ebms3.handlers.inflow.ProcessSecurityHeaders.doProcessing(ProcessSecurityHeaders.java:118) ~[holodeckb2b-core-4.1.2.jar:?]
        at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:92) ~[holodeckb2b-common-4.1.2.jar:?]
        ... 13 more

Example of WS-Security header that causes above exception:


                Id="SIG-3368d-42e6-857b-3e952b59191e">

                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">```
Mr-Rocky commented 4 years ago

We faced same problem. After I saw this post I asked partner to remove spaces and it did help. However then we got error in decryption part:

2020-06-10 10:51:31,590 (HttpConnection-9090-97)[DEBUG] org.holodeckb2b.security.SecurityHeaderProcessor - Converting decryption result 2020-06-10 10:51:31,590 (HttpConnection-9090-97)[ERROR] org.holodeckb2b.msgproc.AS4.RESPONSE_IN_FLOW.ProcessSecurityHeaders - An unhandled exception occurred while processing the message! Details: null 2020-06-10 10:51:31,590 (HttpConnection-9090-97)[ERROR] org.apache.axis2.engine.AxisEngine - Internal error org.apache.axis2.AxisFault: Internal error at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:98) ~[holodeckb2b-common-4.1.2.jar:?] at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:335) ~[axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.engine.Phase.invoke(Phase.java:308) ~[axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:250) ~[axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:156) [axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:178) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:294) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) [axis2-transport-http-1.7.7.jar:1.7.7] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_144] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_144] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144] Caused by: java.lang.NullPointerException at org.holodeckb2b.security.SecurityHeaderProcessor.convertResults(SecurityHeaderProcessor.java:439) ~[holodeckb2b-security-4.1.2.jar:?] at org.holodeckb2b.security.SecurityHeaderProcessor.processSecurityHeader(SecurityHeaderProcessor.java:363) ~[holodeckb2b-security-4.1.2.jar:?] at org.holodeckb2b.security.SecurityHeaderProcessor.processHeaders(SecurityHeaderProcessor.java:181) ~[holodeckb2b-security-4.1.2.jar:?] at org.holodeckb2b.ebms3.handlers.inflow.ProcessSecurityHeaders.doProcessing(ProcessSecurityHeaders.java:118) ~[holodeckb2b-core-4.1.2.jar:?] at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:92) ~[holodeckb2b-common-4.1.2.jar:?] ... 12 more

We are using HolodeckB2B 4.1.2. Any tips how to resolve this problem?

sfieten commented 4 years ago

Hi @Mr-Rocky, this other error you're now getting is related / similar to the problem with the mixed content in the Signature and has also been fixed together with this issue. The fixed code will be part of both the upcoming 4.1.3 and 5.0.0 versions but is already available in the repository.

Mr-Rocky commented 4 years ago

@sfieten This fix works for us. Thank you.

ilicalex commented 1 month ago

Solved in version 6.1.1