holodeck-b2b / Holodeck-B2B

Holodeck B2B is an AS4 system-to-system messaging solution that implements the OASIS specifications for ebMS3 and it's AS4 profile. For more information visit the project website

Home Page:http://holodeck-b2b.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

NPE in processing of signed message

sfieten opened this issue · comments

When there is white space between the ds:Signature and ds:SignedInfo elements in the WS-Security header of the received message (example below) a NPE occurs in processing of the message:

2019-06-06 00:02:38,349 (HttpConnection-8080-96)[ERROR] org.apache.axis2.engine.AxisEngine - Internal error
org.apache.axis2.AxisFault: Internal error
        at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:98) ~[holodeckb2b-common-4.1.2.jar:?]
        at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:335) ~[axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.engine.Phase.invoke(Phase.java:308) ~[axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:250) ~[axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:156) [axis2-kernel-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:178) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:294) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.holodeckb2b.as2.axis2.http.AS2CapableWorker.service(AS2CapableWorker.java:120) [hb2b-as2-1.1.0.jar:?]
        at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) [axis2-transport-http-1.7.7.jar:1.7.7]
        at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) [axis2-transport-http-1.7.7.jar:1.7.7]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_152]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_152]
        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_152]
Caused by: java.lang.ClassCastException: com.sun.org.apache.xerces.internal.dom.DeferredTextImpl cannot be cast to org.w3c.dom.Element
        at org.holodeckb2b.security.util.SecurityUtils.getSignatureReferences(SecurityUtils.java:250) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.util.SecurityUtils.getSignedPartsInfo(SecurityUtils.java:108) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.SecurityHeaderProcessor.convertResults(SecurityHeaderProcessor.java:400) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.SecurityHeaderProcessor.processSecurityHeader(SecurityHeaderProcessor.java:363) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.security.SecurityHeaderProcessor.processHeaders(SecurityHeaderProcessor.java:181) ~[holodeckb2b-security-4.1.2.jar:?]
        at org.holodeckb2b.ebms3.handlers.inflow.ProcessSecurityHeaders.doProcessing(ProcessSecurityHeaders.java:118) ~[holodeckb2b-core-4.1.2.jar:?]
        at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:92) ~[holodeckb2b-common-4.1.2.jar:?]
        ... 13 more

Example of WS-Security header that causes above exception:

                Id="SIG-3368d-42e6-857b-3e952b59191e">
                               
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">```

We faced same problem. After I saw this post I asked partner to remove spaces and it did help. However then we got error in decryption part:

2020-06-10 10:51:31,590 (HttpConnection-9090-97)[DEBUG] org.holodeckb2b.security.SecurityHeaderProcessor - Converting decryption result 2020-06-10 10:51:31,590 (HttpConnection-9090-97)[ERROR] org.holodeckb2b.msgproc.AS4.RESPONSE_IN_FLOW.ProcessSecurityHeaders - An unhandled exception occurred while processing the message! Details: null 2020-06-10 10:51:31,590 (HttpConnection-9090-97)[ERROR] org.apache.axis2.engine.AxisEngine - Internal error org.apache.axis2.AxisFault: Internal error at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:98) ~[holodeckb2b-common-4.1.2.jar:?] at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:335) ~[axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.engine.Phase.invoke(Phase.java:308) ~[axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:250) ~[axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:156) [axis2-kernel-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:178) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.HTTPWorker.service(HTTPWorker.java:294) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.server.AxisHttpService.doService(AxisHttpService.java:281) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.server.AxisHttpService.handleRequest(AxisHttpService.java:187) [axis2-transport-http-1.7.7.jar:1.7.7] at org.apache.axis2.transport.http.server.HttpServiceProcessor.run(HttpServiceProcessor.java:82) [axis2-transport-http-1.7.7.jar:1.7.7] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_144] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_144] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144] Caused by: java.lang.NullPointerException at org.holodeckb2b.security.SecurityHeaderProcessor.convertResults(SecurityHeaderProcessor.java:439) ~[holodeckb2b-security-4.1.2.jar:?] at org.holodeckb2b.security.SecurityHeaderProcessor.processSecurityHeader(SecurityHeaderProcessor.java:363) ~[holodeckb2b-security-4.1.2.jar:?] at org.holodeckb2b.security.SecurityHeaderProcessor.processHeaders(SecurityHeaderProcessor.java:181) ~[holodeckb2b-security-4.1.2.jar:?] at org.holodeckb2b.ebms3.handlers.inflow.ProcessSecurityHeaders.doProcessing(ProcessSecurityHeaders.java:118) ~[holodeckb2b-core-4.1.2.jar:?] at org.holodeckb2b.common.handler.AbstractBaseHandler.invoke(AbstractBaseHandler.java:92) ~[holodeckb2b-common-4.1.2.jar:?] ... 12 more

We are using HolodeckB2B 4.1.2.
Any tips how to resolve this problem?

Hi @Mr-Rocky,
this other error you're now getting is related / similar to the problem with the mixed content in the Signature and has also been fixed together with this issue. The fixed code will be part of both the upcoming 4.1.3 and 5.0.0 versions but is already available in the repository.

@sfieten This fix works for us. Thank you.