Bug ID: 6598154 api/javax_xml/crypto/dsig/XMLSignature/index.html#methods[Signature2011] fails since JDK 7 b16

6598154 : api/javax_xml/crypto/dsig/XMLSignature/index.html#methods[Signature2011] fails since JDK 7 b16

Details

Type:	Bug	Submit Date:	2007-08-28
Status:	Closed	Updated Date:	2012-10-23
Project Name:	JDK	Resolved Date:	2009-11-18
Component:	security-libs	OS:	generic
Sub-Component:	javax.xml.crypto	CPU:	generic
Priority:	P2
Resolution:	Fixed
Affected Versions:	7
Fixed Versions:	7

Related Reports

Backport:	JDK-2155102 - api/javax_xml/crypto/dsig/XMLSignature/index.html#methods[Signature2011] fails since JDK 7 b16
Backport:	JDK-2152194 - api/javax_xml/crypto/dsig/XMLSignature/index.html#methods[Signature2011] fails since JDK 7 b16

Sub Tasks

Description

JCK 6b b04
FAIL: JDK 7 b16 PASS JDK 7 b15; JDK6u4 b02

JCK test api/javax_xml/crypto/dsig/XMLSignature/index.html#methods[Signature2011] fails since JDK 7 b16. The problem is an internal implementation of XMLSignature violates statement from documentation:
"Throws:
    ClassCastException - if the type of validateContext is not compatible with this XMLSignature 
    NullPointerException - if validateContext is null "
and throws NPE even if validateContext is not null.

Steps to reproduce:

compile and run the following example:

import java.io.PrintWriter;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.List;
import java.util.Vector;
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.keyinfo.*;
import javax.xml.crypto.dsig.spec.*;


public class Crypto2 {

    public class MyXMLContext implements XMLValidateContext, XMLSignContext {
    
        MyXMLContext() {
        }
        
        public String getBaseURI() {
            return null;  
        }

        public void setBaseURI(String baseURI) {
        }

        public KeySelector getKeySelector() {
            return null;  
        }

        public void setKeySelector(KeySelector ks) {        
        }

        public URIDereferencer getURIDereferencer() {
            return null;  
        }

        public void setURIDereferencer(URIDereferencer dereferencer) {
        }

        public Object get(Object key) {
            return null;  
        }

        public Object getProperty(String name) {
            return null;  
        }

        public Object put(Object key, Object value) {
            return null;  
        }

        public Object setProperty(String name, Object value) {
            return null;  
        }
        
        public String getDefaultNamespacePrefix() {
            return null;
        }
        
        public void setDefaultNamespacePrefix(String defaultPrefix) {
        
        }
        
        public String putNamespacePrefix(String namespaceURI,
                                 String prefix) {
            return null;
        }                                 
        
        public String getNamespacePrefix(String namespaceURI,
                                 String defaultPrefix) {
            return "";                         
        }
        
        
    }
    

    protected XMLSignatureFactory getCurrentXMLFactory() 
	{
	try {
	    return XMLSignatureFactory.getInstance();
	} catch (Exception e) {
	    e.printStackTrace();
	    System.exit(1);
	    return null;
	}
	
    }

    protected XMLSignature getXMLSignature() {
    try {  
        XMLSignatureFactory xmlSignatureFactory = getCurrentXMLFactory();
        DigestMethod dm = xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, (DigestMethodParameterSpec) null);
        Reference ref1 = xmlSignatureFactory.newReference("", dm);
        CanonicalizationMethod cm = xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null);
        SignatureMethod sm = xmlSignatureFactory.newSignatureMethod(SignatureMethod.DSA_SHA1, (SignatureMethodParameterSpec) null);
        SignedInfo si = xmlSignatureFactory.newSignedInfo(cm, sm, Collections.singletonList(ref1));
        KeyInfoFactory keyFactory = xmlSignatureFactory.getKeyInfoFactory();
        KeyInfo keyInfo = keyFactory.newKeyInfo (Collections.singletonList(keyFactory.newKeyName("mykey")), "myinfo");
        return xmlSignatureFactory.newXMLSignature(si, keyInfo);
        } catch (Exception e) {    
            System.out.println("Unexpected " + e);
        }
	System.exit(1);
        return null;
    }

    /* standalone interface */
    public static void main(String argv[]) {
        Crypto2 test = new Crypto2();
	test.Signature2011();
        
    }

    /**
     * Assertion testing
     * for public boolean validate(XMLValidateContext validateContext) throws XMLSignatureException,
     * ClassCastException will be thrown if the type of validateContext is not compatible with this XMLSignature.
     */
    public void Signature2011() {
        XMLSignature xmlSig = getXMLSignature();
        if (xmlSig != null) {
            try {
                xmlSig.validate(new MyXMLContext());
                System.out.println("ClassCastException was not thrown ");
            } catch (ClassCastException e) {
                e.printStackTrace();
            } catch (XMLSignatureException e) {
                e.printStackTrace();
            }
        }
    }
}

for different versions of JDK it will return different output:
for build 16:
C:\tests\crypto2>Z:\Links\stt\jdk_promotions\JDK7.0\b16\binaries\windows-i586\jdk1.7.0\bin\java.exe -cp . Crypto2
Exception in thread "main" java.lang.NullPointerException
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature$DOMSignatureValue.validate(DOMXMLSignature.java:516)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:248)
        at Crypto2.Signature2011(Crypto2.java:126)
        at Crypto2.main(Crypto2.java:113)

for build 15:
C:\tests\crypto2>Z:\Links\stt\jdk_promotions\JDK7.0\b15\binaries\windows-i586\jdk1.7.0\bin\java.exe -cp . Crypto2
java.lang.ClassCastException: Crypto2$MyXMLContext cannot be cast to javax.xml.crypto.dom.DOMCryptoContext
        at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:71)
        at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:366)
        at org.jcp.xml.dsig.internal.dom.DOMReference.validate(DOMReference.java:333)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.validate(DOMXMLSignature.java:252)
        at Crypto2.Signature2011(Crypto2.java:126)
        at Crypto2.main(Crypto2.java:113)

Comments

EVALUATION

This was caused by 6535967. The fix should be fairly easy.

2007-08-28

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together