axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From detelinyorda...@gmail.com
Subject Removal of direct Axiom factory references in Rampart causes test failures when using xmlsec 1.5.2 or greater
Date Thu, 10 Jul 2014 22:29:34 GMT
Hi Rampart devs,
  As you might already know wss4j 1.6.16 is out and while I was giving it a
try with Rampart 1.7 snapshot, I encountered some test failures. One of
these is a NPE in
org.apache.rahas.impl.util.CommonUtilTest.testGetDecryptedBytes, which seem
to be caused by recent changes in Rampart TestUtil that remove usage of
Axiom DOOMAbstractFactory when constructing a SOAP envelope:

http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-trust/src/test/java/org/apache/rahas/test/util/TestUtil.java?r1=1298295&r2=1299913

It seems that with the new approach, the created SOAP envelope document
does not have a "factory" field set, which causes NPE when doing a deep
clone of an element created with that document instance.

Deep cloning for KeyInfo elements was introduced in xmlsec 1.5.2:

http://svn.apache.org/viewvc/santuario/xml-security-java/tags/1.5.2/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?r1=1297985&r2=1301409

I prepared a sample test case that isolates the issue (attached). Also, I'm
attaching a Rampart patch that can be used to reproduce this - it switches
to wss4j 1.6.15 and stable Axiom, and applies a workaround for another
issue in wss4j that was discovered recently.

I would like to get some opinion on how to address this. Do you think that
Rampart test utilities can be changed somehow to workaround this? If not,
then this is probably an Axiom or XML Security's defect?

Thanks,
   Detelin

Mime
View raw message