Bug ID: JDK-6982772 javax.xml.crypto.dsig.TransformException occurs in canonicalization for XML signature in jdk6u21

JDK-6982772 : javax.xml.crypto.dsig.TransformException occurs in canonicalization for XML signature in jdk6u21

Type: Bug
Component: security-libs
Sub-Component: javax.xml.crypto
Affected Version: 6u21

Priority: P3
Status: Closed
Resolution: Fixed
OS: windows_vista
CPU: x86

Submitted: 2010-09-07
Updated: 2012-10-23
Resolved: 2010-12-07

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 6
6u22-rev b09Fixed

Description

When a program tries to do XML digital signature, the following exception shows up.

C:\Users\licensees>java -version
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b06)
Java HotSpot(TM) Client VM (build 17.0-b16, mixed mode)

C:\Users\licensees>javac *.java

C:\Users\licensees>java Main
javax.xml.crypto.dsig.TransformException: Couldn't find Canonicalizer for: http://www.w3.org/TR/2001/REC-xml-c14n-20010315: Unknown canonicalizer. No handler installed for URI http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:85)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:71)
        at org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:55)
        at org.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:111)
        at Main.test1(Main.java:32)
        at Main.main(Main.java:23)
Caused by: com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException: Unknown canonicalizer. No handlerinstalled for URI http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.<init>(Canonicalizer.java:108)
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.getInstance(Canonicalizer.java:123)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:79)
        ... 5 more
com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException: Unknown canonicalizer. No handler installed for URI
http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.<init>(Canonicalizer.java:108)
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.getInstance(Canonicalizer.java:123)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:79)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:71)
        at org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:55)
        at org.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:111)
        at Main.test1(Main.java:32)
        at Main.main(Main.java:23)
com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException: Unknown canonicalizer. No handler installed for URI http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.<init>(Canonicalizer.java:108)
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.getInstance(Canonicalizer.java:123)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:79)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:71)
        at org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:55)
        at org.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:111)
        at Main.test1(Main.java:32)
        at Main.main(Main.java:23)


REPRODUCE:
1. Compile the attached Main.java
2. Set the attached SampleDOM.xml under the directory where Main.class is placed.
3. Invoke "java Main"

FREQUENCY:
This exception always occurs.

NOTE:
This problem does not occur in jdk7.

Comments

WORK AROUND I will not be integrating this into the code unless the customer acknowledges it. Also, since their initial request was just a workaround, probably we can also consider the case closed if they are happy with it.
11-10-2010
SUGGESTED FIX diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java --- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java @@ -31,6 +31,10 @@ import org.w3c.dom.NodeList; import org.w3c.dom.NodeList; public abstract class ApacheCanonicalizer extends TransformService { + + static { + com.sun.org.apache.xml.internal.security.Init.init(); + } private static Logger log = Logger.getLogger("org.jcp.xml.dsig.internal.dom"); protected Canonicalizer apacheCanonicalizer; diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java --- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java @@ -32,6 +32,10 @@ import javax.xml.crypto.dsig.spec.Transf * @author Erwin van der Koogh */ public abstract class ApacheTransform extends TransformService { + + static { + com.sun.org.apache.xml.internal.security.Init.init(); + } private static Logger log = Logger.getLogger("org.jcp.xml.dsig.internal.dom"); private Transform apacheTransform;
28-09-2010
WORK AROUND Here is another very simple workaround: If you add the following line to your code: com.sun.org.apache.xml.internal.security.Init.init(); before invoking any of the XML Signature APIs, then the exception does not occur. You can also invoke this method in a static initializer, ex: static { com.sun.org.apache.xml.internal.security.Init.init(); }
28-09-2010
EVALUATION I have identified the cause of the problem. The internal Canonicalization and Transform implementations were not invoking the com.sun.org.apache.xml.internal.security.Init.init() method. This method initializes variables and so forth. A NullPointerException was being thrown due to this. I have pasted a patch to the Suggested Fix.
28-09-2010
WORK AROUND The problem can also be worked around if you use a later version of the Apache XML Security libaries with JDK 6. I discuss how to do this in my blog entry at: http://blogs.sun.com/mullan/entry/using_more_recent_apache_xml These are the steps: 1) Download xml-security-bin-1_4_3.zip from http://santuario.apache.org/mirrors.cgi and unzip it. 2) Copy xml-security-1_4_3/libs/xmlsec-1.4.3.jar to <java-home>/lib/endorsed 3) Download commons-logging-1.1.1-bin.zip from http://commons.apache.org/logging/download_logging.cgi and unzip it. 4) Copy commons-logging-1.1.1/commons-logging-1.1.1.jar to <java-home>/lib/endorsed 5) Run your test. You should no longer get an exception.
28-09-2010
WORK AROUND The bug has been fixed in JDK 7 so you can use that as a workaround. I'm not quite sure what the specific fix is, since JDK 7 uses a more recent version of Apache XML Security where the problem does not occur. I need to debug the problem further to see if it is practical to backport a fix to JDK 6.
07-09-2010