United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6982772 javax.xml.crypto.dsig.TransformException occurs in canonicalization for XML signature in jdk6u21
JDK-6982772 : javax.xml.crypto.dsig.TransformException occurs in canonicalization for XML signature in jdk6u21

Details
Type:
Bug
Submit Date:
2010-09-07
Status:
Closed
Updated Date:
2012-10-23
Project Name:
JDK
Resolved Date:
2010-12-07
Component:
security-libs
OS:
windows_vista
Sub-Component:
javax.xml.crypto
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
6u21
Fixed Versions:
6u22-rev (b09)

Related Reports
Backport:
Backport:

Sub Tasks

Description
When a program tries to do XML digital signature, the following exception shows up.

C:\Users\licensees>java -version
java version "1.6.0_21"
Java(TM) SE Runtime Environment (build 1.6.0_21-b06)
Java HotSpot(TM) Client VM (build 17.0-b16, mixed mode)

C:\Users\licensees>javac *.java

C:\Users\licensees>java Main
javax.xml.crypto.dsig.TransformException: Couldn't find Canonicalizer for: http://www.w3.org/TR/2001/REC-xml-c14n-20010315: Unknown canonicalizer. No handler installed for URI http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:85)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:71)
        at org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:55)
        at org.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:111)
        at Main.test1(Main.java:32)
        at Main.main(Main.java:23)
Caused by: com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException: Unknown canonicalizer. No handlerinstalled for URI http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.<init>(Canonicalizer.java:108)
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.getInstance(Canonicalizer.java:123)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:79)
        ... 5 more
com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException: Unknown canonicalizer. No handler installed for URI
http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.<init>(Canonicalizer.java:108)
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.getInstance(Canonicalizer.java:123)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:79)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:71)
        at org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:55)
        at org.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:111)
        at Main.test1(Main.java:32)
        at Main.main(Main.java:23)
com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException: Unknown canonicalizer. No handler installed for URI http://www.w3.org/TR/2001/REC-xml-c14n-20010315
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.<init>(Canonicalizer.java:108)
        at com.sun.org.apache.xml.internal.security.c14n.Canonicalizer.getInstance(Canonicalizer.java:123)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:79)
        at org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer.canonicalize(ApacheCanonicalizer.java:71)
        at org.jcp.xml.dsig.internal.dom.DOMCanonicalXMLC14NMethod.transform(DOMCanonicalXMLC14NMethod.java:55)
        at org.jcp.xml.dsig.internal.dom.DOMTransform.transform(DOMTransform.java:111)
        at Main.test1(Main.java:32)
        at Main.main(Main.java:23)


REPRODUCE:
1. Compile the attached Main.java
2. Set the attached SampleDOM.xml under the directory where Main.class is placed.
3. Invoke "java Main"

FREQUENCY:
This exception always occurs.

NOTE:
This problem does not occur in jdk7.

                                    

Comments
WORK AROUND

The bug has been fixed in JDK 7 so you can use that as a workaround. I'm not quite sure what the specific fix is, since JDK 7 uses a more recent version of Apache XML Security where the problem does not occur. I need to debug the problem further to see if it is practical to backport a fix to JDK 6.
                                     
2010-09-07
WORK AROUND

The problem can also be worked around if you use a later version of the Apache XML Security libaries with JDK 6. I discuss how to do this in my blog entry at: http://blogs.sun.com/mullan/entry/using_more_recent_apache_xml

These are the steps:

1) Download xml-security-bin-1_4_3.zip from http://santuario.apache.org/mirrors.cgi and unzip it.

2) Copy xml-security-1_4_3/libs/xmlsec-1.4.3.jar to <java-home>/lib/endorsed

3) Download commons-logging-1.1.1-bin.zip from http://commons.apache.org/logging/download_logging.cgi and unzip it.

4) Copy commons-logging-1.1.1/commons-logging-1.1.1.jar to <java-home>/lib/endorsed

5) Run your test. You should no longer get an exception.
                                     
2010-09-28
EVALUATION

I have identified the cause of the problem. The internal Canonicalization and Transform implementations were not invoking the com.sun.org.apache.xml.internal.security.Init.init() method. This method initializes variables and so forth. A NullPointerException was being thrown due to this. I have pasted a patch to the Suggested Fix.
                                     
2010-09-28
WORK AROUND

Here is another very simple workaround:

If you add the following line to your code:

com.sun.org.apache.xml.internal.security.Init.init();

before invoking any of the XML Signature APIs, then the exception does not occur. You can also invoke this method in a static initializer, ex:

static {
    com.sun.org.apache.xml.internal.security.Init.init();
}
                                     
2010-09-28
SUGGESTED FIX

diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheCanonicalizer.java
@@ -31,6 +31,10 @@ import org.w3c.dom.NodeList;
 import org.w3c.dom.NodeList;
 
 public abstract class ApacheCanonicalizer extends TransformService {
+
+    static {
+        com.sun.org.apache.xml.internal.security.Init.init();
+    }
 
     private static Logger log = Logger.getLogger("org.jcp.xml.dsig.internal.dom");
     protected Canonicalizer apacheCanonicalizer;
diff --git a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
--- a/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
+++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/ApacheTransform.java
@@ -32,6 +32,10 @@ import javax.xml.crypto.dsig.spec.Transf
  * @author Erwin van der Koogh
  */
 public abstract class ApacheTransform extends TransformService {
+
+    static {
+        com.sun.org.apache.xml.internal.security.Init.init();
+    }
 
     private static Logger log = Logger.getLogger("org.jcp.xml.dsig.internal.dom");
     private Transform apacheTransform;
                                     
2010-09-28
WORK AROUND

I will not be integrating this into the code unless the customer acknowledges it.
Also, since their initial request was just a workaround, probably we can also consider the case closed if they are happy with it.
                                     
2010-10-11



Hardware and Software, Engineered to Work Together