7 Replies Latest reply on Jul 3, 2012 7:46 AM by fuinhaazul

    XML-Sig doesn't work after switch to JBoss-EAP Beta 2 - ClassNotFoundException: com.sun.org.apache.xml.internal...

    dastraub

      Today we try to switch to the actual JBoss EAP 6 Beta 2 (I guess it's based on 7.1.2.Final (EAP))

      With this version now we have a problem with XML-Signature :

       

      18:54:10,001 SCHWERWIEGEND [com.sun.org.apache.xml.internal.security.Init] (http-executor-threads - 1) Bad: : java.lang.RuntimeException: java.lang.ClassNotFoundException: com.sun.org.apache.xml.internal.security.transfor

      ms.implementations.TransformBase64Decode from [Module "deployment.dcs-ear.ear.dcs-schufa.jar:main" from Service Module Loader]

              at com.sun.org.apache.xml.internal.security.transforms.Transform.register(Transform.java:280) [rt.jar:1.6.0_26]

              at com.sun.org.apache.xml.internal.security.Init.init(Init.java:235) [rt.jar:1.6.0_26]

              at org.jcp.xml.dsig.internal.dom.ApacheTransform.<clinit>(ApacheTransform.java:37) [rt.jar:1.6.0_26]

              at java.lang.Class.forName0(Native Method) [rt.jar:1.6.0_26]

              at java.lang.Class.forName(Class.java:169) [rt.jar:1.6.0_26]

              at java.security.Provider$Service.getImplClass(Provider.java:1260) [rt.jar:1.6.0_26]

              at java.security.Provider$Service.newInstance(Provider.java:1220) [rt.jar:1.6.0_26]

              at sun.security.jca.GetInstance.getInstance(GetInstance.java:220) [rt.jar:1.6.0_26]

              at javax.xml.crypto.dsig.TransformService.getInstance(TransformService.java:145) [rt.jar:1.6.0_26]

              at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.newTransform(DOMXMLSignatureFactory.java:233) [rt.jar:1.6.0_26]

              at de.xxxxx

       

      Caused by: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: java.lang.NullPointerException

              at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:352) [rt.jar:1.6.0_26]

              at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:278) [rt.jar:1.6.0_26]

              at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(DOMXMLSignature.java:447) [rt.jar:1.6.0_26]

              at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:343) [rt.jar:1.6.0_26]

              at de.easycredit.dcs.schufa.common.SchufaCertificateHandlerBean.signXML(SchufaCertificateHandlerBean.java:175) [dcs-schufa.jar:5.3-SNAPSHOT 18.05.2012-18:49:54]

              ... 173 more

      Caused by: javax.xml.crypto.URIReferenceException: java.lang.NullPointerException

              at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:82) [rt.jar:1.6.0_26]

              at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(DOMReference.java:344) [rt.jar:1.6.0_26]

              ... 177 more

      Caused by: java.lang.NullPointerException

              at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.getInstance(ResourceResolver.java:102) [rt.jar:1.6.0_26]

              at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(DOMURIDereferencer.java:73) [rt.jar:1.6.0_26]

              ... 178 more

       

      I found the following differences beetween Beta1 and Beta2

       

      [root@dcs1 /usr/local]# diff jboss-eap-6.0.B1/modules/javaee/api/main/module.xml jboss/modules/javaee/api/main/module.xml

      57,68d56

      <         <module name="org.apache.santuario.xmlsec" export="true">

      <             <exports>

      <                 <include-set>

      <                     <path name="javax/xml/crypto"/>

      <                     <path name="javax/xml/crypto/dom"/>

      <                     <path name="javax/xml/crypto/dsig"/>

      <                     <path name="javax/xml/crypto/dsig/dom"/>

      <                     <path name="javax/xml/crypto/dsig/keyinfo"/>

      <                     <path name="javax/xml/crypto/dsig/spec"/>

      <                 </include-set>

      <             </exports>

      <         </module>

      [root@dcs1 /usr/local]# diff jboss-eap-6.0.B1/modules/javax/api/main/module.xml jboss/modules/javax/api/main/module.xml

      101a102,107

      >                 <path name="javax/xml/crypto"/>

      >                 <path name="javax/xml/crypto/dom"/>

      >                 <path name="javax/xml/crypto/dsig"/>

      >                 <path name="javax/xml/crypto/dsig/dom"/>

      >                 <path name="javax/xml/crypto/dsig/keyinfo"/>

      >                 <path name="javax/xml/crypto/dsig/spec"/>

       

      the crypto stuff moved from javaee.api to javax.api, xml-sec has now version 1.5.1 (beta 1 was 1.4.5).

       

      To avoid the ClassNotFoundException, I added now the xmlsec.jar to the ear and added also a dependency to org.apache ...

      [jboss@dcs1 ~]$ unzip -l deployments/dcs-ear.ear | grep xmlsec

         607192  05-18-12 18:50   lib/xmlsec-1.5.1.jar

      [jboss@dcs1 ~]$

      [jboss@dcs1 ~]$ unzip -p deployments/dcs-ear.ear META-INF/MANIFEST.MF

      Manifest-Version: 1.0

      Archiver-Version: Plexus Archiver

      Created-By: Apache Maven

      Built-By: 802125

      Build-Jdk: 1.6.0_23

      Dependencies: org.apache.xerces,

                       org.slf4j,

                       com.sun.xml.bind,

                       org.apache.santuario.xmlsec

      Implementation-Version: 5.3-SNAPSHOT 18.05.2012-18:49:54

       

      But the error still remains.

        • 1. Re: XML-Sig doesn't work after switch to JBoss-EAP Beta 2
          dastraub

          I resolved this issue (pramatic) by adding this lines to as/modules/sun/jdk/main/module.xml :

           

                          <path name="com/sun/org/apache/xml/internal"/>

                          <path name="com/sun/org/apache/xml/internal/security/algorithms"/>

                          <path name="com/sun/org/apache/xml/internal/securityalgorithms/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/c14n"/>

                          <path name="com/sun/org/apache/xml/internal/security/c14n/helpers"/>

                          <path name="com/sun/org/apache/xml/internal/security/c14n/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/encryption"/>

                          <path name="com/sun/org/apache/xml/internal/security/exceptions"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/content"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/keyresolver"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/storage"/>

                          <path name="com/sun/org/apache/xml/internal/security/resource"/>

                          <path name="com/sun/org/apache/xml/internal/security/signature"/>

                          <path name="com/sun/org/apache/xml/internal/security/transforms"/>

                          <path name="com/sun/org/apache/xml/internal/security/transforms/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/params"/>

                          <path name="com/sun/org/apache/xml/internal/security/utils"/>

                          <path name="com/sun/org/apache/xml/internal/security/resolver"/>

           

           

          During the transition from EAP 6 Beta 1 to EAP 6 Beta 2, this must have been lost somewhere in the modules ...

           

          I hope someone of JBoss will find a final/correct solution for this issue.

           

           


          • 2. Re: XML-Sig doesn't work after switch to JBoss-EAP Beta 2
            dastraub

            And here ist - hopefully - a correct solution :

            - I rolled back the previous changes in as/modules/sun/jdk/main/module.xml

            - create a new module called 'com.sun.org.apache.xml.internal.security" :

             

            <module xmlns="urn:jboss:module:1.1" name="com.sun.org.apache.xml.internal.security">

                <dependencies>

                    <system export="true">

                        <paths>

                          <path name="com/sun/org/apache/xml/internal/security"/>

                          <path name="com/sun/org/apache/xml/internal/security/algorithms"/>

                          <path name="com/sun/org/apache/xml/internal/security/algorithms/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/c14n"/>

                          <path name="com/sun/org/apache/xml/internal/security/c14n/helper"/>

                          <path name="com/sun/org/apache/xml/internal/security/c14n/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/encryption"/>

                          <path name="com/sun/org/apache/xml/internal/security/exceptions"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/content"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/content/keyvalues"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/content/x509"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/keyresolver"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/storage"/>

                          <path name="com/sun/org/apache/xml/internal/security/keys/storage/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/resource"/>

                          <path name="com/sun/org/apache/xml/internal/security/signature"/>

                          <path name="com/sun/org/apache/xml/internal/security/transforms"/>

                          <path name="com/sun/org/apache/xml/internal/security/transforms/implementations"/>

                          <path name="com/sun/org/apache/xml/internal/security/transforms/params"/>

                          <path name="com/sun/org/apache/xml/internal/security/utils"/>

                          <path name="com/sun/org/apache/xml/internal/security/utils/resolver"/>

                          <path name="com/sun/org/apache/xml/internal/security/utils/resolver/implementations"/>

                        </paths>

                    </system>

                </dependencies>

            </module>


            - add this as dependency to the ear

             

            So I don't have to touch the original modules and do that again at every new release.

             

            But still: where these classes have been "lost" ?

            Why this restrictions (by the module classloader) for java rt.jar-classes ?




            • 3. Re: XML-Sig doesn't work after switch to JBoss-EAP Beta 2
              asoldano

              Can you tell which module dependencies if any you're setting into your deployment?

              • 4. Re: XML-Sig doesn't work after switch to JBoss-EAP Beta 2
                dastraub

                We set dependendcies to org.apache.xerces,org.slf4j,com.sun.xml.bind in thte manifest of the ear (we need the last one only because we create a custom JAXBFactory for some internal reasons).

                With this settings, we had access to the com/sun/org/apache/xml/internal stuff until JBoss EAP6 Beta 2.

                • 5. Re: XML-Sig doesn't work after switch to JBoss-EAP Beta 2 - ClassNotFoundException: com.sun.org.apache.xml.internal...
                  fuinhaazul

                  Sorry to revive this post, but im running with the same problem on latest compiled jboss (7.2.0 SNAPSHOT ).

                   

                   

                  The problem happen exactly on this code:

                   

                   

                  private static XMLSignatureFactory fac = XMLSignatureFactory

                              .getInstance("DOM");

                  SignedInfo si = ...;

                  KeyInfo ki = ...;

                  XMLSignature signature = fac.newXMLSignature(si, ki);

                   

                   

                   

                  The solution that was given on this topic, is the right solution (that will be commited on trunk) or is an workaround?

                   

                   

                  Thanks

                  • 6. Re: XML-Sig doesn't work after switch to JBoss-EAP Beta 2 - ClassNotFoundException: com.sun.org.apache.xml.internal...
                    dastraub

                    It is a "workaround" what we use in our installation and is not part of JBoss AS development.

                    But it is a right solution, we're using this in production for a loan application :)

                    • 7. Re: XML-Sig doesn't work after switch to JBoss-EAP Beta 2 - ClassNotFoundException: com.sun.org.apache.xml.internal...
                      fuinhaazul

                      Thanks Daniel

                       

                      I already tried to use AS 7 a lot of times, but im always running on some kind of bug or feature not implemented yeat.

                       

                      Lets try one more time.