Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8038184

XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String

    Details

    • Subcomponent:
    • Resolved In Build:
      b10
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        FULL PRODUCT VERSION :
        java version "1.8.0"
        Java(TM) SE Runtime Environment (build 1.8.0-b132)
        Java HotSpot(TM) Client VM (build 25.0-b70, mixed mode)

        ADDITIONAL OS VERSION INFORMATION :
        Microsoft Windows [Version 6.2.9200]

        A DESCRIPTION OF THE PROBLEM :
        I'm trying to sign the "InfRps" tag on the following XML file:

        <?xml version="1.0" encoding="UTF-8"?>
        <EnviarLoteRpsEnvio xmlns="http://www.abrasf.org.br/nfse.xsd">
          <LoteRps Id="" versao="1.00">
            <NumeroLote>100</NumeroLote>
            <Cnpj>01339695000101</Cnpj>
            <InscricaoMunicipal>01323820024</InscricaoMunicipal>
            <QuantidadeRps>1</QuantidadeRps>
            <ListaRps>
              <Rps>
                <InfRps Id="1">
                  <IdentificacaoRps>
                    <Numero>500122</Numero>
                    <Serie>900</Serie>
                    <Tipo>1</Tipo>
                  </IdentificacaoRps>
                  <DataEmissao>2014-03-21T00:00:00.000-03:00</DataEmissao>
                  <NaturezaOperacao>1</NaturezaOperacao>
                  <OptanteSimplesNacional>2</OptanteSimplesNacional>
                  <IncentivadorCultural>2</IncentivadorCultural>
                  <Status>1</Status>
                  <Servico>
                    <Valores>
                      <ValorServicos>98.01</ValorServicos>
                      <ValorPis>0.00</ValorPis>
                      <ValorCofins>0.00</ValorCofins>
                      <ValorInss>0.00</ValorInss>
                      <ValorIr>0.00</ValorIr>
                      <IssRetido>2</IssRetido>
                      <ValorIss>0.00</ValorIss>
                      <Aliquota>0.00</Aliquota>
                    </Valores>
                    <ItemListaServico>1</ItemListaServico>
                    <CodigoCnae>6201500</CodigoCnae>
                    <Discriminacao>1 null - R$ 98,01</Discriminacao>
                    <CodigoMunicipio>3106200</CodigoMunicipio>
                  </Servico>
                  <Prestador>
                    <Cnpj>01339695000101</Cnpj>
                    <InscricaoMunicipal>01323820024</InscricaoMunicipal>
                  </Prestador>
                  <Tomador>
                    <IdentificacaoTomador>
                      <CpfCnpj>
                        <Cpf>01234567890</Cpf>
                      </CpfCnpj>
                    </IdentificacaoTomador>
                    <RazaoSocial>CLIENTE AVULSO</RazaoSocial>
                    <Endereco>
                      <Endereco>RUA CATETE</Endereco>
                      <Numero>999</Numero>
                      <Complemento>601/701</Complemento>
                      <Bairro>ALTO BARROCA</Bairro>
                      <CodigoMunicipio>3106200</CodigoMunicipio>
                      <Uf>MG</Uf>
                      <Cep>30431016</Cep>
                    </Endereco>
                  </Tomador>
                </InfRps>
              </Rps>
            </ListaRps>
          </LoteRps>
        </EnviarLoteRpsEnvio>


        And I'm getting the following error message:

        2014-03-21 09:27:17,747 ERROR [Tarefa NFe 34.034.264.168] ComandoAppletNFeQueueImpl.enviaComando(60) | Stack trace remoto referente a taskId 34034264168: com.ats.jnfe.exception.NfeConfigurationException: erros: [Erro ao realizar a assinatura. Favor, verificar se o certificado está configurado corretamente nas configurações.] alertas: []
        at com.ats.jnfe.service.comunicacao.impl.MscapiSecurityHandlerBean.handle(MscapiSecurityHandlerBean.java:88)
        at com.ats.jnfe.applet.security.ConfigurableSecurityHandlerBean.handle(ConfigurableSecurityHandlerBean.java:42)
        at br.com.jnfe.base.service.DOMNFeSignatureHandler.sign(DOMNFeSignatureHandler.java:57)
        at com.ats.jnfe.applet.client.impl.ClientComandoAppletNFeServiceImpl.newSignature(ClientComandoAppletNFeServiceImpl.java:130)
        at com.ats.jnfe.applet.client.impl.ClientComandoAppletNFeHandlerImpl.trataComando(ClientComandoAppletNFeHandlerImpl.java:63)
        at com.ats.jnfe.applet.client.impl.ComandoAppletNFeExecutorImpl$1.run(ComandoAppletNFeExecutorImpl.java:64)
        at java.lang.Thread.run(Unknown Source)
        Caused by: java.lang.IllegalArgumentException: Impossível construir assinatura,
        at br.com.jnfe.base.service.DOMNFeSignatureBuilder.build(DOMNFeSignatureBuilder.java:207)
        at br.com.jnfe.base.service.DOMNFeSignatureBuilder.build(DOMNFeSignatureBuilder.java:1)
        at br.com.jnfe.base.service.DOMNFeSignatureHandler$1.doInSecurityContext(DOMNFeSignatureHandler.java:59)
        at com.ats.jnfe.service.comunicacao.impl.MscapiSecurityHandlerBean.handle(MscapiSecurityHandlerBean.java:86)
        ... 6 more
        Caused by: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: java.lang.StringIndexOutOfBoundsException: String index out of range: 0
        at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(Unknown Source)
        at org.jcp.xml.dsig.internal.dom.DOMReference.digest(Unknown Source)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(Unknown Source)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source)
        at br.com.jnfe.base.service.DOMNFeSignatureBuilder.build(DOMNFeSignatureBuilder.java:195)
        ... 9 more
        Caused by: javax.xml.crypto.URIReferenceException: java.lang.StringIndexOutOfBoundsException: String index out of range: 0
        at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(Unknown Source)
        ... 14 more
        Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: 0
        at java.lang.String.charAt(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.XMLUtils.protectAgainstWrappingAttack(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
        ... 15 more

        I'm still not sure whether there's an error on the XML or not, but the error message definitely doesn't point me towards any useful direction.


        ERROR MESSAGES/STACK TRACES THAT OCCUR :
        2014-03-21 09:27:17,747 ERROR [Tarefa NFe 34.034.264.168] ComandoAppletNFeQueueImpl.enviaComando(60) | Stack trace remoto referente a taskId 34034264168: com.ats.jnfe.exception.NfeConfigurationException: erros: [Erro ao realizar a assinatura. Favor, verificar se o certificado está configurado corretamente nas configurações.] alertas: []
        at com.ats.jnfe.service.comunicacao.impl.MscapiSecurityHandlerBean.handle(MscapiSecurityHandlerBean.java:88)
        at com.ats.jnfe.applet.security.ConfigurableSecurityHandlerBean.handle(ConfigurableSecurityHandlerBean.java:42)
        at br.com.jnfe.base.service.DOMNFeSignatureHandler.sign(DOMNFeSignatureHandler.java:57)
        at com.ats.jnfe.applet.client.impl.ClientComandoAppletNFeServiceImpl.newSignature(ClientComandoAppletNFeServiceImpl.java:130)
        at com.ats.jnfe.applet.client.impl.ClientComandoAppletNFeHandlerImpl.trataComando(ClientComandoAppletNFeHandlerImpl.java:63)
        at com.ats.jnfe.applet.client.impl.ComandoAppletNFeExecutorImpl$1.run(ComandoAppletNFeExecutorImpl.java:64)
        at java.lang.Thread.run(Unknown Source)
        Caused by: java.lang.IllegalArgumentException: Impossível construir assinatura,
        at br.com.jnfe.base.service.DOMNFeSignatureBuilder.build(DOMNFeSignatureBuilder.java:207)
        at br.com.jnfe.base.service.DOMNFeSignatureBuilder.build(DOMNFeSignatureBuilder.java:1)
        at br.com.jnfe.base.service.DOMNFeSignatureHandler$1.doInSecurityContext(DOMNFeSignatureHandler.java:59)
        at com.ats.jnfe.service.comunicacao.impl.MscapiSecurityHandlerBean.handle(MscapiSecurityHandlerBean.java:86)
        ... 6 more
        Caused by: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: java.lang.StringIndexOutOfBoundsException: String index out of range: 0
        at org.jcp.xml.dsig.internal.dom.DOMReference.dereference(Unknown Source)
        at org.jcp.xml.dsig.internal.dom.DOMReference.digest(Unknown Source)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(Unknown Source)
        at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source)
        at br.com.jnfe.base.service.DOMNFeSignatureBuilder.build(DOMNFeSignatureBuilder.java:195)
        ... 9 more
        Caused by: javax.xml.crypto.URIReferenceException: java.lang.StringIndexOutOfBoundsException: String index out of range: 0
        at org.jcp.xml.dsig.internal.dom.DOMURIDereferencer.dereference(Unknown Source)
        ... 14 more
        Caused by: java.lang.StringIndexOutOfBoundsException: String index out of range: 0
        at java.lang.String.charAt(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.XMLUtils.protectAgainstWrappingAttack(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
        at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
        ... 15 more

        REPRODUCIBILITY :
        This bug can be reproduced always.

          Activity

          webbuggrp Webbug Group created issue -
          coffeys Sean Coffey made changes -
          Field Original Value New Value
          Project Java Incidents [ 10301 ] JDK [ 10100 ]
          Key JI-9011259 JDK-8038184
          Workflow JBS Incident Workflow [ 4721155 ] JBS Workflow [ 4721268 ]
          Affects Version/s 8 [ 11815 ]
          Affects Version/s 8 [ 15409 ]
          Component/s security-libs [ 10306 ]
          Component/s security-libs [ 10712 ]
          coffeys Sean Coffey made changes -
          Subcomponent java.security [ 561 ] java.security [ 195 ]
          Hide
          coffeys Sean Coffey added a comment -
          Root cause would appear to be a "if (id.charAt(0) == '#') " call on what appears to be an empty string in the XMLUtils helper class.
          I wonder if the root element of "<LoteRps Id="" versao="1.00"> " is a legal declaration.
          Show
          coffeys Sean Coffey added a comment - Root cause would appear to be a "if (id.charAt(0) == '#') " call on what appears to be an empty string in the XMLUtils helper class. I wonder if the root element of "<LoteRps Id="" versao="1.00"> " is a legal declaration.
          coffeys Sean Coffey made changes -
          Subcomponent java.security [ 195 ] javax.xml.crypto [ 666 ]
          Hide
          mullan Sean Mullan added a comment -
          It would be useful if the XML Signature was included in the bug report, but I can make a guess as to what the problem is. It is likely that they incorrectly specified the XML Signature Reference URI as "1" instead of "#1". The "#" is required for resolving same-document fragment URIs.

          However, the implementation should check for this and throw an exception if the syntax for fragment URIs does not start with a "#".
          Show
          mullan Sean Mullan added a comment - It would be useful if the XML Signature was included in the bug report, but I can make a guess as to what the problem is. It is likely that they incorrectly specified the XML Signature Reference URI as "1" instead of "#1". The "#" is required for resolving same-document fragment URIs. However, the implementation should check for this and throw an exception if the syntax for fragment URIs does not start with a "#".
          mullan Sean Mullan made changes -
          Assignee Sean Mullan [ mullan ]
          mullan Sean Mullan made changes -
          Status New [ 10000 ] Open [ 1 ]
          mullan Sean Mullan made changes -
          Fix Version/s tbd_major [ 11972 ]
          webbuggrp Webbug Group made changes -
          Labels webbugs webbug webbugs
          webbuggrp Webbug Group made changes -
          Labels webbug webbugs webbug
          mullan Sean Mullan made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          Understanding Cause Known [ 10000 ]
          mullan Sean Mullan made changes -
          Fix Version/s 9 [ 14949 ]
          Fix Version/s tbd_major [ 11972 ]
          mullan Sean Mullan made changes -
          OS windows_8 [ 17083 ] generic [ 17010 ]
          mullan Sean Mullan made changes -
          CPU x86 [ 17004 ] generic [ 17008 ]
          Hide
          mullan Sean Mullan added a comment -
          One of the problems in the XML document above is that an illegal values are being used for the ID attribute:

          <LoteRps Id="" versao="1.00">
          ...
          <InfRps Id="1">

          ID values can't be empty or start with a digit. See:
          http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/datatypes.html#ID

          The DSig impl however is assuming that the ID value is not an empty string, and should instead detect that and provide a better error message.
          Show
          mullan Sean Mullan added a comment - One of the problems in the XML document above is that an illegal values are being used for the ID attribute: <LoteRps Id="" versao="1.00"> ... <InfRps Id="1"> ID values can't be empty or start with a digit. See: http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/datatypes.html#ID The DSig impl however is assuming that the ID value is not an empty string, and should instead detect that and provide a better error message.
          Hide
          mullan Sean Mullan added a comment -
          I looked more into this. Even though the IDs in the example above are technically illegal accoding to the XML Schema Recommendation, the DOM API (org.w3c.dom) permits them. Thus, I think it makes sense for the XML DSig impl (which is based on DOM) to permit them under the assumption that an application should run the document through a schema validator to check for these types of illegal values. So, I have fixed the code to not throw this exception. It was a very simple fix, just a couple of lines.
          Show
          mullan Sean Mullan added a comment - I looked more into this. Even though the IDs in the example above are technically illegal accoding to the XML Schema Recommendation, the DOM API (org.w3c.dom) permits them. Thus, I think it makes sense for the XML DSig impl (which is based on DOM) to permit them under the assumption that an application should run the document through a schema validator to check for these types of illegal values. So, I have fixed the code to not throw this exception. It was a very simple fix, just a couple of lines.
          mullan Sean Mullan made changes -
          Summary URIReferenceException: StringIndexOutOfBoundsException: String index out of rang XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/10f803d32251
          User: mullan
          Date: 2014-04-16 14:09:00 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/dev/jdk/rev/10f803d32251 User: mullan Date: 2014-04-16 14:09:00 +0000
          hgupdate HG Updates made changes -
          Understanding Cause Known [ 10000 ]
          hgupdate HG Updates made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolved In Build team [ 17324 ]
          Resolution Fixed [ 1 ]
          Hide
          hgupdate HG Updates added a comment -
          URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/10f803d32251
          User: lana
          Date: 2014-04-23 16:11:32 +0000
          Show
          hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/jdk/rev/10f803d32251 User: lana Date: 2014-04-23 16:11:32 +0000
          hgupdate HG Updates made changes -
          Resolved In Build team [ 17324 ] master [ 18256 ]
          hgupdate HG Updates made changes -
          Resolved In Build master [ 18256 ] b10 [ 17338 ]
          hgupdate HG Updates made changes -
          Link This issue backported by JDK-8145034 [ JDK-8145034 ]
          hgupdate HG Updates made changes -
          Link This issue backported by JDK-8149285 [ JDK-8149285 ]
          hgupdate HG Updates made changes -
          Link This issue backported by JDK-8155430 [ JDK-8155430 ]
          sqetools SQE Tools made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Verification Verified [ 17000 ]
          sqetools SQE Tools made changes -
          Labels webbug autoverify webbug
          hgupdate HG Updates made changes -
          Link This issue backported by JDK-8175438 [ JDK-8175438 ]

            People

            • Assignee:
              mullan Sean Mullan
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: