Re: [ebxmlms-develop] Message offset bug

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear Peter,

O... sorry that the CVS server on sourceforge still fail on reporting 
what I haven't changed to the mailing list....

In fact the bug is just fixed by me on a week ago, where I totally 
remove the the Offset structure, since in fact it fails if the soap 
envelope of the message is encoded. Therefore my way to fix it is to 
totally remove the offset structrure and use the SOAP envelope bytes 
fetched during parsing.

And also I have added the unit test for such scenario too. (In fact 
somehow I try my best to add unit test when each bug is found, but 
sometimes it may not be possible.)

So, maybe you can checkout and see whether the source is updated. (The 
new EbxmlMessage class should remove the whole getSoapMessageOffset 
functions.)

Regards,
Bob Koon

Mayne, Peter wrote:

> I've just found and fixed what looks like a nasty bug in 
> EbxmlMessage.getMessageFromDataSource().
>
> When receiving signed messages, I was getting
>
>     Exception: org.xml.sax.SAXParseException
>     Message: Content is not allowed in prolog.
>
> from PKISignatureImpl.verify().
>
> It turns out that getMessageFromDataSource() initialises 
> soapMessageFileOffset to 0, and never changes it. When verify() (via 
> loadInputStreamToOutputStream()) fetches the SOAP envelope bytes from 
> the persistence handler, it uses the right length, but the wrong 
> (zero) offset, so the bytes it fetches include the leading MIME 
> boundary and headers, but exclude that many bytes from the end of the 
> SOAP envelope. This causes the "Content is not allowed in prolog" error.
>
> The fix is to change
>
>             int soapMessageFileOffset = 0;
>
> to
>
>             int soapMessageFileOffset = 
> parsedOutput.getSoapMessageOffset();
>
> Unsigned message still work because they don't need to be verified, 
> and there seems to be nowhere else that the message needs to be 
> analysed as it passes through the MSH.
>
> Do you have unit tests that catch things like this?
>
> PJDM
> -- 
> Peter Mayne
> Technology Consultant
> Spherion Technology Solutions
> Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602
> T: 61 2 62689727  F: 61 2 62689777
>
>  The information contained in this email and any attachments to it:
>
> (a) may be confidential and if you are not the intended recipient, any 
> interference with,
> use, disclosure or copying of this material is unauthorised and 
> prohibited; and
>
> (b) may contain personal information of the recipient and/or the 
> sender as defined
> under the Privacy Act 1988 (Cth). Consent is hereby given by the 
> recipient(s) to
> collect, hold and use such information and any personal information 
> contained in a
> response to this email, for any reasonable purpose in the ordinary 
> course of
> Spherion's
> business, including forwarding this email internally or disclosing it 
> to a third party. All
> personal information collected by Spherion will be handled in 
> accordance with
> Spherion's Privacy Policy. If you have received this email in error, 
> please notify the
> sender and delete it.
>
> (c) you agree not to employ or arrange employment for any candidate(s) 
> supplied in
> this email and any attachments without first entering into a 
> contractual agreement with
> Spherion. You further agree not to divulge any information contained 
> in this document
> to any person(s) or entities without the express permission of Spherion.
>
>
>  
>