XML Decryption Filter Throwing Unhandled Exception Resulting in NullPointerException when wrong Certificate is Used (Doc ID 2132250.1)

Last updated on MAY 05, 2016

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Symptoms

In OAG 11.1.2.4 SP2 with <Patch 22509139> applied, a decryption policy works fine if the message is encrypted with expected certificate. It fails if the message is not encrypted with expected certificate, and this failure is expected.

However, the exception is not handled by the OAG exception handling framework when a failure occurs. The failure produces a 500 Internal Server Error followed by a NullPointerException.

The expectation is that any exception thrown by the API Gateway will be handled by a Fault Handler if configured.  In this case, the NullPointerException is bypassing three levels of Fault Handlers (including the Global Fault Handler policy) which results in the HTTP 500 error.


STEPS
------
1. Apply patch 22509139 on top of OAG 11.1.2.4 SP2
2. Create a decryption policy where the message is encrypted with the wrong certificate to trigger the failure.
3. The error will occur.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms