XML Decryption Filter Throwing Unhandled Exception Resulting in NullPointerException when wrong Certificate is Used
Last updated on DECEMBER 01, 2017
Applies to:Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.
In OAG 22.214.171.124 SP2 with <Patch 22509139> applied, a decryption policy works fine if the message is encrypted with expected certificate. It fails if the message is not encrypted with expected certificate, and this failure is expected.
However, the exception is not handled by the OAG exception handling framework when a failure occurs. The failure produces a 500 Internal Server Error followed by a NullPointerException.
The expectation is that any exception thrown by the API Gateway will be handled by a Fault Handler if configured. In this case, the NullPointerException is bypassing three levels of Fault Handlers (including the Global Fault Handler policy) which results in the HTTP 500 error.
1. Apply patch 22509139 on top of OAG 126.96.36.199 SP2
2. Create a decryption policy where the message is encrypted with the wrong certificate to trigger the failure.
3. The error will occur.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms