ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Namrata Jaiswal (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (WSS-581) Decryption fails with cipher not initialized error when multiple attachmments are used
Date Tue, 21 Jun 2016 18:37:58 GMT

     [ https://issues.apache.org/jira/browse/WSS-581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Namrata Jaiswal updated WSS-581:
--------------------------------
    Attachment: input.xml
                graycol.gif


Input for decryption

(See attached file: input.xml)


Thanks,
Namrata



From:	Namrata Jaiswal/India/IBM
To:	"Colm O hEigeartaigh (JIRA)" <jira@apache.org>
Date:	06/21/2016 11:55 PM
Subject:	Re: [jira] [Commented] (WSS-581) Decryption fails with cipher
            not initialized error when multiple attachmments are used


Actual, error is coming from CipherInputStream which we get from WSS4J.
Here we are trying to store data from CipherInputStream  post decryption
and it breaks there.

Caused by: java.lang.IllegalStateException: Cipher not initialized
	at javax.crypto.Cipher.d(Unknown Source)
	at javax.crypto.Cipher.doFinal(Unknown Source)
	at javax.crypto.CipherInputStream.close(Unknown Source)
	at com.ibm.b2b.storage.service.jmx.UsageCountingInputStream.close
(UsageCountingInputStream.java:87)
	at java.nio.channels.Channels
$ReadableByteChannelImpl.implCloseChannel(Channels.java:415)
	at java.nio.channels.spi.AbstractInterruptibleChannel.close
(AbstractInterruptibleChannel.java:127)
	at
com.ibm.b2b.storage.fs.providers.filesystem.FileSystemUtils.quietClose
(FileSystemUtils.java:81)
	at
com.ibm.b2b.storage.fs.providers.filesystem.FileSystemStore.putData
(FileSystemStore.java:291)
	at
com.ibm.b2b.storage.fs.providers.filesystem.FileSystemStore.putData
(FileSystemStore.java:265)
	at com.ibm.b2b.storage.service.jmx.UsageCountingStore.putData
(UsageCountingStore.java:76)
	at
com.ibm.b2b.storage.core.providers.dispatch.AbstractDispatchStore.putData
(AbstractDispatchStore.java:106)
	at com.ibm.b2b.comms.common.storage.CommsStorageClientImpl.syncStore
(CommsStorageClientImpl.java:197)


Also, wanted to check,  input for decryption does not have keyInfo under
encrypteddata of failing attachment,  is it fine with wss4j?

		<wsse:Security
			xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
			xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
			soapenv:mustUnderstand="true">
			<xenc:EncryptedKey xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#"
				Id="EK-bb91125b-9a2e-4f93-b62a-57e26dbbf6ca">
				<xenc:EncryptionMethod
					Algorithm="
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
				<ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">
					<wsse:SecurityTokenReference>
						<wsse:KeyIdentifier
							EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
"
							ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier
">JpCXcUg6esmKNqI+djmV3v3ETnc=</wsse:KeyIdentifier>
					</wsse:SecurityTokenReference>
				</ds:KeyInfo>
				<xenc:CipherData>
					<xenc:CipherValue>
KzBmwSE7TOffhZkiRz6KLwetkphm/rEhHez+wWcNOkxKGyN7j6Wk1pWIVkKX8xjQ......</
xenc:CipherValue>
				</xenc:CipherData>
				<xenc:ReferenceList>
					<xenc:DataReference URI=
"#ED-b81f0d34-85be-4165-9e04-ff0c66d53926" />
					<xenc:DataReference URI=
"#ED-be93f5b3-599e-4f06-b615-214e8c85fb37" />
				</xenc:ReferenceList>
			</xenc:EncryptedKey>
			<xenc:EncryptedData xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#"
				Id="ED-be93f5b3-599e-4f06-b615-214e8c85fb37"
MimeType="application/octet-stream"
				Type="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
">
				<xenc:EncryptionMethod Algorithm="
http://www.w3.org/2009/xmlenc11#aes128-gcm" />
				<ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#">
					<wsse:SecurityTokenReference
						xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
						wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
">
						<wsse:Reference URI=
"#EK-bb91125b-9a2e-4f93-b62a-57e26dbbf6ca" />
					</wsse:SecurityTokenReference>
				</ds:KeyInfo>
				<xenc:CipherData>
					<xenc:CipherReference URI="
cid:xmlpayload@minder">
						<xenc:Transforms>
							<ds:Transform xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"
								Algorithm="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
" />
						</xenc:Transforms>
					</xenc:CipherReference>
				</xenc:CipherData>
			</xenc:EncryptedData>
			<xenc:EncryptedData xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#"
				Id="ED-b81f0d34-85be-4165-9e04-ff0c66d53926"
MimeType="application/octet-stream"
				Type="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
">
				<xenc:EncryptionMethod Algorithm="
http://www.w3.org/2009/xmlenc11#aes128-gcm" />
				<xenc:CipherData>
					<xenc:CipherReference URI="
cid:custompayload@minder">
						<xenc:Transforms>
							<ds:Transform xmlns:ds="
http://www.w3.org/2000/09/xmldsig#"
								Algorithm="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
" />
						</xenc:Transforms>
					</xenc:CipherReference>
				</xenc:CipherData>
			</xenc:EncryptedData>



Thanks,
Namrata





From:	"Colm O hEigeartaigh (JIRA)" <jira@apache.org>
To:	Namrata Jaiswal/India/IBM@IBMIN
Date:	06/21/2016 10:00 PM
Subject:	[jira] [Commented] (WSS-581) Decryption fails with cipher not
            initialized error when multiple attachmments are used




    [
https://issues.apache.org/jira/browse/WSS-581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15342108#comment-15342108
 ]

Colm O hEigeartaigh commented on WSS-581:
-----------------------------------------

The error does not appear to be originating in WSS4J?

com.ibm.b2b.comms.as4.core.security.impl.AttachmentDecryptionCBHandler.handle
(AttachmentDecryptionCBHandler.java:144)

Colm.

attachmments are used
--------------------------------------------------------------------------------------

WSS4j, decryption does not work
javax.security.auth.callback.CallbackHandler#handle
(javax.security.auth.callback.Callback[]) API  for both
AttachmentRequestCallback and AttachmentResultCallback are invoked for
first attachment and also AttachmentResultCallback returned decrypted the
data )but it breaks with error Cipher not initialized for second
attachment. For 2nd attachment, AttachmentRequestCallback goes fine where
we set everything but handle call for AttachmentResultCallback breaks with
error  Cipher not initialized (before invoking password callbacks) when we
try to read decrypted data.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)




> Decryption fails with cipher not initialized error when multiple attachmments are used
> --------------------------------------------------------------------------------------
>
>                 Key: WSS-581
>                 URL: https://issues.apache.org/jira/browse/WSS-581
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.0.7
>            Reporter: Namrata Jaiswal
>            Assignee: Colm O hEigeartaigh
>         Attachments: graycol.gif, graycol.gif, graycol.gif, input.xml, logs.txt
>
>
> When multiple attachments are used for decrypting using Stax Apis in WSS4j, decryption
does not work
> The decryption works fine for 1st attachment (I can see that javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
API  for both AttachmentRequestCallback and AttachmentResultCallback are invoked for first
attachment and also AttachmentResultCallback returned decrypted the data )but it breaks with
error Cipher not initialized for second attachment. For 2nd attachment, AttachmentRequestCallback
goes fine where we set everything but handle call for AttachmentResultCallback breaks with
error  Cipher not initialized (before invoking password callbacks) when we try to read decrypted
data.
> Caused by: java.lang.IllegalStateException: Cipher not initialized
> 	at javax.crypto.Cipher.d(Unknown Source)
> 	at javax.crypto.Cipher.doFinal(Unknown Source)
> 	at javax.crypto.CipherInputStream.close(Unknown Source)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message