ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: WS-Security RSA Excrytion exception..
Date Thu, 11 Jun 2009 02:22:11 GMT
On Wed June 10 2009 5:21:17 pm bharath thippireddy wrote:
> I could get the User Token encryption working using BountyCastle.But as we
> cannot use bounty castle

Any particular reason why?   I'm pretty sure a lot of things WS-Security 
related won't work with BouncyCastle.   The JDK just doesn't have the 
algorithms that are needed.  (although java 6 does have a lot more)

> can you please let me know if the exception below
> can be fixed with a setting in jdk/jce.When I try a different algorithm
> like DES instead of RSA I get  a nullpointer exception on the CXF Client.

>
>         java.security.NoSuchAlgorithmException: Cannot find any provider
> supporting RSA/NONE/PKCS1PADDING

I did a little digging and I THINK this particular exception could be fixed 
with a simple change in WSS4J.   If the line:

cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");

was surrounded with a try/catch that would then try:

cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");

I THINK it would work.   Bouncycastle uses "NONE" for the mode whereas the Sun 
provider uses ECB.   Not sure what the Sun setting for "RSA/NONE/OAEPPADDING" 
is.  That would need to be investigated more.  It would be one of:
OAEPWITHMD5ANDMGF1PADDING, OAEPWITHSHA1ANDMGF1PADDING, 
OAEPWITHSHA-1ANDMGF1PADDING, OAEPWITHSHA-256ANDMGF1PADDING, 
OAEPWITHSHA-384ANDMGF1PADDING, OAEPWITHSHA-512ANDMGF1PADDING
but cryptography is definitely not my area.

In any case, that would require you to patch WSS4J.  If that's an option for 
you, you could give that a try.

To the WSS4j folks:  why is this method not calling XMLCipher.getInstance like 
every other cipher related thing?  Should it be?   Would that alone fix it?


Dan


>
>
>
>
> Jun 10, 2009 5:11:04 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
>
> WARNING:
>
> org.apache.ws.security.WSSecurityException: An unsupported signature or
> encryption algorithm was used (unsupported key t
>
> ransport encryption algorithm: No such algorithm:
> http://www.w3.org/2001/04/xmlenc#rsa-1_5); nested exception is:
>
>         java.security.NoSuchAlgorithmException: Cannot find any provider
> supporting RSA/NONE/PKCS1PADDING
>
>         at
> org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil
>.java:690)
>
>         at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:145)
>
>         at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:107)
>
>         at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
>dKeyProcessor.java:87)
>
>
>
> thanks and regards,
>
> Bharath

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message