[jira] [Created] (WSS-574) IllegalArgumentException thrown in WSSecEncryptedKey due to incorrect keyAlgorithm

Thu, 10 Mar 2016 06:49:51 -0800 

Jacobo Fernandez created WSS-574:
------------------------------------

             Summary: IllegalArgumentException thrown in WSSecEncryptedKey due 
to incorrect keyAlgorithm
                 Key: WSS-574
                 URL: https://issues.apache.org/jira/browse/WSS-574
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
         Environment: Windows 7 64 bit, java jdk 7.0_79, wss4j 1.6.18
            Reporter: Jacobo Fernandez
            Assignee: Colm O hEigeartaigh


This is hard to explain to me because I'm not expert in WSS, but this is what I 
found:

In {{WSSecEncryptedKey.prepareInternal}}, when 
{{WSSecurityUtil.getCipherInstance(keyEncAlgo)}} is called, and {{keyEncAlgo}} 
value is {{WSConstants.KEYTRANSPORT_RSAOEP}}, the 
{{JCEMapper.translateURItoJCEID(cipherAlgo)}} is returning (in my case) 
{{"RSA/ECB/OAEPPadding"}}. Then, oaepParameterSpec is not null and it leads to 
the else, where it calls to {{cipher.init(Cipher.WRAP_MODE, 
remoteCert.getPublicKey(), oaepParameterSpec)}}. This method call throws the 
following exception:

{{Caused by: java.lang.IllegalArgumentException: unknown parameter type.}}
        {{at org.bouncycastle.jce.provider.JCERSACipher.engineInit(Unknown 
Source)}}
        {{at javax.crypto.Cipher.implInit(Cipher.java:791)}}
        {{at javax.crypto.Cipher.chooseProvider(Cipher.java:849)}}
        {{at javax.crypto.Cipher.init(Cipher.java:1348)}}
        {{at javax.crypto.Cipher.init(Cipher.java:1282)}}
        {{at 
org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:257)}}

If I modify the first lines of {{getCipherInstance}} to this:

        public static Cipher getCipherInstance(String cipherAlgo)
                        throws WSSecurityException {
                try {
                        String keyAlgorithm = 
JCEMapper.translateURItoJCEID(cipherAlgo);
            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(cipherAlgo)) {
                                try {
                                        return 
Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
                                } catch (Exception e) {
                                        throw new WSSecurityException(
                                                
WSSecurityException.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
                        new Object[] { "No such algorithm: " + cipherAlgo }, e);
                }
            }
            String provider = JCEMapper.getProviderId();
            if (provider == null) {
                return Cipher.getInstance(keyAlgorithm);
            }
                ...

it works. Don't know if this is a problem with the JCEMapper or wss4j itself.

Sorry for the bad explanation. Hope it helps.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to