[
https://issues.apache.org/jira/browse/WSS-706?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17810920#comment-17810920
]
Colm O hEigeartaigh commented on WSS-706:
-----------------------------------------
[~jrihtarsic] I committed it to 3.0.x-fixes, however there's a test failure on
JDK11:
{code:java}
[ERROR] Tests run: 18, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 0.578
s <<< FAILURE! -- in org.apache.wss4j.dom.message.EncryptionTest[ERROR]
org.apache.wss4j.dom.message.EncryptionTest.testEncryptionDecryptionECDSA_ES(String,
String)[1] -- Time elapsed: 0.118 s <<<
ERROR!org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystoreOriginal Exception was
org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystoreOriginal Exception was
java.security.UnrecoverableKeyException: Get Key failed:
java.security.InvalidKeyException: key length must be 32 at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getPrivateKey(EncryptedKeyProcessor.java:301)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:203)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:91)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:340)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:221)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:168)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:127)
at
org.apache.wss4j.dom.message.EncryptionTest.testEncryptionDecryptionECDSA_ES(EncryptionTest.java:372)
at java.base/java.lang.reflect.Method.invoke(Method.java:566) at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at
java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658)
at
java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:274)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at
java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at
java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at
java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at
java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at
java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:274)
at
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at
java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at
java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at
java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at
java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541) at
java.base/java.util.ArrayList.forEach(ArrayList.java:1541)Caused by:
org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystoreOriginal Exception was
java.security.UnrecoverableKeyException: Get Key failed:
java.security.InvalidKeyException: key length must be 32 at
org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:741) at
org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:642) at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getPrivateKey(EncryptedKeyProcessor.java:297)
... 39 moreCaused by: java.security.UnrecoverableKeyException: Get Key
failed: java.security.InvalidKeyException: key length must be 32 at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:422)
at
java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1057) at
org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:725) ... 41
moreCaused by: java.security.spec.InvalidKeySpecException:
java.security.InvalidKeyException: key length must be 32 at
jdk.crypto.ec/sun.security.ec.XDHKeyFactory.engineGeneratePrivate(XDHKeyFactory.java:136)
at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390)
at
java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:382)
at
java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:252)
at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:357)
... 44 moreCaused by: java.security.InvalidKeyException: key length must be
32 at
jdk.crypto.ec/sun.security.ec.XDHPrivateKeyImpl.checkLength(XDHPrivateKeyImpl.java:71)
at
jdk.crypto.ec/sun.security.ec.XDHPrivateKeyImpl.<init>(XDHPrivateKeyImpl.java:64)
at
jdk.crypto.ec/sun.security.ec.XDHKeyFactory.generatePrivateImpl(XDHKeyFactory.java:169)
at
jdk.crypto.ec/sun.security.ec.XDHKeyFactory.engineGeneratePrivate(XDHKeyFactory.java:134)
... 48 more
[ERROR]
org.apache.wss4j.dom.message.EncryptionTest.testEncryptionDecryptionECDSA_ES(String,
String)[2] -- Time elapsed: 0.064 s <<<
ERROR!org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystoreOriginal Exception was
org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystoreOriginal Exception was
java.security.UnrecoverableKeyException: Get Key failed:
java.security.InvalidKeyException: key length must be 56 at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getPrivateKey(EncryptedKeyProcessor.java:301)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:203)
at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:91)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:340)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:221)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:168)
at
org.apache.wss4j.dom.engine.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:127)
at
org.apache.wss4j.dom.message.EncryptionTest.testEncryptionDecryptionECDSA_ES(EncryptionTest.java:372)
at java.base/java.lang.reflect.Method.invoke(Method.java:566) at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at
java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:658)
at
java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:274)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
at
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at
java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at
java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at
java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at
java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at
java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:274)
at
java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at
java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at
java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at
java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at
java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at
java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at
java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541) at
java.base/java.util.ArrayList.forEach(ArrayList.java:1541)Caused by:
org.apache.wss4j.common.ext.WSSecurityException: The private key for the
supplied alias does not exist in the keystoreOriginal Exception was
java.security.UnrecoverableKeyException: Get Key failed:
java.security.InvalidKeyException: key length must be 56 at
org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:741) at
org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:642) at
org.apache.wss4j.dom.processor.EncryptedKeyProcessor.getPrivateKey(EncryptedKeyProcessor.java:297)
... 39 moreCaused by: java.security.UnrecoverableKeyException: Get Key
failed: java.security.InvalidKeyException: key length must be 56 at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:422)
at
java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1057) at
org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:725) ... 41
moreCaused by: java.security.spec.InvalidKeySpecException:
java.security.InvalidKeyException: key length must be 56 at
jdk.crypto.ec/sun.security.ec.XDHKeyFactory.engineGeneratePrivate(XDHKeyFactory.java:136)
at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390)
at
java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:382)
at
java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:252)
at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:357)
... 44 moreCaused by: java.security.InvalidKeyException: key length must be
56 at
jdk.crypto.ec/sun.security.ec.XDHPrivateKeyImpl.checkLength(XDHPrivateKeyImpl.java:71)
at
jdk.crypto.ec/sun.security.ec.XDHPrivateKeyImpl.<init>(XDHPrivateKeyImpl.java:64)
at
jdk.crypto.ec/sun.security.ec.XDHKeyFactory.generatePrivateImpl(XDHKeyFactory.java:169)
at
jdk.crypto.ec/sun.security.ec.XDHKeyFactory.engineGeneratePrivate(XDHKeyFactory.java:134)
... 48 more{code}
> Support for Key Agreement using ECDH-ES
> ---------------------------------------
>
> Key: WSS-706
> URL: https://issues.apache.org/jira/browse/WSS-706
> Project: WSS4J
> Issue Type: New Feature
> Components: WSS4J Core
> Reporter: Joze Rihtarsic
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 4.0.0
>
>
> Recently a PR was opened for the
> [ECDH-ES|https://www.w3.org/TR/xmlenc-core1/#sec-ECDH-ES] implementation in
> the santuario library.
> See the ticket:
> [https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-511]
> The purpose of this request/ticket is to update the wss4j library so that it
> can use the new Key Agreement method ECDH-ES.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
