On Wed June 10 2009 5:21:17 pm bharath thippireddy wrote:
> I could get the User Token encryption working using BountyCastle.But as we
> cannot use bounty castle
Any particular reason why? I'm pretty sure a lot of things WS-Security
related won't work with BouncyCastle. The JDK just doesn't have the
algorithms that are needed. (although java 6 does have a lot more)
> can you please let me know if the exception below
> can be fixed with a setting in jdk/jce.When I try a different algorithm
> like DES instead of RSA I get a nullpointer exception on the CXF Client.
>
> java.security.NoSuchAlgorithmException: Cannot find any provider
> supporting RSA/NONE/PKCS1PADDING
I did a little digging and I THINK this particular exception could be fixed
with a simple change in WSS4J. If the line:
cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING");
was surrounded with a try/catch that would then try:
cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
I THINK it would work. Bouncycastle uses "NONE" for the mode whereas the Sun
provider uses ECB. Not sure what the Sun setting for "RSA/NONE/OAEPPADDING"
is. That would need to be investigated more. It would be one of:
OAEPWITHMD5ANDMGF1PADDING, OAEPWITHSHA1ANDMGF1PADDING,
OAEPWITHSHA-1ANDMGF1PADDING, OAEPWITHSHA-256ANDMGF1PADDING,
OAEPWITHSHA-384ANDMGF1PADDING, OAEPWITHSHA-512ANDMGF1PADDING
but cryptography is definitely not my area.
In any case, that would require you to patch WSS4J. If that's an option for
you, you could give that a try.
To the WSS4j folks: why is this method not calling XMLCipher.getInstance like
every other cipher related thing? Should it be? Would that alone fix it?
Dan
>
>
>
>
> Jun 10, 2009 5:11:04 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
> handleMessage
>
> WARNING:
>
> org.apache.ws.security.WSSecurityException: An unsupported signature or
> encryption algorithm was used (unsupported key t
>
> ransport encryption algorithm: No such algorithm:
> http://www.w3.org/2001/04/xmlenc#rsa-1_5); nested exception is:
>
> java.security.NoSuchAlgorithmException: Cannot find any provider
> supporting RSA/NONE/PKCS1PADDING
>
> at
> org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil
>.java:690)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:145)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E
>ncryptedKeyProcessor.java:107)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte
>dKeyProcessor.java:87)
>
>
>
> thanks and regards,
>
> Bharath
--
Daniel Kulp
[email protected]
http://www.dankulp.com/blog
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
