[
https://issues.apache.org/jira/browse/WSS-574?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15197149#comment-15197149
]
Jacobo Fernandez commented on WSS-574:
--------------------------------------
For my is not possible to provide a test-case that reproduces this issue right
now, sorry.
The workaround I put in the description solved my problem in this particular
project and I don't have the time to start doing tests again.
I provide all the information I have in order to help you deal with this
exception, that maybe is not due to this library itself, but that I think you
should try to prevent.
In your own WSSecurityUtil you have this piece of code:
} catch (NoSuchAlgorithmException ex) {
// Check to see if an RSA OAEP MGF-1 with SHA-1 algorithm was
requested
// Some JDKs don't support RSA/ECB/OAEPPadding
and it was the hint that I followed to solve my problem. It's the same case,
but different exception. Maybe in some versions or due to third-party things
instead of NoSuchAlgorithmException, Cipher.getInstance continues and the
original exception (IllegalArgumentException) is thrown.
Hope it helps.
> IllegalArgumentException thrown in WSSecEncryptedKey due to incorrect
> keyAlgorithm
> ----------------------------------------------------------------------------------
>
> Key: WSS-574
> URL: https://issues.apache.org/jira/browse/WSS-574
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Environment: Windows 7 64 bit, java jdk 7.0_79, wss4j 1.6.18
> Reporter: Jacobo Fernandez
> Assignee: Colm O hEigeartaigh
>
> This is hard to explain to me because I'm not expert in WSS, but this is what
> I found:
> In {{WSSecEncryptedKey.prepareInternal}}, when
> {{WSSecurityUtil.getCipherInstance(keyEncAlgo)}} is called, and
> {{keyEncAlgo}} value is {{WSConstants.KEYTRANSPORT_RSAOEP}}, the
> {{JCEMapper.translateURItoJCEID(cipherAlgo)}} is returning (in my case)
> {{"RSA/ECB/OAEPPadding"}}. Then, oaepParameterSpec is not null and it leads
> to the else, where it calls to {{cipher.init(Cipher.WRAP_MODE,
> remoteCert.getPublicKey(), oaepParameterSpec)}}. This method call throws the
> following exception:
> {{Caused by: java.lang.IllegalArgumentException: unknown parameter type.}}
> {{at org.bouncycastle.jce.provider.JCERSACipher.engineInit(Unknown
> Source)}}
> {{at javax.crypto.Cipher.implInit(Cipher.java:791)}}
> {{at javax.crypto.Cipher.chooseProvider(Cipher.java:849)}}
> {{at javax.crypto.Cipher.init(Cipher.java:1348)}}
> {{at javax.crypto.Cipher.init(Cipher.java:1282)}}
> {{at
> org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:257)}}
> If I modify the first lines of {{getCipherInstance}} to this:
> public static Cipher getCipherInstance(String cipherAlgo)
> throws WSSecurityException {
> try {
> String keyAlgorithm =
> JCEMapper.translateURItoJCEID(cipherAlgo);
> if (WSConstants.KEYTRANSPORT_RSAOEP.equals(cipherAlgo)) {
> try {
> return
> Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
> } catch (Exception e) {
> throw new WSSecurityException(
>
> WSSecurityException.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
> new Object[] { "No such algorithm: " + cipherAlgo },
> e);
> }
> }
> String provider = JCEMapper.getProviderId();
> if (provider == null) {
> return Cipher.getInstance(keyAlgorithm);
> }
> ...
> it works. Don't know if this is a problem with the JCEMapper or wss4j itself.
> Sorry for the bad explanation. Hope it helps.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
