[
https://issues.apache.org/jira/browse/WSS-581?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Namrata Jaiswal updated WSS-581:
--------------------------------
Attachment: graycol.gif
Actual, error is coming from CipherInputStream which we get from WSS4J.
Here we are trying to store data from CipherInputStream post decryption
and it breaks there.
Caused by: java.lang.IllegalStateException: Cipher not initialized
at javax.crypto.Cipher.d(Unknown Source)
at javax.crypto.Cipher.doFinal(Unknown Source)
at javax.crypto.CipherInputStream.close(Unknown Source)
at com.ibm.b2b.storage.service.jmx.UsageCountingInputStream.close
(UsageCountingInputStream.java:87)
at java.nio.channels.Channels
$ReadableByteChannelImpl.implCloseChannel(Channels.java:415)
at java.nio.channels.spi.AbstractInterruptibleChannel.close
(AbstractInterruptibleChannel.java:127)
at
com.ibm.b2b.storage.fs.providers.filesystem.FileSystemUtils.quietClose
(FileSystemUtils.java:81)
at
com.ibm.b2b.storage.fs.providers.filesystem.FileSystemStore.putData
(FileSystemStore.java:291)
at
com.ibm.b2b.storage.fs.providers.filesystem.FileSystemStore.putData
(FileSystemStore.java:265)
at com.ibm.b2b.storage.service.jmx.UsageCountingStore.putData
(UsageCountingStore.java:76)
at
com.ibm.b2b.storage.core.providers.dispatch.AbstractDispatchStore.putData
(AbstractDispatchStore.java:106)
at com.ibm.b2b.comms.common.storage.CommsStorageClientImpl.syncStore
(CommsStorageClientImpl.java:197)
Also, wanted to check, input for decryption does not have keyInfo under
encrypteddata of failing attachment, is it fine with wss4j?
<wsse:Security
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
soapenv:mustUnderstand="true">
<xenc:EncryptedKey xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#";
Id="EK-bb91125b-9a2e-4f93-b62a-57e26dbbf6ca">
<xenc:EncryptionMethod
Algorithm="
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"; />
<ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
"
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier
">JpCXcUg6esmKNqI+djmV3v3ETnc=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
KzBmwSE7TOffhZkiRz6KLwetkphm/rEhHez+wWcNOkxKGyN7j6Wk1pWIVkKX8xjQ......</
xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI=
"#ED-b81f0d34-85be-4165-9e04-ff0c66d53926" />
<xenc:DataReference URI=
"#ED-be93f5b3-599e-4f06-b615-214e8c85fb37" />
</xenc:ReferenceList>
</xenc:EncryptedKey>
<xenc:EncryptedData xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#";
Id="ED-be93f5b3-599e-4f06-b615-214e8c85fb37"
MimeType="application/octet-stream"
Type="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
">
<xenc:EncryptionMethod Algorithm="
http://www.w3.org/2009/xmlenc11#aes128-gcm"; />
<ds:KeyInfo xmlns:ds="
http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse11="
http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
wsse11:TokenType="
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
">
<wsse:Reference URI=
"#EK-bb91125b-9a2e-4f93-b62a-57e26dbbf6ca" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherReference URI="
cid:xmlpayload@minder">
<xenc:Transforms>
<ds:Transform xmlns:ds="
http://www.w3.org/2000/09/xmldsig#";
Algorithm="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
" />
</xenc:Transforms>
</xenc:CipherReference>
</xenc:CipherData>
</xenc:EncryptedData>
<xenc:EncryptedData xmlns:xenc="
http://www.w3.org/2001/04/xmlenc#";
Id="ED-b81f0d34-85be-4165-9e04-ff0c66d53926"
MimeType="application/octet-stream"
Type="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
">
<xenc:EncryptionMethod Algorithm="
http://www.w3.org/2009/xmlenc11#aes128-gcm"; />
<xenc:CipherData>
<xenc:CipherReference URI="
cid:custompayload@minder">
<xenc:Transforms>
<ds:Transform xmlns:ds="
http://www.w3.org/2000/09/xmldsig#";
Algorithm="
http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Ciphertext-Transform
" />
</xenc:Transforms>
</xenc:CipherReference>
</xenc:CipherData>
</xenc:EncryptedData>
Thanks,
Namrata
From: "Colm O hEigeartaigh (JIRA)" <[email protected]>
To: Namrata Jaiswal/India/IBM@IBMIN
Date: 06/21/2016 10:00 PM
Subject: [jira] [Commented] (WSS-581) Decryption fails with cipher not
initialized error when multiple attachmments are used
[
https://issues.apache.org/jira/browse/WSS-581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15342108#comment-15342108
]
Colm O hEigeartaigh commented on WSS-581:
-----------------------------------------
The error does not appear to be originating in WSS4J?
com.ibm.b2b.comms.as4.core.security.impl.AttachmentDecryptionCBHandler.handle
(AttachmentDecryptionCBHandler.java:144)
Colm.
attachmments are used
--------------------------------------------------------------------------------------
WSS4j, decryption does not work
javax.security.auth.callback.CallbackHandler#handle
(javax.security.auth.callback.Callback[]) API for both
AttachmentRequestCallback and AttachmentResultCallback are invoked for
first attachment and also AttachmentResultCallback returned decrypted the
data )but it breaks with error Cipher not initialized for second
attachment. For 2nd attachment, AttachmentRequestCallback goes fine where
we set everything but handle call for AttachmentResultCallback breaks with
error Cipher not initialized (before invoking password callbacks) when we
try to read decrypted data.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
> Decryption fails with cipher not initialized error when multiple attachmments
> are used
> --------------------------------------------------------------------------------------
>
> Key: WSS-581
> URL: https://issues.apache.org/jira/browse/WSS-581
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.0.7
> Reporter: Namrata Jaiswal
> Assignee: Colm O hEigeartaigh
> Attachments: graycol.gif, graycol.gif, logs.txt
>
>
> When multiple attachments are used for decrypting using Stax Apis in WSS4j,
> decryption does not work
> The decryption works fine for 1st attachment (I can see that
> javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
> API for both AttachmentRequestCallback and AttachmentResultCallback are
> invoked for first attachment and also AttachmentResultCallback returned
> decrypted the data )but it breaks with error Cipher not initialized for
> second attachment. For 2nd attachment, AttachmentRequestCallback goes fine
> where we set everything but handle call for AttachmentResultCallback breaks
> with error Cipher not initialized (before invoking password callbacks) when
> we try to read decrypted data.
> Caused by: java.lang.IllegalStateException: Cipher not initialized
> at javax.crypto.Cipher.d(Unknown Source)
> at javax.crypto.Cipher.doFinal(Unknown Source)
> at javax.crypto.CipherInputStream.close(Unknown Source)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
