Is there a way to specify the modes/padding using some configuration(serverKeyStore.properties)?.What I don't understand is that the encryption works fine and the issue below is when the UT is being decrypted back on the server side.
Thanks, Bharath -----Original Message----- From: Daniel Kulp [mailto:[email protected]] Sent: Wednesday, June 10, 2009 10:22 PM To: [email protected]; [email protected] Cc: bharath thippireddy Subject: Re: WS-Security RSA Excrytion exception.. On Wed June 10 2009 5:21:17 pm bharath thippireddy wrote: > I could get the User Token encryption working using BountyCastle.But as we > cannot use bounty castle Any particular reason why? I'm pretty sure a lot of things WS-Security related won't work with BouncyCastle. The JDK just doesn't have the algorithms that are needed. (although java 6 does have a lot more) > can you please let me know if the exception below > can be fixed with a setting in jdk/jce.When I try a different algorithm > like DES instead of RSA I get a nullpointer exception on the CXF Client. > > java.security.NoSuchAlgorithmException: Cannot find any provider > supporting RSA/NONE/PKCS1PADDING I did a little digging and I THINK this particular exception could be fixed with a simple change in WSS4J. If the line: cipher = Cipher.getInstance("RSA/NONE/PKCS1PADDING"); was surrounded with a try/catch that would then try: cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); I THINK it would work. Bouncycastle uses "NONE" for the mode whereas the Sun provider uses ECB. Not sure what the Sun setting for "RSA/NONE/OAEPPADDING" is. That would need to be investigated more. It would be one of: OAEPWITHMD5ANDMGF1PADDING, OAEPWITHSHA1ANDMGF1PADDING, OAEPWITHSHA-1ANDMGF1PADDING, OAEPWITHSHA-256ANDMGF1PADDING, OAEPWITHSHA-384ANDMGF1PADDING, OAEPWITHSHA-512ANDMGF1PADDING but cryptography is definitely not my area. In any case, that would require you to patch WSS4J. If that's an option for you, you could give that a try. To the WSS4j folks: why is this method not calling XMLCipher.getInstance like every other cipher related thing? Should it be? Would that alone fix it? Dan > > > > > Jun 10, 2009 5:11:04 PM org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor > handleMessage > > WARNING: > > org.apache.ws.security.WSSecurityException: An unsupported signature or > encryption algorithm was used (unsupported key t > > ransport encryption algorithm: No such algorithm: > http://www.w3.org/2001/04/xmlenc#rsa-1_5); nested exception is: > > java.security.NoSuchAlgorithmException: Cannot find any provider > supporting RSA/NONE/PKCS1PADDING > > at > org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil >.java:690) > > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E >ncryptedKeyProcessor.java:145) > > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(E >ncryptedKeyProcessor.java:107) > > at > org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encrypte >dKeyProcessor.java:87) > > > > thanks and regards, > > Bharath -- Daniel Kulp [email protected] http://www.dankulp.com/blog
