The code has already changed a good bit in this area. WSS4J 2.1.5 should be available fairly soon. Perhaps you could grab the latest source(s) and build them to see if it works?
Colm. On Mon, Mar 14, 2016 at 7:06 AM, Stefan Müller <mueller.stefa...@gmail.com> wrote: > Hi, > > first of all, I know there are some jira tickets about this bug and they > are closed but we already use the fixed versions of the corresponding > libraries. > > In our project we use the following libraries: > apache wss4j 2.1.3 > bouncycaste 1.51 > apache santuario 2.0.5 > > > Our test setup consists of two instances of our product. When we send a > gcm encrypted webservice request from "Instance A" to "Instance B" we get > the following exception is thrown: > > org.apache.wss4j.common.ext.WSSecurityException: > java.security.InvalidAlgorithmParameterException: Unsupported parameter: > javax.crypto.spec.IvParameterSpec > > This occurs only on when decrypting the message and only on java 8 > (1.8.0_73), on java7 everything works as expected. > > This is our policy file (not mentioend in this file: RSA_SHA256 as our > "signatureMethod"): > <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy"; > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > xmlns:sp13=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"; > wsu:Id="testpolicy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:AsymmetricBinding> > <wsp:Policy> > <sp:InitiatorToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient > "> > <wsp:Policy> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:InitiatorToken> > <sp:RecipientToken> > <wsp:Policy> > <sp:X509Token > sp:IncludeToken=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > "> > <wsp:Policy> > <sp:WssX509V3Token10/> > </wsp:Policy> > </sp:X509Token> > </wsp:Policy> > </sp:RecipientToken> > <sp:Layout> > <wsp:Policy> > <sp:Strict/> > </wsp:Policy> > </sp:Layout> > <sp:OnlySignEntireHeadersAndBody/> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp-cxf:Basic128GCMSha256 xmlns:sp-cxf=" > http://custom/security-policy"/> > </wsp:Policy> > </sp:AlgorithmSuite> > </wsp:Policy> > </sp:AsymmetricBinding> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts> > <sp:Body/> > <sp:Header Namespace=" > http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"; > Name="Messaging"/> > <sp:Attachments> > <sp13:ContentSignatureTransform/> > </sp:Attachments> > </sp:SignedParts> > <sp:EncryptedParts> > <sp:Attachments/> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > The stacktrace: > > org.apache.cxf.binding.soap.SoapFault: A security error was encountered > when verifying the message at > org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:218) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184) > at > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:78) > at > org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor.handleMessage(PolicyBasedWSS4JInInterceptor.java:65) > at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) > at > org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) > at > org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251) > at > org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) > at > org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) > at > org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293) > at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) at > org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:155) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1527) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1484) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) Caused by: > org.apache.wss4j.common.ext.WSSecurityException: > java.security.InvalidAlgorithmParameterException: Unsupported parameter: > javax.crypto.spec.IvParameterSpec@70a858b3 Original Exception was > java.io.IOException: java.security.InvalidAlgorithmParameterException: > Unsupported parameter: javax.crypto.spec.IvParameterSpec@70a858b3 at > org.apache.wss4j.dom.util.EncryptionUtils.decryptAttachment(EncryptionUtils.java:319) > at > org.apache.wss4j.dom.util.EncryptionUtils.decryptEncryptedData(EncryptionUtils.java:137) > at > org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:550) > at > org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:481) > at > org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:199) > at > org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:76) > at > org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:429) > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:280) > ... 68 more Caused by: java.io.IOException: > java.security.InvalidAlgorithmParameterException: Unsupported parameter: > javax.crypto.spec.IvParameterSpec@70a858b3 at > org.apache.wss4j.common.util.AttachmentUtils$1.initCipher(AttachmentUtils.java:502) > at > org.apache.wss4j.common.util.AttachmentUtils$1.read(AttachmentUtils.java:509) > at > org.apache.wss4j.common.util.AttachmentUtils.readAndReplaceEncryptedAttachmentHeaders(AttachmentUtils.java:440) > at > org.apache.wss4j.dom.util.EncryptionUtils.decryptAttachment(EncryptionUtils.java:308) > ... 75 more Caused by: java.security.InvalidAlgorithmParameterException: > Unsupported parameter: javax.crypto.spec.IvParameterSpec@70a858b3 at > com.sun.crypto.provider.CipherCore.init(CipherCore.java:509) at > com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:339) at > javax.crypto.Cipher.init(Cipher.java:1394) at > javax.crypto.Cipher.init(Cipher.java:1327) at > org.apache.wss4j.common.util.AttachmentUtils$1.initCipher(AttachmentUtils.java:500) > ... 78 more > > The soap request is also available. Just let me know if you need it. > > > > Greets > Stefan > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
