The problem is that you are calling the "prepare" method of WSSecEncrypt
and not WSSecEncryptedKey, the latter which sets up the ephemeral key. Take
a look at some of the WSS4J unit tests for key derivation.
Colm.
On Wed, Mar 16, 2016 at 8:32 PM, Eaton, Jason <jea...@visa.com> wrote:
> Thanks for the reply Colm. Which I found on google not from this list. Any
> case, the answer is yes, the call to getEphemeralKey is returning null.
>
>
>
> A question, what version of Bouncy Castle does 1.5 Wss4J need or does it
> not need that at all.
>
>
>
> Thanks.
>
>
>
> *From:* Eaton, Jason
> *Sent:* Tuesday, March 15, 2016 7:20 PM
> *To:* users@ws.apache.org
> *Subject:* Wss4j 1.5.0 - Key Derivation Exception
>
>
>
> Hello All.
>
>
>
> Hopefully a simple question. We are running wss4j 1.5.0 and are trying the
> signature encryption calls/builder. With the below java calls we are
> receiving the stack trace shown. Has anybody got a quick answer for me or
> seen this before? I looked into the bug database and did not see the issue.
> Also there was no information in the release notes.
>
>
>
> Thanks.
>
>
>
> WSSecHeader secHeader = *new *WSSecHeader();
> secHeader.insertSecurityHeader(workingDocument);
>
>
> *//EncryptedKey *WSSecEncrypt encrKeyBuilder = *new *WSSecEncrypt();
> encrKeyBuilder.setUserInfo(recipient.getName());
> encrKeyBuilder.setKeyIdentifierType(WSConstants.*X509_KEY_IDENTIFIER*);
>
> *//encrKeyBuilder.setKeyEnc(WSConstants.KEYTRANSPORT_RSAOEP); **try *{
> encrKeyBuilder.prepare(workingDocument, *localKeyStoreHandler*);
> } *catch *(WSSecurityException e) {
> *throw new *SecuritySystemException(e.getMessage(), e);
> }
>
>
> *//Key information from the EncryptedKey **byte*[] ek =
> encrKeyBuilder.getEphemeralKey();
> String tokenIdentifier = encrKeyBuilder.getId();
>
> WSSecSignature sign = *new *WSSecSignature();
> sign.setUserInfo(sender.getName(), sender.getName());
> sign.setSignatureAlgorithm(XMLSignature.*ALGO_ID_SIGNATURE_RSA_SHA256*);
> sign.setKeyIdentifierType(WSConstants.*BST_DIRECT_REFERENCE*);
> Document signedDoc = *null*;
> *try *{
> signedDoc = sign.build(workingDocument, *localKeyStoreHandler*,
> secHeader);
> } *catch *(WSSecurityException e) {
> *throw new *SecuritySystemException(e.getMessage(), e);
> }
>
> WSSecDKEncrypt encrBuilder = *new *WSSecDKEncrypt();
> encrBuilder.setSymmetricEncAlgorithm(WSConstants.*AES_128*);
> encrBuilder.setExternalKey(ek, tokenIdentifier);
> Document signedEncryptedDoc = *null*;
> *try *{
> signedEncryptedDoc = encrBuilder.build(signedDoc,
> *localKeyStoreHandler*, secHeader);
> } *catch *(WSSecurityException e) {
> *throw new *SecuritySystemException(e.getMessage(), e);
> }
>
> encrKeyBuilder.prependToHeader(secHeader);
> encrKeyBuilder.prependBSTElementToHeader(secHeader);
>
>
>
>
>
> com.cybersource.security.exception.SecuritySystemException: Security Data
> : Key Derivation : P_SHA-1: Missing argument
>
> at
> com.cybersource.nta.ws.SignedAndEncryptedMessageHandler.handleMessageCreation(SignedAndEncryptedMessageHandler.java:114)
>
> at
> com.cybersource.nta.ws.SignedAndEncryptedMessageHandlerTest.testIsDocEncrypted(SignedAndEncryptedMessageHandlerTest.java:83)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
>
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
>
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
>
> at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
>
> at
> org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
>
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
>
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
>
> at
> org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
>
> at
> org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
>
> at
> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
>
> at
> org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
>
> at
> org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
>
> at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
>
> at org.junit.runners.Suite.runChild(Suite.java:128)
>
> at org.junit.runners.Suite.runChild(Suite.java:24)
>
> at
> org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
>
> at
> org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
>
> at
> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
>
> at
> org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
>
> at
> org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
>
> at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
>
> at org.junit.runner.JUnitCore.run(JUnitCore.java:157)
>
> at
> com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:78)
>
> at
> com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:212)
>
> at
> com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:68)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> com.intellij.rt.execution.application.AppMain.main(AppMain.java:140)
>
> Caused by: org.apache.ws.security.conversation.ConversationException: Key
> Derivation : P_SHA-1: Missing argument
>
> at
> org.apache.ws.security.conversation.dkalgo.P_SHA1.createKey(P_SHA1.java:65)
>
> at
> org.apache.ws.security.message.WSSecDerivedKeyBase.prepare(WSSecDerivedKeyBase.java:172)
>
> at
> org.apache.ws.security.message.WSSecDKEncrypt.build(WSSecDKEncrypt.java:56)
>
> at
> com.cybersource.nta.ws.SignedAndEncryptedMessageHandler.handleMessageCreation(SignedAndEncryptedMessageHandler.java:112)
>
> ... 35 more
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
