We have a multi-threaded program that uses Axis and WSS4J to send encrypted messages to a web service and decrypts the contents as they are received.
We intermittently faced the below exception - like 10 out of 5000 requests. Typical number of threads running are 10, pumping 10 messages per second. As you can see, the problem is happening while decrypting the response.
We intermittently faced the below exception - like 10 out of 5000 requests. Typical number of threads running are 10, pumping 10 messages per second. As you can see, the problem is happening while decrypting the response.
I was looking into the source code of WSS4J and realized that it could be because of
a. the way session/symmetric key is stored in WSSecEngine
b. the fact that reference to WSSecEngine is actually a static final variable in WSDoAllReceiver.
Apparently, all instances of WSDoAllReceiver use the same instance of WSSecEngine to do encryption and decryption. And within WSSecEngine, the symmetric key is a global variable, so different method invocations to decrypt data will overwrite each other's symmetric key.
Is this assessment correct? Is this really a bug?
thanks,a. the way session/symmetric key is stored in WSSecEngine
b. the fact that reference to WSSecEngine is actually a static final variable in WSDoAllReceiver.
Apparently, all instances of WSDoAllReceiver use the same instance of WSSecEngine to do encryption and decryption. And within WSSecEngine, the symmetric key is a global variable, so different method invocations to decrypt data will overwrite each other's symmetric key.
Is this assessment correct? Is this really a bug?
Samrat
Exception is
org.apache.ws.security.WSSecurityException: Error Class: org.apache.ws.security.WSSecurityException
Cannot encrypt/decrypt data; nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block corrupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; nested exception is:
org.apache.xml.security.encryption.XMLEncryptionException: pad block corrupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.ws.security.WSSecurityEngine.decryptDataRef(WSSecurityEngine.java:1226)
at org.apache.ws.security.WSSecurityEngine.handleEncryptedKey (WSSecurityEngine.java:1171)
at org.apache.ws.security.WSSecurityEngine.handleEncryptedKey(WSSecurityEngine.java:926)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java :349)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:156)
at org.apache.axis.strategies.InvocationStrategy.visit (InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke (AxisClient.java:190)
at org.apache.axis.client.Call.invokeEngine(Call.java:2765)
at org.apache.axis.client.Call.invoke(Call.java:2748)
at org.apache.axis.client.Call.invoke(Call.java:2424)
at org.apache.axis.client.Call.invoke(Call.java:2347)
at org.apache.axis.client.Call.invoke(Call.java:1804)
....
....
Caused by: org.apache.xml.security.encryption.XMLEncryptionException : pad block corrupted
Original Exception was javax.crypto.BadPaddingException: pad block corrupted
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptElement (Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown Source)
at org.apache.ws.security.WSSecurityEngine.decryptDataRef (WSSecurityEngine.java:1224)
... 17 more
