Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-420

In IVSplittingOutputStream support use of GCMParameterSpec for AES GCM modes

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • Java 2.0.5
    • Java
    • None

    Description

      The same issue described in https://issues.apache.org/jira/browse/SANTUARIO-392 affects org.apache.xml.security.stax.impl.util.IVSplittingOutputStream .
      We need to build javax.crypto.spec.GCMParameterSpec instances when running on JDK8 without BouncyCastle.

      2015-05-13 12:01:04,017 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-13) Interceptor for {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: java.io.IOException: java.security.InvalidAlgorithmParameterException: Unsupported parameter: javax.crypto.spec.IvParameterSpec@182af62f
	at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:65)
	at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:37)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) [cxf-core.jar:3.0.5]
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core.jar:3.0.5]
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:111)
	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:136)
	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
	at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
	at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) [jbossws-spi.jar:3.0.0.Final]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) [undertow-core-1.1.0.Final.jar:1.1.0.Final]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_31]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_31]
	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_31]
Caused by: javax.xml.stream.XMLStreamException: java.io.IOException: java.security.InvalidAlgorithmParameterException: Unsupported parameter: javax.crypto.spec.IvParameterSpec@182af62f
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.testAndThrowUncaughtException(AbstractDecryptInputProcessor.java:699)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.processEvent(AbstractDecryptInputProcessor.java:607)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.processNextEvent(AbstractDecryptInputProcessor.java:601)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processEvent(AbstractDecryptInputProcessor.java:295)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processNextEvent(AbstractDecryptInputProcessor.java:144)
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor.processNextEvent(AbstractSignatureReferenceVerifyInputProcessor.java:149)
	at org.apache.wss4j.stax.impl.processor.input.WSSSignatureReferenceVerifyInputProcessor.processNextEvent(WSSSignatureReferenceVerifyInputProcessor.java:254) [wss4j-ws-security-stax.jar:2.0.4]
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor$InternalSignatureReferenceVerifier.processNextEvent(AbstractSignatureReferenceVerifyInputProcessor.java:419)
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.wss4j.stax.impl.processor.input.OperationInputProcessor.processNextEvent(OperationInputProcessor.java:57) [wss4j-ws-security-stax.jar:2.0.4]
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.wss4j.policy.stax.PolicyInputProcessor.processNextEvent(PolicyInputProcessor.java:104) [wss4j-ws-security-policy-stax.jar:2.0.4]
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.xml.security.stax.impl.XMLSecurityStreamReader.next(XMLSecurityStreamReader.java:78)
	at org.apache.wss4j.stax.impl.WSSecurityStreamReader.next(WSSecurityStreamReader.java:45) [wss4j-ws-security-stax.jar:2.0.4]
	at javax.xml.stream.util.StreamReaderDelegate.next(StreamReaderDelegate.java:88) [rt.jar:1.8.0_31]
	at org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor$1.next(WSS4JStaxInInterceptor.java:155)
	at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:59)
	... 39 more
Caused by: java.io.IOException: java.security.InvalidAlgorithmParameterException: Unsupported parameter: javax.crypto.spec.IvParameterSpec@182af62f
	at org.apache.xml.security.stax.impl.util.IVSplittingOutputStream.initializeCipher(IVSplittingOutputStream.java:72)
	at org.apache.xml.security.stax.impl.util.IVSplittingOutputStream.write(IVSplittingOutputStream.java:101)
	at org.apache.xml.security.stax.impl.util.ReplaceableOuputStream.write(ReplaceableOuputStream.java:53)
	at org.apache.commons.codec.binary.BaseNCodecOutputStream.flush(BaseNCodecOutputStream.java:116)
	at org.apache.commons.codec.binary.BaseNCodecOutputStream.write(BaseNCodecOutputStream.java:97)
	at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221) [rt.jar:1.8.0_31]
	at sun.nio.cs.StreamEncoder.implClose(StreamEncoder.java:316) [rt.jar:1.8.0_31]
	at sun.nio.cs.StreamEncoder.close(StreamEncoder.java:149) [rt.jar:1.8.0_31]
	at java.io.OutputStreamWriter.close(OutputStreamWriter.java:233) [rt.jar:1.8.0_31]
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$DecryptionThread.run(AbstractDecryptInputProcessor.java:814)
	... 1 more
Caused by: java.security.InvalidAlgorithmParameterException: Unsupported parameter: javax.crypto.spec.IvParameterSpec@182af62f
	at com.sun.crypto.provider.CipherCore.init(CipherCore.java:509) [sunjce_provider.jar:1.8.0_20]
	at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:339) [sunjce_provider.jar:1.8.0_20]
	at javax.crypto.Cipher.implInit(Cipher.java:801) [jce.jar:1.8.0_25]
	at javax.crypto.Cipher.chooseProvider(Cipher.java:859) [jce.jar:1.8.0_25]
	at javax.crypto.Cipher.init(Cipher.java:1370) [jce.jar:1.8.0_25]
	at javax.crypto.Cipher.init(Cipher.java:1301) [jce.jar:1.8.0_25]
	at org.apache.xml.security.stax.impl.util.IVSplittingOutputStream.initializeCipher(IVSplittingOutputStream.java:68)
	... 10 more

      Attachments

        1. SANTUARIO-420.diff
          11 kB
          Alessio Soldano

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. SANTUARIO-392 In XMLCipher support use of GCMParameterSpec for AES GCM modes

          • Major - Major loss of function.
          • Closed

          Activity

            People

              coheigea Colm O hEigeartaigh
              asoldano Alessio Soldano
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: