Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-574

IllegalArgumentException thrown in WSSecEncryptedKey due to incorrect keyAlgorithm

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: WSS4J Core
    • Labels:
      None
    • Environment:
      Windows 7 64 bit, java jdk 7.0_79, wss4j 1.6.18

      Description

      This is hard to explain to me because I'm not expert in WSS, but this is what I found:

      In WSSecEncryptedKey.prepareInternal, when WSSecurityUtil.getCipherInstance(keyEncAlgo) is called, and keyEncAlgo value is WSConstants.KEYTRANSPORT_RSAOEP, the JCEMapper.translateURItoJCEID(cipherAlgo) is returning (in my case) "RSA/ECB/OAEPPadding". Then, oaepParameterSpec is not null and it leads to the else, where it calls to cipher.init(Cipher.WRAP_MODE, remoteCert.getPublicKey(), oaepParameterSpec). This method call throws the following exception:

      Caused by: java.lang.IllegalArgumentException: unknown parameter type.
      at org.bouncycastle.jce.provider.JCERSACipher.engineInit(Unknown Source)
      at javax.crypto.Cipher.implInit(Cipher.java:791)
      at javax.crypto.Cipher.chooseProvider(Cipher.java:849)
      at javax.crypto.Cipher.init(Cipher.java:1348)
      at javax.crypto.Cipher.init(Cipher.java:1282)
      at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:257)

      If I modify the first lines of getCipherInstance to this:

      public static Cipher getCipherInstance(String cipherAlgo)
      throws WSSecurityException {
      try {
      String keyAlgorithm = JCEMapper.translateURItoJCEID(cipherAlgo);
      if (WSConstants.KEYTRANSPORT_RSAOEP.equals(cipherAlgo)) {
      try

      { return Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding"); }

      catch (Exception e) {
      throw new WSSecurityException(
      WSSecurityException.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
      new Object[]

      { "No such algorithm: " + cipherAlgo }

      , e);
      }
      }
      String provider = JCEMapper.getProviderId();
      if (provider == null)

      { return Cipher.getInstance(keyAlgorithm); }

      ...

      it works. Don't know if this is a problem with the JCEMapper or wss4j itself.

      Sorry for the bad explanation. Hope it helps.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              jakinho Jacobo Fernandez
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: