You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by Anthony Bargnesi <ab...@gmail.com> on 2009/07/20 13:01:19 UTC
Encryption Algorithm causes NullPointerException in WSS4j
Hello,
I am trying to encrypt a cxf web-service request using the RSA-OAEP
algorithm because it is required on the endpoint side (Microsoft). I
provide the "encryptionSymAlgorithm" as the corresponding URI (
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) and set the
"org.apache.ws.security.crypto.provider" to
org.apache.ws.security.components.crypto.Merlin. I am using the latest
WSS4j, version 1.5.7.
The first issue I received was a NullPointerException in WSSecEncrypt.java
trying to use a KeyGenerator that was null. It seems like this was a bug
that Dan Kulp triaged in the post:
http://www.nabble.com/Re:-WS-Security-RSA-Excrytion-exception..-td23974303.html
I have checked out trunk which is building the latest 1.6 SNAPSHOT since I
noticed that a fix to WSSecEncrypt.java, to use a JCEMapper, was applied.
The problem is that once I build the trunk version of wss4j (using java
1.6), I am missing the Merlin provider so I'm not sure what to use for the
"org.apache.ws.security.crypto.provider" property.
How do I use the crypto provider under Java 1.6?
Also, I've noticed that I would have to recompile CXF to work with the trunk
version of WSS4j (Vector -> List type change). Am I going down the right
path to make WSS4j work with RSA-OAEP?
Thanks in advance,
Tony
Re: Encryption Algorithm causes NullPointerException in WSS4j
Posted by Anthony Bargnesi <ab...@gmail.com>.
Colm
You're right. I noticed that RSA wasn't valid for the KeyGenerator when
looking over the JCE provider documentation. I was using the algorithm URI
in the wrong place.
Thanks again,
Tony
On Tue, Jul 21, 2009 at 5:40 AM, Colm O hEigeartaigh
<co...@progress.com>wrote:
>
>
> I had a look at your original mail again. The problem is that the URI
> you’re using is not a valid URI for the symmetric encryption algorithm, as
> RSA is not a symmetric algorithm. It IS a valid value for
> WSSecEncrypt.setKeyEnc(…) though, which specifies the algorithm to use to
> encrypt the symmetric key. The URI supplied to
> WSSecEncrypt.setSymmetricEncAlgorithm(…) must correspond to a symmetric
> algorithm such as AES or 3DES.
>
>
>
> Colm.
>
>
> ------------------------------
>
> *From:* Anthony Bargnesi [mailto:abargnesi@gmail.com]
> *Sent:* 20 July 2009 21:51
> *To:* Colm O hEigeartaigh
> *Cc:* wss4j-dev@ws.apache.org
> *Subject:* Re: Encryption Algorithm causes NullPointerException in WSS4j
>
>
>
> Colm,
>
> I build the 1.5.8 snapshot with your ported fix and re-ran. Now the
> algorithm "RSA" is pulled from:
>
> JCEMapper.getJCEKeyAlgorithmFromURI(<URI>);
>
>
> given the URI: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
>
> But this algorithm doesn't seem to be available from withint JDK 1.6.0_07
> so it yields the following exception:
>
> Caused by: java.security.NoSuchAlgorithmException: RSA KeyGenerator not
> available
> at javax.crypto.KeyGenerator.<init>(DashoA13*..)
> at javax.crypto.KeyGenerator.getInstance(DashoA13*..)
>
> Is this a problem with the JDK install or dependencies on wss4j?
>
> Thanks again,
> Tony
>
>
>
> On Mon, Jul 20, 2009 at 7:50 AM, Anthony Bargnesi <ab...@gmail.com>
> wrote:
>
> Colm,
>
> This makes sense as I didn't see it on the fix branch before. I will give
> it a shot and let you know.
>
> Thank you,
> Tony
>
>
>
> On Mon, Jul 20, 2009 at 7:30 AM, Colm O hEigeartaigh <
> coheigea@progress.com> wrote:
>
> Hi Anthony,
>
>
>
> CXF is currently using artifacts built off the 1_5_x-fixes branch, not
> trunk:
>
>
>
> http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/
>
>
>
> Looks like I forgot to backport the fix to WSSecEncrypt to use
> JCEMapper…I’ve just commited it, so feel free to try again (on the
> 1_5_x-fixes branch) and let me know if it works!
>
>
>
> Colm.
>
>
>
>
> ------------------------------
>
> *From:* Anthony Bargnesi [mailto:abargnesi@gmail.com]
> *Sent:* 20 July 2009 12:01
> *To:* wss4j-dev@ws.apache.org
> *Subject:* Encryption Algorithm causes NullPointerException in WSS4j
>
>
>
> Hello,
>
> I am trying to encrypt a cxf web-service request using the RSA-OAEP
> algorithm because it is required on the endpoint side (Microsoft). I
> provide the "encryptionSymAlgorithm" as the corresponding URI (
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) and set the
> "org.apache.ws.security.crypto.provider" to
> org.apache.ws.security.components.crypto.Merlin. I am using the latest
> WSS4j, version 1.5.7.
>
> The first issue I received was a NullPointerException in WSSecEncrypt.java
> trying to use a KeyGenerator that was null. It seems like this was a bug
> that Dan Kulp triaged in the post:
>
>
> http://www.nabble.com/Re:-WS-Security-RSA-Excrytion-exception..-td23974303.html
>
>
> I have checked out trunk which is building the latest 1.6 SNAPSHOT since I
> noticed that a fix to WSSecEncrypt.java, to use a JCEMapper, was applied.
> The problem is that once I build the trunk version of wss4j (using java
> 1.6), I am missing the Merlin provider so I'm not sure what to use for the
> "org.apache.ws.security.crypto.provider" property.
>
> How do I use the crypto provider under Java 1.6?
>
> Also, I've noticed that I would have to recompile CXF to work with the
> trunk version of WSS4j (Vector -> List type change). Am I going down the
> right path to make WSS4j work with RSA-OAEP?
>
> Thanks in advance,
> Tony
>
>
>
>
>
RE: Encryption Algorithm causes NullPointerException in WSS4j
Posted by Colm O hEigeartaigh <co...@progress.com>.
I had a look at your original mail again. The problem is that the URI
you're using is not a valid URI for the symmetric encryption algorithm,
as RSA is not a symmetric algorithm. It IS a valid value for
WSSecEncrypt.setKeyEnc(...) though, which specifies the algorithm to use
to encrypt the symmetric key. The URI supplied to
WSSecEncrypt.setSymmetricEncAlgorithm(...) must correspond to a
symmetric algorithm such as AES or 3DES.
Colm.
________________________________
From: Anthony Bargnesi [mailto:abargnesi@gmail.com]
Sent: 20 July 2009 21:51
To: Colm O hEigeartaigh
Cc: wss4j-dev@ws.apache.org
Subject: Re: Encryption Algorithm causes NullPointerException in WSS4j
Colm,
I build the 1.5.8 snapshot with your ported fix and re-ran. Now the
algorithm "RSA" is pulled from:
JCEMapper.getJCEKeyAlgorithmFromURI(<URI>);
given the URI: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
But this algorithm doesn't seem to be available from withint JDK
1.6.0_07 so it yields the following exception:
Caused by: java.security.NoSuchAlgorithmException: RSA KeyGenerator not
available
at javax.crypto.KeyGenerator.<init>(DashoA13*..)
at javax.crypto.KeyGenerator.getInstance(DashoA13*..)
Is this a problem with the JDK install or dependencies on wss4j?
Thanks again,
Tony
On Mon, Jul 20, 2009 at 7:50 AM, Anthony Bargnesi <ab...@gmail.com>
wrote:
Colm,
This makes sense as I didn't see it on the fix branch before. I will
give it a shot and let you know.
Thank you,
Tony
On Mon, Jul 20, 2009 at 7:30 AM, Colm O hEigeartaigh
<co...@progress.com> wrote:
Hi Anthony,
CXF is currently using artifacts built off the 1_5_x-fixes branch, not
trunk:
http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/
Looks like I forgot to backport the fix to WSSecEncrypt to use
JCEMapper...I've just commited it, so feel free to try again (on the
1_5_x-fixes branch) and let me know if it works!
Colm.
________________________________
From: Anthony Bargnesi [mailto:abargnesi@gmail.com]
Sent: 20 July 2009 12:01
To: wss4j-dev@ws.apache.org
Subject: Encryption Algorithm causes NullPointerException in WSS4j
Hello,
I am trying to encrypt a cxf web-service request using the RSA-OAEP
algorithm because it is required on the endpoint side (Microsoft). I
provide the "encryptionSymAlgorithm" as the corresponding URI
(http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) and set the
"org.apache.ws.security.crypto.provider" to
org.apache.ws.security.components.crypto.Merlin. I am using the latest
WSS4j, version 1.5.7.
The first issue I received was a NullPointerException in
WSSecEncrypt.java trying to use a KeyGenerator that was null. It seems
like this was a bug that Dan Kulp triaged in the post:
http://www.nabble.com/Re:-WS-Security-RSA-Excrytion-exception..-td239743
03.html
I have checked out trunk which is building the latest 1.6 SNAPSHOT since
I noticed that a fix to WSSecEncrypt.java, to use a JCEMapper, was
applied. The problem is that once I build the trunk version of wss4j
(using java 1.6), I am missing the Merlin provider so I'm not sure what
to use for the "org.apache.ws.security.crypto.provider" property.
How do I use the crypto provider under Java 1.6?
Also, I've noticed that I would have to recompile CXF to work with the
trunk version of WSS4j (Vector -> List type change). Am I going down
the right path to make WSS4j work with RSA-OAEP?
Thanks in advance,
Tony
Re: Encryption Algorithm causes NullPointerException in WSS4j
Posted by Anthony Bargnesi <ab...@gmail.com>.
Colm,
I build the 1.5.8 snapshot with your ported fix and re-ran. Now the
algorithm "RSA" is pulled from:
JCEMapper.getJCEKeyAlgorithmFromURI(<URI>);
given the URI: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
But this algorithm doesn't seem to be available from withint JDK 1.6.0_07 so
it yields the following exception:
Caused by: java.security.NoSuchAlgorithmException: RSA KeyGenerator not
available
at javax.crypto.KeyGenerator.<init>(DashoA13*..)
at javax.crypto.KeyGenerator.getInstance(DashoA13*..)
Is this a problem with the JDK install or dependencies on wss4j?
Thanks again,
Tony
On Mon, Jul 20, 2009 at 7:50 AM, Anthony Bargnesi <ab...@gmail.com>wrote:
> Colm,
>
> This makes sense as I didn't see it on the fix branch before. I will give
> it a shot and let you know.
>
> Thank you,
> Tony
>
>
> On Mon, Jul 20, 2009 at 7:30 AM, Colm O hEigeartaigh <
> coheigea@progress.com> wrote:
>
>> Hi Anthony,
>>
>>
>>
>> CXF is currently using artifacts built off the 1_5_x-fixes branch, not
>> trunk:
>>
>>
>>
>> http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/
>>
>>
>>
>> Looks like I forgot to backport the fix to WSSecEncrypt to use
>> JCEMapper…I’ve just commited it, so feel free to try again (on the
>> 1_5_x-fixes branch) and let me know if it works!
>>
>>
>>
>> Colm.
>>
>>
>>
>>
>> ------------------------------
>>
>> *From:* Anthony Bargnesi [mailto:abargnesi@gmail.com]
>> *Sent:* 20 July 2009 12:01
>> *To:* wss4j-dev@ws.apache.org
>> *Subject:* Encryption Algorithm causes NullPointerException in WSS4j
>>
>>
>>
>> Hello,
>>
>> I am trying to encrypt a cxf web-service request using the RSA-OAEP
>> algorithm because it is required on the endpoint side (Microsoft). I
>> provide the "encryptionSymAlgorithm" as the corresponding URI (
>> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) and set the
>> "org.apache.ws.security.crypto.provider" to
>> org.apache.ws.security.components.crypto.Merlin. I am using the latest
>> WSS4j, version 1.5.7.
>>
>> The first issue I received was a NullPointerException in WSSecEncrypt.java
>> trying to use a KeyGenerator that was null. It seems like this was a bug
>> that Dan Kulp triaged in the post:
>>
>>
>> http://www.nabble.com/Re:-WS-Security-RSA-Excrytion-exception..-td23974303.html
>>
>>
>> I have checked out trunk which is building the latest 1.6 SNAPSHOT since I
>> noticed that a fix to WSSecEncrypt.java, to use a JCEMapper, was applied.
>> The problem is that once I build the trunk version of wss4j (using java
>> 1.6), I am missing the Merlin provider so I'm not sure what to use for the
>> "org.apache.ws.security.crypto.provider" property.
>>
>> How do I use the crypto provider under Java 1.6?
>>
>> Also, I've noticed that I would have to recompile CXF to work with the
>> trunk version of WSS4j (Vector -> List type change). Am I going down the
>> right path to make WSS4j work with RSA-OAEP?
>>
>> Thanks in advance,
>> Tony
>>
>
>
Re: Encryption Algorithm causes NullPointerException in WSS4j
Posted by Anthony Bargnesi <ab...@gmail.com>.
Colm,
This makes sense as I didn't see it on the fix branch before. I will give
it a shot and let you know.
Thank you,
Tony
On Mon, Jul 20, 2009 at 7:30 AM, Colm O hEigeartaigh
<co...@progress.com>wrote:
> Hi Anthony,
>
>
>
> CXF is currently using artifacts built off the 1_5_x-fixes branch, not
> trunk:
>
>
>
> http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/
>
>
>
> Looks like I forgot to backport the fix to WSSecEncrypt to use
> JCEMapper…I’ve just commited it, so feel free to try again (on the
> 1_5_x-fixes branch) and let me know if it works!
>
>
>
> Colm.
>
>
>
>
> ------------------------------
>
> *From:* Anthony Bargnesi [mailto:abargnesi@gmail.com]
> *Sent:* 20 July 2009 12:01
> *To:* wss4j-dev@ws.apache.org
> *Subject:* Encryption Algorithm causes NullPointerException in WSS4j
>
>
>
> Hello,
>
> I am trying to encrypt a cxf web-service request using the RSA-OAEP
> algorithm because it is required on the endpoint side (Microsoft). I
> provide the "encryptionSymAlgorithm" as the corresponding URI (
> http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) and set the
> "org.apache.ws.security.crypto.provider" to
> org.apache.ws.security.components.crypto.Merlin. I am using the latest
> WSS4j, version 1.5.7.
>
> The first issue I received was a NullPointerException in WSSecEncrypt.java
> trying to use a KeyGenerator that was null. It seems like this was a bug
> that Dan Kulp triaged in the post:
>
>
> http://www.nabble.com/Re:-WS-Security-RSA-Excrytion-exception..-td23974303.html
>
>
> I have checked out trunk which is building the latest 1.6 SNAPSHOT since I
> noticed that a fix to WSSecEncrypt.java, to use a JCEMapper, was applied.
> The problem is that once I build the trunk version of wss4j (using java
> 1.6), I am missing the Merlin provider so I'm not sure what to use for the
> "org.apache.ws.security.crypto.provider" property.
>
> How do I use the crypto provider under Java 1.6?
>
> Also, I've noticed that I would have to recompile CXF to work with the
> trunk version of WSS4j (Vector -> List type change). Am I going down the
> right path to make WSS4j work with RSA-OAEP?
>
> Thanks in advance,
> Tony
>
RE: Encryption Algorithm causes NullPointerException in WSS4j
Posted by Colm O hEigeartaigh <co...@progress.com>.
Hi Anthony,
CXF is currently using artifacts built off the 1_5_x-fixes branch, not
trunk:
http://svn.apache.org/repos/asf/webservices/wss4j/branches/1_5_x-fixes/
Looks like I forgot to backport the fix to WSSecEncrypt to use
JCEMapper...I've just commited it, so feel free to try again (on the
1_5_x-fixes branch) and let me know if it works!
Colm.
________________________________
From: Anthony Bargnesi [mailto:abargnesi@gmail.com]
Sent: 20 July 2009 12:01
To: wss4j-dev@ws.apache.org
Subject: Encryption Algorithm causes NullPointerException in WSS4j
Hello,
I am trying to encrypt a cxf web-service request using the RSA-OAEP
algorithm because it is required on the endpoint side (Microsoft). I
provide the "encryptionSymAlgorithm" as the corresponding URI
(http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p) and set the
"org.apache.ws.security.crypto.provider" to
org.apache.ws.security.components.crypto.Merlin. I am using the latest
WSS4j, version 1.5.7.
The first issue I received was a NullPointerException in
WSSecEncrypt.java trying to use a KeyGenerator that was null. It seems
like this was a bug that Dan Kulp triaged in the post:
http://www.nabble.com/Re:-WS-Security-RSA-Excrytion-exception..-td239743
03.html
I have checked out trunk which is building the latest 1.6 SNAPSHOT since
I noticed that a fix to WSSecEncrypt.java, to use a JCEMapper, was
applied. The problem is that once I build the trunk version of wss4j
(using java 1.6), I am missing the Merlin provider so I'm not sure what
to use for the "org.apache.ws.security.crypto.provider" property.
How do I use the crypto provider under Java 1.6?
Also, I've noticed that I would have to recompile CXF to work with the
trunk version of WSS4j (Vector -> List type change). Am I going down
the right path to make WSS4j work with RSA-OAEP?
Thanks in advance,
Tony