ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacobo Fernandez (JIRA)" <>
Subject [jira] [Created] (WSS-574) IllegalArgumentException thrown in WSSecEncryptedKey due to incorrect keyAlgorithm
Date Thu, 10 Mar 2016 14:41:40 GMT
Jacobo Fernandez created WSS-574:

             Summary: IllegalArgumentException thrown in WSSecEncryptedKey due to incorrect
                 Key: WSS-574
             Project: WSS4J
          Issue Type: Bug
          Components: WSS4J Core
         Environment: Windows 7 64 bit, java jdk 7.0_79, wss4j 1.6.18
            Reporter: Jacobo Fernandez
            Assignee: Colm O hEigeartaigh

This is hard to explain to me because I'm not expert in WSS, but this is what I found:

In {{WSSecEncryptedKey.prepareInternal}}, when {{WSSecurityUtil.getCipherInstance(keyEncAlgo)}}
is called, and {{keyEncAlgo}} value is {{WSConstants.KEYTRANSPORT_RSAOEP}}, the {{JCEMapper.translateURItoJCEID(cipherAlgo)}}
is returning (in my case) {{"RSA/ECB/OAEPPadding"}}. Then, oaepParameterSpec is not null and
it leads to the else, where it calls to {{cipher.init(Cipher.WRAP_MODE, remoteCert.getPublicKey(),
oaepParameterSpec)}}. This method call throws the following exception:

{{Caused by: java.lang.IllegalArgumentException: unknown parameter type.}}
	{{at org.bouncycastle.jce.provider.JCERSACipher.engineInit(Unknown Source)}}
	{{at javax.crypto.Cipher.implInit(}}
	{{at javax.crypto.Cipher.chooseProvider(}}
	{{at javax.crypto.Cipher.init(}}
	{{at javax.crypto.Cipher.init(}}

If I modify the first lines of {{getCipherInstance}} to this:

	public static Cipher getCipherInstance(String cipherAlgo)
			throws WSSecurityException {
		try {
			String keyAlgorithm = JCEMapper.translateURItoJCEID(cipherAlgo);
            if (WSConstants.KEYTRANSPORT_RSAOEP.equals(cipherAlgo)) {
				try {
					return Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
				} catch (Exception e) {
					throw new WSSecurityException(
						WSSecurityException.UNSUPPORTED_ALGORITHM, "unsupportedKeyTransp",
                        new Object[] { "No such algorithm: " + cipherAlgo }, e);
            String provider = JCEMapper.getProviderId();
            if (provider == null) {
                return Cipher.getInstance(keyAlgorithm);

it works. Don't know if this is a problem with the JCEMapper or wss4j itself.

Sorry for the bad explanation. Hope it helps.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message