Loading...

Details

Type: Bug
Resolution: Obsolete
Priority: Major
Fix Version/s: None
Affects Version/s: 7.0.1.CR2
Component/s: Web Services
Labels:
- ibm-java

Target Release:

7.2.0.GA
Steps to Reproduce:

Hide

The easiest way is to test on upstream, just be sure to use IBM JDK with unlimited cryptography:
git clone https://github.com/jbossws/jbossws-cxf.git . && git checkout jbossws-cxf-5.1.4.Final
mvn -Ptestsuite,hudson,wildfly1000 integration-test -Dtest=SignEncryptGCMTestCase -DnoLogRedirect

Alternatively, there is a jenkins job showing this issue on EAP https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EAP7/view/EAP7-WS/job/eap-7x-jbossws-testsuite-rhel-public-ip/25/NETWORK_PROFILE=IPv4,jdk=ibm1.8.unlimited,label_exp=RHEL6&&!pure-ipv6/testReport/

Show
The easiest way is to test on upstream, just be sure to use IBM JDK with unlimited cryptography: git clone https://github.com/jbossws/jbossws-cxf.git . && git checkout jbossws-cxf-5.1.4.Final mvn -Ptestsuite,hudson,wildfly1000 integration-test -Dtest=SignEncryptGCMTestCase -DnoLogRedirect Alternatively, there is a jenkins job showing this issue on EAP https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EAP7/view/EAP7-WS/job/eap-7x-jbossws-testsuite-rhel-public-ip/25/NETWORK_PROFILE=IPv4,jdk=ibm1.8.unlimited,label_exp=RHEL6&&!pure-ipv6/testReport/

SFDC Cases Counter:
SFDC Cases Links:

Description

SignEncryptGCMTestCase from JBossWS testsuite is failing when the testsuite and/or server is running using IBM JDK with unlimited cryptography with main error message:

Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported

Unlimited cryptography is not required to hit the issue, it is required just for this test (one can modify the test for smaller key). Also the issue is not product specific, it is present also in upstream version.

The problem is probably somewhere in dynamic registration of BouncyCastle provider from classpath through additional interceptors; everything works fine if BouncyCastle is installed and configured directly in JDK installation (in jre/lib/ext and jre/lib/security/java.security).

Server side stacktraces

16:31:53,974 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-6) Interceptor for {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported
	at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:66)
	at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:37)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
	at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108)
	at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134)
	at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
	at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136)
	at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.lang.Thread.run(Thread.java:785)
Caused by: javax.xml.stream.XMLStreamException: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.testAndThrowUncaughtException(AbstractDecryptInputProcessor.java:701)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.processEvent(AbstractDecryptInputProcessor.java:609)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.processNextEvent(AbstractDecryptInputProcessor.java:603)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processEvent(AbstractDecryptInputProcessor.java:295)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processNextEvent(AbstractDecryptInputProcessor.java:144)
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor.processNextEvent(AbstractSignatureReferenceVerifyInputProcessor.java:148)
	at org.apache.wss4j.stax.impl.processor.input.WSSSignatureReferenceVerifyInputProcessor.processNextEvent(WSSSignatureReferenceVerifyInputProcessor.java:270)
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor$InternalSignatureReferenceVerifier.processNextEvent(AbstractSignatureReferenceVerifyInputProcessor.java:420)
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.wss4j.stax.impl.processor.input.OperationInputProcessor.processNextEvent(OperationInputProcessor.java:58)
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.wss4j.policy.stax.enforcer.PolicyInputProcessor.processNextEvent(PolicyInputProcessor.java:104)
	at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193)
	at org.apache.xml.security.stax.impl.XMLSecurityStreamReader.next(XMLSecurityStreamReader.java:78)
	at org.apache.wss4j.stax.impl.WSSecurityStreamReader.next(WSSecurityStreamReader.java:45)
	at javax.xml.stream.util.StreamReaderDelegate.next(Unknown Source)
	at org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor$1.next(WSS4JStaxInInterceptor.java:150)
	at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:59)
	... 40 more
Caused by: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported
	at com.ibm.crypto.provider.AESGCMCipherInHardware.engineUpdate(Unknown Source)
	at javax.crypto.Cipher.update(Unknown Source)
	at javax.crypto.CipherOutputStream.write(Unknown Source)
	at org.apache.xml.security.stax.impl.util.IVSplittingOutputStream.write(IVSplittingOutputStream.java:105)
	at org.apache.xml.security.stax.impl.util.ReplaceableOuputStream.write(ReplaceableOuputStream.java:53)
	at org.apache.commons.codec.binary.BaseNCodecOutputStream.flush(BaseNCodecOutputStream.java:116)
	at org.apache.commons.codec.binary.BaseNCodecOutputStream.write(BaseNCodecOutputStream.java:97)
	at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:233)
	at sun.nio.cs.StreamEncoder.implClose(StreamEncoder.java:328)
	at sun.nio.cs.StreamEncoder.close(StreamEncoder.java:161)
	at java.io.OutputStreamWriter.close(OutputStreamWriter.java:295)
	at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$DecryptionThread.run(AbstractDecryptInputProcessor.java:816)
	... 1 more

16:31:54,011 ERROR [stderr] (default task-1) javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported
16:31:54,013 ERROR [stderr] (default task-1) 	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
16:31:54,015 ERROR [stderr] (default task-1) 	at com.sun.proxy.$Proxy46.sayHello(Unknown Source)
16:31:54,017 ERROR [stderr] (default task-1) 	at org.jboss.test.ws.jaxws.samples.wsse.policy.basic.SignEncryptHelper.invoke(SignEncryptHelper.java:116)
16:31:54,018 ERROR [stderr] (default task-1) 	at org.jboss.test.ws.jaxws.samples.wsse.policy.basic.SignEncryptHelper.testSignEncryptUsingConfigProperties(SignEncryptHelper.java:98)
16:31:54,019 ERROR [stderr] (default task-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:31:54,020 ERROR [stderr] (default task-1) 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
16:31:54,020 ERROR [stderr] (default task-1) 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
16:31:54,021 ERROR [stderr] (default task-1) 	at java.lang.reflect.Method.invoke(Method.java:508)
16:31:54,021 ERROR [stderr] (default task-1) 	at org.jboss.wsf.test.TestServlet.invokeMethod(TestServlet.java:158)
16:31:54,022 ERROR [stderr] (default task-1) 	at org.jboss.wsf.test.TestServlet.doGet(TestServlet.java:95)
16:31:54,022 ERROR [stderr] (default task-1) 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
16:31:54,023 ERROR [stderr] (default task-1) 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
16:31:54,023 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
16:31:54,023 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
16:31:54,024 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
16:31:54,024 ERROR [stderr] (default task-1) 	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
16:31:54,025 ERROR [stderr] (default task-1) 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
16:31:54,025 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
16:31:54,025 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
16:31:54,026 ERROR [stderr] (default task-1) 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
16:31:54,026 ERROR [stderr] (default task-1) 	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
16:31:54,027 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
16:31:54,027 ERROR [stderr] (default task-1) 	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
16:31:54,027 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
16:31:54,028 ERROR [stderr] (default task-1) 	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
16:31:54,028 ERROR [stderr] (default task-1) 	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
16:31:54,028 ERROR [stderr] (default task-1) 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
16:31:54,029 ERROR [stderr] (default task-1) 	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
16:31:54,029 ERROR [stderr] (default task-1) 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
16:31:54,030 ERROR [stderr] (default task-1) 	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
16:31:54,030 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
16:31:54,031 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
16:31:54,031 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
16:31:54,032 ERROR [stderr] (default task-1) 	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
16:31:54,032 ERROR [stderr] (default task-1) 	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
16:31:54,032 ERROR [stderr] (default task-1) 	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802)
16:31:54,033 ERROR [stderr] (default task-1) 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
16:31:54,033 ERROR [stderr] (default task-1) 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
16:31:54,034 ERROR [stderr] (default task-1) 	at java.lang.Thread.run(Thread.java:785)
16:31:54,034 ERROR [stderr] (default task-1) Caused by: org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported
16:31:54,035 ERROR [stderr] (default task-1) 	at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:86)
16:31:54,036 ERROR [stderr] (default task-1) 	at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:52)
16:31:54,037 ERROR [stderr] (default task-1) 	at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:41)
16:31:54,038 ERROR [stderr] (default task-1) 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
16:31:54,038 ERROR [stderr] (default task-1) 	at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:112)
16:31:54,039 ERROR [stderr] (default task-1) 	at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
16:31:54,040 ERROR [stderr] (default task-1) 	at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
16:31:54,041 ERROR [stderr] (default task-1) 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
16:31:54,041 ERROR [stderr] (default task-1) 	at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
16:31:54,042 ERROR [stderr] (default task-1) 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1669)
16:31:54,043 ERROR [stderr] (default task-1) 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1550)
16:31:54,043 ERROR [stderr] (default task-1) 	at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1347)
16:31:54,044 ERROR [stderr] (default task-1) 	at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56)
16:31:54,045 ERROR [stderr] (default task-1) 	at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215)
16:31:54,045 ERROR [stderr] (default task-1) 	at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
16:31:54,046 ERROR [stderr] (default task-1) 	at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651)
16:31:54,046 ERROR [stderr] (default task-1) 	at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
16:31:54,047 ERROR [stderr] (default task-1) 	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
16:31:54,047 ERROR [stderr] (default task-1) 	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
16:31:54,048 ERROR [stderr] (default task-1) 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
16:31:54,049 ERROR [stderr] (default task-1) 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
16:31:54,049 ERROR [stderr] (default task-1) 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
16:31:54,050 ERROR [stderr] (default task-1) 	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
16:31:54,050 ERROR [stderr] (default task-1) 	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
16:31:54,050 ERROR [stderr] (default task-1) 	... 38 more

Attachments

Issue Links

is related to

JBWS-4186 Exclude SignEncryptGCMTestCase on IBM JDK8 due to JBEAP-5200

Resolved

Webservice with AES/GCM not working with IBM JDK

Details

Description

Attachments

Issue Links

Activity

People

Dates