-
Bug
-
Resolution: Obsolete
-
Major
-
None
-
7.0.1.CR2
SignEncryptGCMTestCase from JBossWS testsuite is failing when the testsuite and/or server is running using IBM JDK with unlimited cryptography with main error message:
Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported
Unlimited cryptography is not required to hit the issue, it is required just for this test (one can modify the test for smaller key). Also the issue is not product specific, it is present also in upstream version.
The problem is probably somewhere in dynamic registration of BouncyCastle provider from classpath through additional interceptors; everything works fine if BouncyCastle is installed and configured directly in JDK installation (in jre/lib/ext and jre/lib/security/java.security).
Server side stacktraces
16:31:53,974 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (default task-6) Interceptor for {http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy}SecurityService has thrown exception, unwinding now: org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:66) at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:37) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251) at org.jboss.wsf.stack.cxf.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:108) at org.jboss.wsf.stack.cxf.transport.ServletHelper.callRequestHandler(ServletHelper.java:134) at org.jboss.wsf.stack.cxf.CXFServletExt.invoke(CXFServletExt.java:88) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293) at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at org.jboss.wsf.stack.cxf.CXFServletExt.service(CXFServletExt.java:136) at org.jboss.wsf.spi.deployment.WSFServlet.service(WSFServlet.java:140) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.lang.Thread.run(Thread.java:785) Caused by: javax.xml.stream.XMLStreamException: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.testAndThrowUncaughtException(AbstractDecryptInputProcessor.java:701) at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.processEvent(AbstractDecryptInputProcessor.java:609) at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$AbstractDecryptedEventReaderInputProcessor.processNextEvent(AbstractDecryptInputProcessor.java:603) at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processEvent(AbstractDecryptInputProcessor.java:295) at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor.processNextEvent(AbstractDecryptInputProcessor.java:144) at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193) at org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor.processNextEvent(AbstractSignatureReferenceVerifyInputProcessor.java:148) at org.apache.wss4j.stax.impl.processor.input.WSSSignatureReferenceVerifyInputProcessor.processNextEvent(WSSSignatureReferenceVerifyInputProcessor.java:270) at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193) at org.apache.xml.security.stax.impl.processor.input.AbstractSignatureReferenceVerifyInputProcessor$InternalSignatureReferenceVerifier.processNextEvent(AbstractSignatureReferenceVerifyInputProcessor.java:420) at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193) at org.apache.wss4j.stax.impl.processor.input.OperationInputProcessor.processNextEvent(OperationInputProcessor.java:58) at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193) at org.apache.wss4j.policy.stax.enforcer.PolicyInputProcessor.processNextEvent(PolicyInputProcessor.java:104) at org.apache.xml.security.stax.impl.InputProcessorChainImpl.processEvent(InputProcessorChainImpl.java:193) at org.apache.xml.security.stax.impl.XMLSecurityStreamReader.next(XMLSecurityStreamReader.java:78) at org.apache.wss4j.stax.impl.WSSecurityStreamReader.next(WSSecurityStreamReader.java:45) at javax.xml.stream.util.StreamReaderDelegate.next(Unknown Source) at org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor$1.next(WSS4JStaxInInterceptor.java:150) at org.apache.cxf.binding.soap.interceptor.StartBodyInterceptor.handleMessage(StartBodyInterceptor.java:59) ... 40 more Caused by: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported at com.ibm.crypto.provider.AESGCMCipherInHardware.engineUpdate(Unknown Source) at javax.crypto.Cipher.update(Unknown Source) at javax.crypto.CipherOutputStream.write(Unknown Source) at org.apache.xml.security.stax.impl.util.IVSplittingOutputStream.write(IVSplittingOutputStream.java:105) at org.apache.xml.security.stax.impl.util.ReplaceableOuputStream.write(ReplaceableOuputStream.java:53) at org.apache.commons.codec.binary.BaseNCodecOutputStream.flush(BaseNCodecOutputStream.java:116) at org.apache.commons.codec.binary.BaseNCodecOutputStream.write(BaseNCodecOutputStream.java:97) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:233) at sun.nio.cs.StreamEncoder.implClose(StreamEncoder.java:328) at sun.nio.cs.StreamEncoder.close(StreamEncoder.java:161) at java.io.OutputStreamWriter.close(OutputStreamWriter.java:295) at org.apache.xml.security.stax.impl.processor.input.AbstractDecryptInputProcessor$DecryptionThread.run(AbstractDecryptInputProcessor.java:816) ... 1 more
16:31:54,011 ERROR [stderr] (default task-1) javax.xml.ws.soap.SOAPFaultException: Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported 16:31:54,013 ERROR [stderr] (default task-1) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161) 16:31:54,015 ERROR [stderr] (default task-1) at com.sun.proxy.$Proxy46.sayHello(Unknown Source) 16:31:54,017 ERROR [stderr] (default task-1) at org.jboss.test.ws.jaxws.samples.wsse.policy.basic.SignEncryptHelper.invoke(SignEncryptHelper.java:116) 16:31:54,018 ERROR [stderr] (default task-1) at org.jboss.test.ws.jaxws.samples.wsse.policy.basic.SignEncryptHelper.testSignEncryptUsingConfigProperties(SignEncryptHelper.java:98) 16:31:54,019 ERROR [stderr] (default task-1) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 16:31:54,020 ERROR [stderr] (default task-1) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) 16:31:54,020 ERROR [stderr] (default task-1) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55) 16:31:54,021 ERROR [stderr] (default task-1) at java.lang.reflect.Method.invoke(Method.java:508) 16:31:54,021 ERROR [stderr] (default task-1) at org.jboss.wsf.test.TestServlet.invokeMethod(TestServlet.java:158) 16:31:54,022 ERROR [stderr] (default task-1) at org.jboss.wsf.test.TestServlet.doGet(TestServlet.java:95) 16:31:54,022 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) 16:31:54,023 ERROR [stderr] (default task-1) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 16:31:54,023 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) 16:31:54,023 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) 16:31:54,024 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) 16:31:54,024 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) 16:31:54,025 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 16:31:54,025 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) 16:31:54,025 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) 16:31:54,026 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 16:31:54,026 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 16:31:54,027 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 16:31:54,027 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) 16:31:54,027 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) 16:31:54,028 ERROR [stderr] (default task-1) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 16:31:54,028 ERROR [stderr] (default task-1) at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) 16:31:54,028 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 16:31:54,029 ERROR [stderr] (default task-1) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 16:31:54,029 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 16:31:54,030 ERROR [stderr] (default task-1) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 16:31:54,030 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285) 16:31:54,031 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264) 16:31:54,031 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) 16:31:54,032 ERROR [stderr] (default task-1) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175) 16:31:54,032 ERROR [stderr] (default task-1) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202) 16:31:54,032 ERROR [stderr] (default task-1) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:802) 16:31:54,033 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153) 16:31:54,033 ERROR [stderr] (default task-1) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) 16:31:54,034 ERROR [stderr] (default task-1) at java.lang.Thread.run(Thread.java:785) 16:31:54,034 ERROR [stderr] (default task-1) Caused by: org.apache.cxf.binding.soap.SoapFault: Error reading XMLStreamReader: java.security.ProviderException: engineUpdate not supported for AES/GCM; only engineDoFinal is supported 16:31:54,035 ERROR [stderr] (default task-1) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:86) 16:31:54,036 ERROR [stderr] (default task-1) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:52) 16:31:54,037 ERROR [stderr] (default task-1) at org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:41) 16:31:54,038 ERROR [stderr] (default task-1) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) 16:31:54,038 ERROR [stderr] (default task-1) at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:112) 16:31:54,039 ERROR [stderr] (default task-1) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69) 16:31:54,040 ERROR [stderr] (default task-1) at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34) 16:31:54,041 ERROR [stderr] (default task-1) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) 16:31:54,041 ERROR [stderr] (default task-1) at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798) 16:31:54,042 ERROR [stderr] (default task-1) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1669) 16:31:54,043 ERROR [stderr] (default task-1) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1550) 16:31:54,043 ERROR [stderr] (default task-1) at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1347) 16:31:54,044 ERROR [stderr] (default task-1) at org.apache.cxf.io.CacheAndWriteOutputStream.postClose(CacheAndWriteOutputStream.java:56) 16:31:54,045 ERROR [stderr] (default task-1) at org.apache.cxf.io.CachedOutputStream.close(CachedOutputStream.java:215) 16:31:54,045 ERROR [stderr] (default task-1) at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56) 16:31:54,046 ERROR [stderr] (default task-1) at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:651) 16:31:54,046 ERROR [stderr] (default task-1) at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62) 16:31:54,047 ERROR [stderr] (default task-1) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) 16:31:54,047 ERROR [stderr] (default task-1) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) 16:31:54,048 ERROR [stderr] (default task-1) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) 16:31:54,049 ERROR [stderr] (default task-1) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) 16:31:54,049 ERROR [stderr] (default task-1) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) 16:31:54,050 ERROR [stderr] (default task-1) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) 16:31:54,050 ERROR [stderr] (default task-1) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) 16:31:54,050 ERROR [stderr] (default task-1) ... 38 more
- is related to
-
JBWS-4186 Exclude SignEncryptGCMTestCase on IBM JDK8 due to JBEAP-5200
- Resolved