Friday, March 8, 2013

"org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used"

While testing a WS-Trust scenario with WSO2 Identity Server and WSO2 ESB, I encountered the following error at the client side: 
Exception in thread "main" org.apache.axis2.AxisFault: Error in creating an encrypted key
          at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)
          at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
          at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
          at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
          at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426)
          at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398)
          at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
          at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
          at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:554)
          at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:530)
          at EchoClient.callEcho(EchoClient.java:144)
          at EchoClient.main(EchoClient.java:60)
      Caused by: org.apache.rampart.RampartException: Error in creating an encrypted key
          at org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:243)
          at org.apache.rampart.builder.SymmetricBindingBuilder.setupEncryptedKey(SymmetricBindingBuilder.java:786)
          at org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:416)
          at org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:86)
          at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144)
          at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
          ... 11 more
      Caused by: org.apache.ws.security.WSSecurityException: An unsupported signature or encryption algorithm was used (unsupported key transport encryption algorithm: No such algorithm: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p); nested exception is: 
          java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
          at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:785)
          at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:205)
          at org.apache.ws.security.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:184)
          at org.apache.rampart.builder.BindingBuilder.getEncryptedKeyBuilder(BindingBuilder.java:236)
          ... 16 more
      Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
          at javax.crypto.Cipher.getInstance(DashoA13*..)
          at org.apache.ws.security.util.WSSecurityUtil.getCipherInstance(WSSecurityUtil.java:777)
          ... 19 more
I'd been trying hard to find the cause for this, but finally it turn out be a single important jar is missing from client's classpath.

[1] showed what was missing is the Bouncy Castle [2] jar, which is a Java implementation of the cryptographic algorithms. Downloading it from [3] and putting in the classpath resolved the issue.

Ref:
[1] Rampart FAQ blog
[2] Bouncy Castle home page
[3] Bouncy Castle downloads

No comments: