Wrong key usage

Question

I have exactly same configuration working in 4.0.1 and failing with the error "Wrong key usage" in 4.5.0. Specifically, encryption section of outgoing WSS configuration is causing the problem. The stack trace is:

Thu Jun 14 15:26:40 EDT 2012:ERROR:org.apache.ws.security.WSSecurityException: Cannot encrypt data
   org.apache.ws.security.WSSecurityException: Cannot encrypt data
    at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:216)
    at org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:223)
    at org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:264)
    at com.eviware.soapui.impl.wsdl.support.wss.entries.EncryptionEntry.process(EncryptionEntry.java:306)
    at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:192)
    at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:58)
    at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterAbstractHttpRequest(AbstractRequestFilter.java:37)
    at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterRequest(AbstractRequestFilter.java:31)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:177)
    at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
   Caused by: java.security.InvalidKeyException: Wrong key usage
    at javax.crypto.Cipher.init(Cipher.java:1639)
    at javax.crypto.Cipher.init(Cipher.java:1548)
    at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:214)

Same configuration (project, request, endpoint, keystores, certificates, etc.) is encrypting outgoing message without an issue in 4.0.1. I looked at the code in Cipher.java:1639 and am sure, that my WSS encryption certificate has keyEnchypherment set to true. (Again, same cert encrypts fine in 4.0.1.) So it seems that 4.5.0 does not use cert specified in the Encryption tab.

smartbear_suppo · Answer

Hello,This is probably due to a key size restrictions that limits to 128 in default JDK. Since you are using keys larger than 128 you will have to patch your JDK to support this. To do this, download the .zip archive from the following address:For Java 7:http://www.oracle.com/technetwork/java/ ... 32124.htmlFor Java 6:http://www.oracle.com/technetwork/java/ ... 29243.htmlExtract files from the downloaded archive and copy contained .jar files into: &lt;jre.home&gt;/lib/security folder (you will have to override the existing files).Make sure you are patching the right JRE (the one soapUI is using). If you have downloaded soapUIdistribution with bundled JRE then folder for patched files should be:&lt;soapui.home&gt;/jre/lib/securityIf you have downloaded soapUI without bundled JRE, then it depends on your systemwhich JRE is in use.regards!PredragSmartBear Software

smartbear_suppo · Answer

Hi guys,if you are using JRE 1.7.0 update 6 or later you might be affected by this although updating with the mentioned patch. Have a look at https://forums.oracle.com/forums/thread ... D=10639288 to get some more insights - it seems you can work around this by toggling a setting in the system Java Control Panel.Hope this helps!/OleSmartBear Software

Forum Discussion

Wrong key usage

Recent Discussions

Automation for SignalingService

Unable to see receive MQTT message in response

Smart Assertions with large responses

Related Content

Usage Statistics

entering random keys

Ram usage by Application