Forum Discussion

VladimirNovikov's avatar
VladimirNovikov
13 years ago

Wrong key usage

I have exactly same configuration working in 4.0.1 and failing with the error "Wrong key usage" in 4.5.0. Specifically, encryption section of outgoing WSS configuration is causing the problem. The stack trace is:

Thu Jun 14 15:26:40 EDT 2012:ERROR:org.apache.ws.security.WSSecurityException: Cannot encrypt data
   org.apache.ws.security.WSSecurityException: Cannot encrypt data
    at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:216)
    at org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:223)
    at org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:264)
    at com.eviware.soapui.impl.wsdl.support.wss.entries.EncryptionEntry.process(EncryptionEntry.java:306)
    at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:192)
    at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:58)
    at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterAbstractHttpRequest(AbstractRequestFilter.java:37)
    at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterRequest(AbstractRequestFilter.java:31)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:177)
    at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
    at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
   Caused by: java.security.InvalidKeyException: Wrong key usage
    at javax.crypto.Cipher.init(Cipher.java:1639)
    at javax.crypto.Cipher.init(Cipher.java:1548)
    at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:214)


Same configuration (project, request, endpoint, keystores, certificates, etc.) is encrypting outgoing message without an issue in 4.0.1. I looked at the code in Cipher.java:1639 and am sure, that my WSS encryption certificate has keyEnchypherment set to true. (Again, same cert encrypts fine in 4.0.1.) So it seems that 4.5.0 does not use cert specified in the Encryption tab.
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    13 years ago
    Hello,

    This is probably due to a key size restrictions that limits to 128 in default JDK. Since you are
    using keys larger than 128 you will have to patch your JDK to support this. To do this,
    download the .zip archive from the following address:

    For Java 7:
    http://www.oracle.com/technetwork/java/ ... 32124.html

    For Java 6:
    http://www.oracle.com/technetwork/java/ ... 29243.html

    Extract files from the downloaded archive and copy contained .jar files into: <jre.home>/lib/security
    folder (you will have to override the existing files).

    Make sure you are patching the right JRE (the one soapUI is using). If you have downloaded soapUI
    distribution with bundled JRE then folder for patched files should be:

    <soapui.home>/jre/lib/security

    If you have downloaded soapUI without bundled JRE, then it depends on your system
    which JRE is in use.

    regards!
    Predrag
    SmartBear Software
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    13 years ago
    Hi guys,

    if you are using JRE 1.7.0 update 6 or later you might be affected by this although updating with the mentioned patch. Have a look at https://forums.oracle.com/forums/thread ... D=10639288 to get some more insights - it seems you can work around this by toggling a setting in the system Java Control Panel.

    Hope this helps!

    /Ole
    SmartBear Software