Wrong Key Usage error on WS-Security Encryption of outgoing SOAP request

Question

I'm getting "java.security.InvalidKeyException: Wrong key usage" when attempting to encrypt an outgoing request. This only happens when using a CA-Issued cert. It doesn't happen for self-signed. I can see that the certifcate has both DigitalSignature and Key_Encipherment as allowable. The next cert up the chain (the CA cert) does not have any Key Usage specified.

This is happening with SOAPUI 5.2.1 with the bundled JRE and also with my own JRE 1.8.

I've seen this other thread where the OP had this same problem, but the two suggestions made there: 1) upgrade JRE; and 2) a work-around related to SSL don't seem to apply in my situation.

org.apache.ws.security.WSSecurityException: Cannot encrypt data
at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:216)
at org.apache.ws.security.message.WSSecEncrypt.prepare(WSSecEncrypt.java:223)
at org.apache.ws.security.message.WSSecEncrypt.build(WSSecEncrypt.java:264)
at com.eviware.soapui.impl.wsdl.support.wss.entries.EncryptionEntry.process(EncryptionEntry.java:284)
at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:175)
at com.eviware.soapui.impl.wsdl.submit.filters.WssRequestFilter.filterWsdlRequest(WssRequestFilter.java:59)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterAbstractHttpRequest(AbstractRequestFilter.java:39)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.filterRequest(AbstractRequestFilter.java:33)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:172)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.InvalidKeyException: Wrong key usage
at javax.crypto.Cipher.init(Cipher.java:1712)
at javax.crypto.Cipher.init(Cipher.java:1618)
at org.apache.ws.security.message.WSSecEncryptedKey.prepareInternal(WSSecEncryptedKey.java:214)

varias · Answer

I am having the same problem after updating a certificate from Entrust. The only thing different in the old and new certs is that the "Key Usage" section of the certificate is set to Critical. Did you happen to find a work around for your issue?

Forum Discussion

Wrong Key Usage error on WS-Security Encryption of outgoing SOAP request

1 Reply

Related Content

Groovy Script to send response value to username in Outgoing WS Security Configurations

How to use relative path for keystore (WS-Security Configuration)

Where is ws-security config tab on 2.6.0?

Outgoing WS-Security Configurations

Simple ws-security encryption service with soapui

Recent Discussions

SoapUI OSS apidocs are outdated in April 2024

log4j1.x vulnerability

How to upload a file via SOAP, as an attachment using python zeep

XQuery assertions are broken with SoapUI 5.6.0

Soapui 5.7.1 dependency : thoughtworks:xstream:jar:1.4.20