'Re: Thread safety using WSDoAllReceiver and WSSecurityEngine'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    Re: Thread safety using WSDoAllReceiver and WSSecurityEngine
From:       Davanum Srinivas <davanum () gmail ! com>
Date:       2005-10-20 23:28:40
Message-ID: 19e0530f0510201628v610d71dbx2e8515c07a2bb4be () mail ! gmail ! com
[Download RAW message or body]

Samrat,

Could you please try latest SVN? There has been a lot of refactoring
and i wonder if this problem occurs with latest code as well.

thanks,
dims

On 10/20/05, Samrat Ketu <samrat.ketu@gmail.com> wrote:
> Hi
> We have a multi-threaded program that uses Axis and WSS4J to send encrypt=
ed
> messages to a web service and decrypts the contents as they are received.
> We intermittently faced the below exception - like 10 out of 5000 request=
s.
> Typical number of threads running are 10, pumping 10 messages per second.=
 As
> you can see, the problem is happening while decrypting the response.
>
> I was looking into the source code of WSS4J and realized that it could be
> because of
> a. the way session/symmetric key is stored in WSSecEngine
> b. the fact that reference to WSSecEngine is actually a static final
> variable in WSDoAllReceiver.
>
> Apparently, all instances of WSDoAllReceiver use the same instance of
> WSSecEngine to do encryption and decryption. And within WSSecEngine, the
> symmetric key is a global variable, so different method invocations to
> decrypt data will overwrite each other's symmetric key.
>
>
> Is this assessment correct? Is this really a bug?
>
> thanks,
> Samrat
>
> Exception is
>     org.apache.ws.security.WSSecurityException: Error
> Class: org.apache.ws.security.WSSecurityException
>          Cannot encrypt/decrypt data; nested exception is:
>
> org.apache.xml.security.encryption.XMLEncryptionException:
> pad block corrupted
>         Original Exception was
> javax.crypto.BadPaddingException: pad block corrupted
>             org.apache.ws.security.WSSecurityException:
> Cannot encrypt/decrypt data; nested exception is:
>
> org.apache.xml.security.encryption.XMLEncryptionException:
> pad block corrupted
>     Original Exception was
> javax.crypto.BadPaddingException: pad block corrupted
>         at
> org.apache.ws.security.WSSecurityEngine.decryptDataRef(WSSecurityEngine.j=
ava:1226)
>         at
> org.apache.ws.security.WSSecurityEngine.handleEncryptedKey
> (WSSecurityEngine.java:1171)
>         at
> org.apache.ws.security.WSSecurityEngine.handleEncryptedKey(WSSecurityEngi=
ne.java:926)
>         at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityE=
ngine.java
> :349)
>         at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityE=
ngine.java:245)
>         at
> org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:1=
56)
>         at
> org.apache.axis.strategies.InvocationStrategy.visit
> (InvocationStrategy.java:32)
>         at
> org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
>         at
> org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
>         at org.apache.axis.client.AxisClient.invoke
> (AxisClient.java:190)
>         at
> org.apache.axis.client.Call.invokeEngine(Call.java:2765)
>         at
> org.apache.axis.client.Call.invoke(Call.java:2748)
>         at
> org.apache.axis.client.Call.invoke(Call.java:2424)
>         at
> org.apache.axis.client.Call.invoke(Call.java:2347)
>         at
> org.apache.axis.client.Call.invoke(Call.java:1804)
>         ....
>         ....
>         Caused by:
> org.apache.xml.security.encryption.XMLEncryptionException
> : pad block corrupted
>         Original Exception was
> javax.crypto.BadPaddingException: pad block corrupted
>         at
> org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unknown
> Source)
>         at
> org.apache.xml.security.encryption.XMLCipher.decryptElement
> (Unknown Source)
>         at
> org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Unknow=
n
> Source)
>         at
> org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown
> Source)
>         at
> org.apache.ws.security.WSSecurityEngine.decryptDataRef
> (WSSecurityEngine.java:1224)
>         ... 17 more
>
>
>
>


--
Davanum Srinivas : http://wso2.com/blogs/

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic