Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-962

SMIME signature verify+decrypt is not working

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 3.0.12.Final
    • 3.0.4.Final
    • None
    • None
    • Hide
      Client side
      //encrypt SomeJSON (simple POJO)
EnvelopedOutput output = new EnvelopedOutput(new SomeJSON("test"), MediaType.APPLICATION_JSON_TYPE);
output.setCertificate(<certificate>);

//sign encrypted SomeJSON
SignedOutput signed = new SignedOutput(output, "application/pkcs7-mime");
signed.setCertificate(<certificate>);
signed.setPrivateKey(<privateKey>);
Response res = target.request().post(Entity.entity(signed,"multipart/signed"));
      Server side
      @POST
@Path("/{somepath}")
public SignedOutput status(@PathParam("somepath") final String somepath,SignedInput<EnvelopedInput<SomeJSON>> input) throws Exception {

	//get encrypted content - it is OK
	final EnvelopedInput<SomeJSON> envelop = input.getEntity();
	
	//verify signature - it is OK
	if (!input.verify(<certificate>)) throw new WebApplicationException(500);
		
	//encrypt content - FAILED
	final SomeJSON someJSON = envelop.getEntity(<privateKey>,<certificate>);

	......
	
}

      The 'envelop.getEntity(<privateKey>,<certificate>)' method fails with:

      stacktrace
      17:25:31,888 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/edc-rest-service-0.0.1].[com.testapp.edc.rest.service.EDCApplication]] (http-localhost-127.0.0.1-8080-1) Servlet.service() for servlet com.testapp.edc.rest.service.EDCApplication threw exception: org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException: org.bouncycastle.cms.CMSException: Malformed content.
	at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.4.Final.jar:]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
	at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
	at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_27]
Caused by: java.lang.RuntimeException: org.bouncycastle.cms.CMSException: Malformed content.
	at org.jboss.resteasy.security.smime.EnvelopedInputImpl.getEntity(EnvelopedInputImpl.java:166) [resteasy-crypto-3.0.4.Final.jar:]
	at org.jboss.resteasy.security.smime.EnvelopedInputImpl.getEntity(EnvelopedInputImpl.java:123) [resteasy-crypto-3.0.4.Final.jar:]
	at com.testapp.edc.rest.service.EDCRestService.status(EDCRestService.java:87) [classes:]
	at com.testapp.edc.rest.service.EDCRestService$Proxy$_$$_WeldClientProxy.status(EDCRestService$Proxy$_$$_WeldClientProxy.java) [classes:]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_27]
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.6.0_27]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.6.0_27]
	at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.6.0_27]
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:280) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:234) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:221) [resteasy-jaxrs-3.0.4.Final.jar:]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356) [resteasy-jaxrs-3.0.4.Final.jar:]
	... 21 more
Caused by: org.bouncycastle.cms.CMSException: Malformed content.
	at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0]
	at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0]
	at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0]
	at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0]
	at org.jboss.resteasy.security.smime.EnvelopedInputImpl.getEntity(EnvelopedInputImpl.java:156) [resteasy-crypto-3.0.4.Final.jar:]
	... 33 more
Caused by: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERApplicationSpecific
	at org.bouncycastle.asn1.cms.ContentInfo.getInstance(Unknown Source) [bcprov-jdk16-1.46.jar:1.46.0]
	... 38 more
      Show
      Client side //encrypt SomeJSON (simple POJO) EnvelopedOutput output = new EnvelopedOutput( new SomeJSON( "test" ), MediaType.APPLICATION_JSON_TYPE); output.setCertificate(<certificate>); //sign encrypted SomeJSON SignedOutput signed = new SignedOutput(output, "application/pkcs7-mime" ); signed.setCertificate(<certificate>); signed.setPrivateKey(<privateKey>); Response res = target.request().post(Entity.entity(signed, "multipart/signed" )); Server side @POST @Path( "/{somepath}" ) public SignedOutput status(@PathParam( "somepath" ) final String somepath,SignedInput<EnvelopedInput<SomeJSON>> input) throws Exception { //get encrypted content - it is OK final EnvelopedInput<SomeJSON> envelop = input.getEntity(); //verify signature - it is OK if (!input.verify(<certificate>)) throw new WebApplicationException(500); //encrypt content - FAILED final SomeJSON someJSON = envelop.getEntity(<privateKey>,<certificate>); ...... } The 'envelop.getEntity(<privateKey>,<certificate>)' method fails with: stacktrace 17:25:31,888 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[ default -host].[/edc- rest -service-0.0.1].[com.testapp.edc. rest .service.EDCApplication]] (http-localhost-127.0.0.1-8080-1) Servlet.service() for servlet com.testapp.edc. rest .service.EDCApplication threw exception: org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException: org.bouncycastle.cms.CMSException: Malformed content. at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.4.Final.jar:] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:62) [weld-core-1.1.5.AS71.Final.jar:2012-02-10 15:31] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:] at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:] at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:] at java.lang. Thread .run(Unknown Source) [rt.jar:1.6.0_27] Caused by: java.lang.RuntimeException: org.bouncycastle.cms.CMSException: Malformed content. at org.jboss.resteasy.security.smime.EnvelopedInputImpl.getEntity(EnvelopedInputImpl.java:166) [resteasy-crypto-3.0.4.Final.jar:] at org.jboss.resteasy.security.smime.EnvelopedInputImpl.getEntity(EnvelopedInputImpl.java:123) [resteasy-crypto-3.0.4.Final.jar:] at com.testapp.edc. rest .service.EDCRestService.status(EDCRestService.java:87) [classes:] at com.testapp.edc. rest .service.EDCRestService$Proxy$_$$_WeldClientProxy.status(EDCRestService$Proxy$_$$_WeldClientProxy.java) [classes:] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_27] at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.6.0_27] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [rt.jar:1.6.0_27] at java.lang.reflect.Method.invoke(Unknown Source) [rt.jar:1.6.0_27] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:280) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:234) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:221) [resteasy-jaxrs-3.0.4.Final.jar:] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356) [resteasy-jaxrs-3.0.4.Final.jar:] ... 21 more Caused by: org.bouncycastle.cms.CMSException: Malformed content. at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0] at org.bouncycastle.cms.CMSUtils.readContentInfo(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0] at org.bouncycastle.cms.CMSEnvelopedData.<init>(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0] at org.bouncycastle.mail.smime.SMIMEEnveloped.<init>(Unknown Source) [bcmail-jdk16-1.46.jar:1.46.0] at org.jboss.resteasy.security.smime.EnvelopedInputImpl.getEntity(EnvelopedInputImpl.java:156) [resteasy-crypto-3.0.4.Final.jar:] ... 33 more Caused by: java.lang.IllegalArgumentException: unknown object in factory: org.bouncycastle.asn1.DERApplicationSpecific at org.bouncycastle.asn1.cms.ContentInfo.getInstance(Unknown Source) [bcprov-jdk16-1.46.jar:1.46.0] ... 38 more

    Description

      Hi,

      I have created a small rest service, which receives an SMIME encrypted and signed request.
      In the examples I found a similar one, which is decrypts and verifies a request, but in my
      case the order is different: first I encrypt the base JSON message, and then sign it.
      In the original examle the first step is the signing and then comes the encrytion, and this
      one is working fine. My example (JSON->encryption->signing) produces different exceptions on
      receiver side after signature verification, when I'm trying to decrypt it.

      Tested cases (client - server):

      • sign - verify = OK
      • encrypt - decrypt = OK
      • sign+encrypt - decrypt-verify = OK
      • encrypt+sign - verify-decrypt = FAILED

      Regards,
      Tamás

      Attachments

        Activity

          People

            rsigal@redhat.com Ronald Sigal
            tmalatinszki_jira Tamas Malatinszki (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: