Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

Implementation of a Java callout that performs WS-Security Decryp and Encrypt is failing

Hello comunity,

 

I'm trying to use this solution to create WSSec decrypt and encrypt policies in Apigee: DinoChiesa/Apigee-Java-WsSec-RsaEncryption: a configurable custom policy for Apigee, which performs ...

But I'm having an error because the jar can't be loaded.

Example of error:

Failed to instantiate the JavaCallout Class com.google.apigee.callouts.wsseccrypto.Decrypt

Maybe the problem is similar to this one: Solved: Implementation of a Java callout that performs WS-... - Google Cloud Community. I suspect it because I was having the same problem with signing/validation until I found this thread and applied the suggested solution.

Example of policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout name="java-wssec-decrypt">
    <DisplayName>WS-Security Decrypt Message</DisplayName>
    <Properties>
        <Property name='debug'>true</Property>
        <Property name="source">message.content</Property>
        <Property name="private-key">{private.key.content}</Property>
    </Properties>
    <ClassName>com.google.apigee.callouts.wsseccrypto.Decrypt</ClassName>
    <ResourceURL>java://apigee-wssec-xmlenc-20210409.jar</ResourceURL>
</JavaCallout>
 
 
Edit: Apigee's debug show the error described as followed:
 
ThiagoSantos_0-1749048909056.png

 

Solved Solved
0 9 271
1 ACCEPTED SOLUTION

Thank you for the support.

I've already contacted the internal team so we can start the conversation with apigee support, although we're using apigee X so I don't think it'll be possible.

Anyway, I've found a patched version of xmlenc here that doesn't cause any security error, and I suppose I can keep it from here at least to finish the MVP. I'll need to address this issue, though, as this version is quite old, some encrypting algorithms are not supported, and it may have some undesirable xploits.

I've prepared a branch with Signature + Encryption+Patched XmlEnc together here: Farenheith/Apigee-Java-WsSec-Signature-2 at merge-encryption-patchedxmlenc

@dchiesa1 It'd be nice to later compatibilize your separate packages, though. I'll open a PR later for RsaEncryption, addressing the XmlUtils conflict to contribute.

View solution in original post

9 REPLIES 9