This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Implementation of a Java callout that performs WS-Security Decryp and Encrypt is failing

Posted Wednesday
ThiagoSantos
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hello comunity,

 

I'm trying to use this solution to create WSSec decrypt and encrypt policies in Apigee: DinoChiesa/Apigee-Java-WsSec-RsaEncryption: a configurable custom policy for Apigee, which performs ...

But I'm having an error because the jar can't be loaded.

Example of error:

Failed to instantiate the JavaCallout Class com.google.apigee.callouts.wsseccrypto.Decrypt

Maybe the problem is similar to this one: Solved: Implementation of a Java callout that performs WS-... - Google Cloud Community. I suspect it because I was having the same problem with signing/validation until I found this thread and applied the suggested solution.

Example of policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<JavaCallout name="java-wssec-decrypt">
    <DisplayName>WS-Security Decrypt Message</DisplayName>
    <Properties>
        <Property name='debug'>true</Property>
        <Property name="source">message.content</Property>
        <Property name="private-key">{private.key.content}</Property>
    </Properties>
    <ClassName>com.google.apigee.callouts.wsseccrypto.Decrypt</ClassName>
    <ResourceURL>java://apigee-wssec-xmlenc-20210409.jar</ResourceURL>
</JavaCallout>
 
 
Edit: Apigee's debug show the error described as followed:
 
ThiagoSantos_0-1749048909056.png

 

Solved Solved
0 9 271
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ThiagoSantos
Bronze 2
Bronze 2
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thank you for the support.

I've already contacted the internal team so we can start the conversation with apigee support, although we're using apigee X so I don't think it'll be possible.

Anyway, I've found a patched version of xmlenc here that doesn't cause any security error, and I suppose I can keep it from here at least to finish the MVP. I'll need to address this issue, though, as this version is quite old, some encrypting algorithms are not supported, and it may have some undesirable xploits.

I've prepared a branch with Signature + Encryption+Patched XmlEnc together here: Farenheith/Apigee-Java-WsSec-Signature-2 at merge-encryption-patchedxmlenc

@dchiesa1 It'd be nice to later compatibilize your separate packages, though. I'll open a PR later for RsaEncryption, addressing the XmlUtils conflict to contribute.

View solution in original post

Jump to Solution
0 Likes
9 REPLIES 9