search

CyberSource / cybersource-sdk-java

Java SDK for CyberSource Simple Order API
Other
51 stars 84 forks source link

error constructing MAC: unknown parameter type. #89

Closed marcomontani closed 4 years ago

marcomontani commented 7 years ago

Hi, I am trying to use the client within the wildfly 10.X application server. I included the client using Gradle: compile ("com.cybersource:cybersource-sdk-java:6.2.4")

At the first attempt of usage, it told me that the BouncyCastleProvider could not be found. I added the Jar to the lib/ext folder of my JDK, then modified the java.security configuration file adding bouncycastle as a provider and when i restarted the error changed in

15:07:50,849 ERROR [stderr] (default task-2) com.cybersource.ws.client.ClientException: error constructing MAC: java.security.InvalidAlgorithmParameterException: unknown parameter type. 15:07:50,849 ERROR [stderr] (default task-2) at com.cybersource.ws.client.Client.runTransaction(Client.java:132) 15:07:50,849 ERROR [stderr] (default task-2) at com.cybersource.ws.client.Client.runTransaction(Client.java:68)

Activating the logs with the library very little was added: 2017-09-16 15:33:58.771 default task-3 INFO > Client, End of soapWrap 16ms 2017-09-16 16:24:44.405 default task-3 EXCEPTION> Exception while loading KeyStore, 'null' 2017-09-16 16:24:44.405 default task-3 EXCEPTION> ClientException details: innerException: java.io.IOException: error constructing MAC: java.security.InvalidAlgorithmParameterException: unknown parameter type. at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:1445) at com.cybersource.ws.client.SecurityUtil.readAndStoreCertificateAndPrivateKey(SecurityUtil.java:111) at com.cybersource.ws.client.SecurityUtil.loadMerchantP12File(SecurityUtil.java:88) at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:194) at com.cybersource.ws.client.Client.runTransaction(Client.java:112) at com.cybersource.ws.client.Client.runTransaction(Client.java:68)

Could you please help me understand where is the problem?

Thanks

[EDIT] I don't know if this helps, but switching to the more recent bouncycastle version (1.58), the error becomes: 16:22:09,522 ERROR [stderr] (default task-2) com.cybersource.ws.client.ClientException: error constructing MAC: java.security.InvalidAlgorithmParameterException: inappropriate parameter type: javax.crypto.spec.PBEParameterSpec

schuller007 commented 6 years ago

Have you resolved this in any way? I am also encountering it running on java 1.7 on a Windows machine. How did you enable logging on the client?

RDornian commented 6 years ago

Working with @schuller007, we were able to find a workable solution. First we tried your suggestion of switching the bouncycastle to the latest version and then decided to try and deal with that same issue you came up with (inappropriate parameter type: javax.crypto.spec.PBEParameterSpec). From here I found this article https://stackoverflow.com/questions/44585976/bouncycastle-problems-multiple-webapps-in-one-tomcat which talks about the possible issue arising from housing multiple webapps within a single Tomcat. We decided to break up our local webapps into multiple Tomcats, which unfortunately was not an option for the author of that article. After that we weren't experiencing any issues and so I reduced the bouncy castle version back to its original value in the cybersource-sdk-java and continued to have no issues. Hopefully this helps and you aren't in similar situation as the aforementioned author.

marcomontani commented 6 years ago

Sorry for the late response. Using the wildfly application server, i found out i had to ad the bouncycastle library as a module in the application server and not copying it in the lib/ext forlder.

pts-danielmanley commented 6 years ago

I found bcprov/bcpkix/bcmail 1.50 in the base modules for wildfly 8.2.1 -- I moved that whole bouncycastle directory out of there, hoping that there was a conflict with my installed 1.54 modules for cybersource. no luck. I'm still getting:

Caused by: com.cybersource.ws.client.ClientException: error constructing MAC: java.security.InvalidAlgorithmParameterException: unknown parameter type.
    at com.cybersource.ws.client.Client.runTransaction(Client.java:173) [cybersource-sdk-java-6.2.5.jar:]
    at com.cybersource.ws.client.Client.runTransaction(Client.java:76) [cybersource-sdk-java-6.2.5.jar:]
    at com.points.services.payment.domain.cybersource.CyberSourceSender.runTransaction(CyberSourceSender.java:80) [payment-gateway.jar:2.0.0-SNAPSHOT]
    at com.points.services.payment.domain.cybersource.CyberSourceSender.send(CyberSourceSender.java:67) [payment-gateway.jar:2.0.0-SNAPSHOT]

and in cybs.log:

2018-01-12 12:30:45.346 default task-1 INFO     > Loading the certificate from p12 file 
2018-01-12 12:30:45.645 default task-1 EXCEPTION> Exception while loading KeyStore, 'null'
2018-01-12 12:30:45.647 default task-1 EXCEPTION> 
ClientException details:
innerException: 
java.io.IOException: error constructing MAC: java.security.InvalidAlgorithmParameterException: unknown parameter type.
    at org.bouncycastle.jcajce.provider.keystore.pkcs12.PKCS12KeyStoreSpi.engineLoad(Unknown Source)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at com.cybersource.ws.client.SecurityUtil.readAndStoreCertificateAndPrivateKey(SecurityUtil.java:125)
    at com.cybersource.ws.client.SecurityUtil.loadMerchantP12File(SecurityUtil.java:101)
    at com.cybersource.ws.client.Client.soapWrapAndSign(Client.java:236)
    at com.cybersource.ws.client.Client.runTransaction(Client.java:122)
    at com.cybersource.ws.client.Client.runTransaction(Client.java:76)

any additional help would be great!

pts-danielmanley commented 6 years ago

I tried a hack of SecurityUtil with a main() method to load my merchant p12 file and it works:

    public static void main(String[] argv) throws Exception {
        KeyStore merchantKeyStore;
        try {
            merchantKeyStore = KeyStore.getInstance(KEY_FILE_TYPE,
                                                    bcProvider);
        } catch (KeyStoreException e) {
            System.out.println("Exception while instantiating KeyStore");
            throw new SignException(e);
        }

        String keyFilename = "/config/pgw/dev/ejbProperties/cybersource/globaltestaccount.p12";
        try {
            System.out.println("loading the merchantKeyStore using ["+merchantKeyStore.getClass().getName()+"]");
            merchantKeyStore.load(new FileInputStream(keyFilename),
                                  "globaltestaccount".toCharArray());
        } catch (IOException e) {
            System.out.println("Exception while loading KeyStore, '" + keyFilename + "'");
            throw new SignException(e);
        } catch (NoSuchAlgorithmException e) {
            System.out.println("Exception while loading KeyStore, '" + keyFilename + "'");
            throw new SignException(e);
        } catch (CertificateException e) {
            System.out.println("Exception while loading KeyStore, '" + keyFilename + "'");
            throw new SignException(e);
        }

        System.out.println("aliases ["+merchantKeyStore.aliases()+"]");
    }
[daniel.manley@pts-dmanley2 tmp]$ $JAVA_HOME/bin/java -cp .:bcprov-jdk15on-1.54.jar:wss4j-1.6.19.jar:cybersource-sdk-java.jar com.cybersource.ws.client.SecurityUtilDan
loading the merchantKeyStore using [java.security.KeyStore]
aliases [java.util.Hashtable$Enumerator@46ab18da]

so it's gotta be a security provider that Wildfly is adding in front of the stuff the bcprov like causing the exception I'm encountering eh? (I also swapped out the wss4j 1.6.17 module for the desired 1.6.19 and still doesn't work in wildfly)

RDornian commented 5 years ago

We solved this issue by copying the bcprov-jdk15on-1.54.jar into our ..\jre\lib\ext folder as it was suggested here: https://stackoverflow.com/questions/44585976/bouncycastle-problems-multiple-webapps-in-one-tomcat