search

quarkiverse / quarkus-cxf

Quarkus CXF Extension to support SOAP based web services.
Apache License 2.0
72 stars 57 forks source link

Change tests assesrtions to pass on FIPS environment #1297

Closed JiriOndrusek closed 3 months ago

JiriOndrusek commented 3 months ago

fixes https://github.com/quarkiverse/quarkus-cxf/issues/1285

replaces https://github.com/quarkiverse/quarkus-cxf/pull/1286

Tests are capable of knowing whether the environment is FIPS, therefore assertions are changed accordingly (whether success or failure is expected)

!There is a problem with the execution in the native in the FIPS! non-FIPS - jvm and native works FIPS - jvm works, native fails - I'm investigating it now.

I created this draft to see the CI results.

JiriOndrusek commented 3 months ago

@ppalaga (@ffang ) I added missing policy.xml files (with different ids) for each endpoint. And I see a weird behavior (on FIPS): JVM tests succed, but native tests fail.

Here is a few lines from the log when executing CustomEncryptSignPolicyIT.helloCustomizedValuesCorrectly (the test customizes the suite to use weaker alghoritms, but the correct ones, therefor it shoul succeed on non-fips and fail on FIPS)

JVM part of log, FIPS (looks as expected):

2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
2024-03-18 13:04:27,443 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:04:27,452 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using QuarkusClassLoader:Quarkus Base Runtime ClassLoader: TEST for CustomEncryptSignPolicyTest (QuarkusTest)@44a14de0 class loader.
2024-03-18 13:04:27,455 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded
2024-03-18 13:04:27,460 DEBUG [org.apa.cxf.ws.sec.wss.pol.AsymmetricBindingHandler] (executor-thread-1) unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding": org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding"

native part of the log:

2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:08:00,244 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader.
2024-03-18 13:08:00,248 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded
2024-03-18 13:08:00,248 DEBUG [org.apa.wss.dom.mes.WSSecEncryptedKey] (executor-thread-1) cipher blksize: 0
2024-03-18 13:08:00,249 DEBUG [org.apa.wss.dom.mes.WSSecEncrypt] (executor-thread-1) Error destroying key: null
2024-03-18 13:08:00,269 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-2) WSS4JInInterceptor: enter handleMessage()
2024-03-18 13:08:00,308 INFO  [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-1186773456' created in EhcacheManager.
2024-03-18 13:08:00,312 INFO  [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'ws-security.timestamp.cache.instance-1186773456' created in EhcacheManager.
2024-03-18 13:08:00,313 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-2) Trying to find [bob-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader.

You can see the same line in both logs The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded On JVM (with FIPS) the next message is failure to find an algorithm, the native successfully continues.

Do you have an idea, what can be wrong?

I'm pasting whole log here ``` [INFO] ------------------------------------------------------- [INFO] T E S T S [INFO] ------------------------------------------------------- [INFO] Running io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyTest 2024-03-18 13:04:24,087 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--3621590723721044165 2024-03-18 13:04:24,097 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 9 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl 2024-03-18 13:04:24,109 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy-5409562130846995547 2024-03-18 13:04:24,109 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl 2024-03-18 13:04:24,119 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--8813917047620089109 2024-03-18 13:04:24,120 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl 2024-03-18 13:04:24,132 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--2958597516832616441 2024-03-18 13:04:24,133 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl 2024-03-18 13:04:24,141 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy-7406301022699014404 2024-03-18 13:04:24,141 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl 2024-03-18 13:04:24,149 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--825235924504016394 2024-03-18 13:04:24,150 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl 2024-03-18 13:04:24,158 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--5117895124719482176 2024-03-18 13:04:24,158 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl 2024-03-18 13:04:24,169 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--2125483729719772079 2024-03-18 13:04:24,170 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl 2024-03-18 13:04:24,178 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--8896849571768878081 2024-03-18 13:04:24,178 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl 2024-03-18 13:04:24,182 INFO [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--3280877060289177314 2024-03-18 13:04:24,183 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl 2024-03-18 13:04:24,192 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService 2024-03-18 13:04:24,196 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService 2024-03-18 13:04:24,200 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService 2024-03-18 13:04:24,204 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService 2024-03-18 13:04:24,208 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService 2024-03-18 13:04:24,214 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService 2024-03-18 13:04:24,216 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HelloService 2024-03-18 13:04:24,224 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloService 2024-03-18 13:04:24,227 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService 2024-03-18 13:04:24,231 INFO [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService 2024-03-18 13:04:24,241 INFO [io.qua.cxf.dep.Java2WsdlProcessor] (build-49) java2ws processed 0 classes 2024-03-18 13:04:24,702 INFO [io.qua.cxf.dep.CxfEndpointImplementationProcessor] (build-34) Mapping a Vert.x handler for CXF to /services/* as requested by [io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl] 2024-03-18 13:04:25,732 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong2 2024-03-18 13:04:25,738 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,744 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml1 2024-03-18 13:04:25,744 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,749 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSignCrypto 2024-03-18 13:04:25,749 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,754 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSign 2024-03-18 13:04:25,754 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,758 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomizedEncryptSign 2024-03-18 13:04:25,758 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,761 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /hello 2024-03-18 13:04:25,762 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl on /services available. 2024-03-18 13:04:25,766 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong1 2024-03-18 13:04:25,766 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,771 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloHttps 2024-03-18 13:04:25,771 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,775 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameToken 2024-03-18 13:04:25,775 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,779 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenAlt 2024-03-18 13:04:25,779 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,782 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenUncachedNonce 2024-03-18 13:04:25,782 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,787 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml2 2024-03-18 13:04:25,787 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,790 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSign 2024-03-18 13:04:25,791 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:04:25,956 INFO [io.quarkus] (main) quarkus-cxf-integration-test-ws-security-policy 3.8.2-SNAPSHOT on JVM (powered by Quarkus 3.8.3) started in 4.259s. Listening on: http://localhost:8081 and https://localhost:8444 2024-03-18 13:04:25,957 INFO [io.quarkus] (main) Profile test activated. 2024-03-18 13:04:25,958 INFO [io.quarkus] (main) Installed features: [cdi, cxf, cxf-rt-ws-security, resteasy, smallrye-context-propagation, vertx, xmlsec] 2024-03-18 13:04:27,041 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider ApacheXMLDSig - 3.04 was added at position: 8 2024-03-18 13:04:27,316 WARN [org.apa.cxf.ws.pol.AssertionBuilderRegistryImpl] (executor-thread-1) No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}CustomAlgorithmSuite registered. 2024-03-18 13:04:27,421 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider STRTransform was added at position: 9 2024-03-18 13:04:27,421 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentContentSignatureTransform was added at position: 10 2024-03-18 13:04:27,422 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentCompleteSignatureTransform was added at position: 11 2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken 2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token 2024-03-18 13:04:27,443 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10 2024-03-18 13:04:27,452 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using QuarkusClassLoader:Quarkus Base Runtime ClassLoader: TEST for CustomEncryptSignPolicyTest (QuarkusTest)@44a14de0 class loader. 2024-03-18 13:04:27,455 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded 2024-03-18 13:04:27,460 DEBUG [org.apa.cxf.ws.sec.wss.pol.AsymmetricBindingHandler] (executor-thread-1) unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding": org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding" Original Exception was java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:207) at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:154) at org.apache.wss4j.dom.message.WSSecEncryptedKey.encryptSymmetricKey(WSSecEncryptedKey.java:584) at org.apache.wss4j.dom.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:227) at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:115) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:546) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryptBeforeSign(AsymmetricBindingHandler.java:366) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:119) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:200) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:113) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:100) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140) at jdk.proxy6/jdk.proxy6.$Proxy157.hello(Unknown Source) at io.quarkiverse.cxf.it.security.policy.SecurityPolicyResource.hello(SecurityPolicyResource.java:189) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118) at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452) at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:70) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229) at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler$1.run(VertxRequestHandler.java:93) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:840) Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571) at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:181) ... 49 more Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA1AndMGF1Padding at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137) at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388) at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564) ... 50 more 2024-03-18 13:04:27,462 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Not asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken: org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding" Original Exception was java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding 2024-03-18 13:04:27,463 WARN [org.apa.cxf.pha.PhaseInterceptorChain] (executor-thread-1) Interceptor for {http://policy.security.it.cxf.quarkiverse.io/}CustomizedEncryptSignPolicyHelloService#{http://policy.security.it.cxf.quarkiverse.io/}hello has thrown exception, unwinding now: org.apache.cxf.ws.policy.PolicyException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding" at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:114) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:589) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryptBeforeSign(AsymmetricBindingHandler.java:366) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:119) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:200) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:113) at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:100) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140) at jdk.proxy6/jdk.proxy6.$Proxy157.hello(Unknown Source) at io.quarkiverse.cxf.it.security.policy.SecurityPolicyResource.hello(SecurityPolicyResource.java:189) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118) at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452) at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:70) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240) at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154) at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321) at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229) at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147) at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler$1.run(VertxRequestHandler.java:93) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:840) Caused by: org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding" Original Exception was java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:207) at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:154) at org.apache.wss4j.dom.message.WSSecEncryptedKey.encryptSymmetricKey(WSSecEncryptedKey.java:584) at org.apache.wss4j.dom.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:227) at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:115) at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:546) ... 44 more Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571) at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:181) ... 49 more Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA1AndMGF1Padding at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137) at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388) at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564) ... 50 more [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 8.286 s -- in io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyTest 2024-03-18 13:04:27,628 INFO [io.quarkus] (main) quarkus-cxf-integration-test-ws-security-policy stopped in 0.092s [INFO] [INFO] Results: [INFO] [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0 [INFO] [INFO] [INFO] --- jar:3.3.0:jar (default-jar) @ quarkus-cxf-integration-test-ws-security-policy --- [INFO] Building jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT.jar [INFO] [INFO] --- source:3.3.0:jar-no-fork (attach-sources) @ quarkus-cxf-integration-test-ws-security-policy --- [INFO] Building jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-sources.jar [INFO] [INFO] --- jar:3.3.0:test-jar (default) @ quarkus-cxf-integration-test-ws-security-policy --- [INFO] Building jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-tests.jar [INFO] [INFO] --- quarkus:3.8.3:build (default) @ quarkus-cxf-integration-test-ws-security-policy --- [WARNING] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Cannot find the `native-image` in the GRAALVM_HOME, JAVA_HOME and System PATH. Install it using `gu install native-image` Attempting to fall back to container build. [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-4559857281264667813 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 9 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml2PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--2233034055351787650 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}UsernameTokenPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--375154147368465301 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HttpsPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--4221659488130387809 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong1PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-9014933952747715964 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.HelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-7994349831358209209 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomizedEncryptSignPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-9070293355230109440 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}EncryptSignPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--8085849120177807383 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml1PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--3904657221477083726 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong2PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService [INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-8359058534788620340 [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml2PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}UsernameTokenPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomizedEncryptSignPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HelloService from class io.quarkiverse.cxf.it.security.policy.HelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong1PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}EncryptSignPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml1PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HttpsPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService [INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong2PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService [INFO] [io.quarkiverse.cxf.deployment.Java2WsdlProcessor] java2ws processed 0 classes [INFO] [io.quarkiverse.cxf.deployment.CxfEndpointImplementationProcessor] Mapping a Vert.x handler for CXF to /services/* as requested by [io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl] [INFO] [io.quarkus.deployment.pkg.steps.JarResultBuildStep] Building native image source jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner.jar [INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Building native image from /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner.jar [INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildContainerRunner] Using docker to run the native image builder [INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildContainerRunner] Pulling builder image 'quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21' jdk-21: Pulling from quarkus/ubi-quarkus-mandrel-builder-image Digest: sha256:ed5d4bd07b94a1c5e11590449fe7b46ff2682f6eb1256ac80d870678afa135ec Status: Image is up to date for quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 [INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Running Quarkus native-image plugin on MANDREL 23.1.2.0 JDK 21.0.2+13-LTS [INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] docker run --env LANG=C --rm --user 600:600 -v /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar:/project:z --name build-native-aJTiB quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -J-Dsun.nio.ch.maxUpdateArraySize=100 -J-Djava.util.logging.manager=org.jboss.logmanager.LogManager -J-Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true -J-Dorg.ehcache.sizeof.AgentSizeOf.bypass=true -J-Dlogging.initial-configurator.min-level=500 -J-Dvertx.logger-delegate-factory-class-name=io.quarkus.vertx.core.runtime.VertxLogDelegateFactory -J-Dvertx.disableDnsResolver=true -J-Dio.netty.leakDetection.level=DISABLED -J-Dio.netty.allocator.maxOrder=3 -J-Duser.language=en -J-Duser.country=US -J-Dfile.encoding=UTF-8 --features=io.quarkus.runner.Feature,io.quarkus.runtime.graal.DisableLoggingFeature -J--add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED -J--add-opens=java.base/java.text=ALL-UNNAMED -J--add-opens=java.base/java.io=ALL-UNNAMED -J--add-opens=java.base/java.lang.invoke=ALL-UNNAMED -J--add-opens=java.base/java.util=ALL-UNNAMED -H:+UnlockExperimentalVMOptions -H:BuildOutputJSONFile=quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner-build-output-stats.json -H:-UnlockExperimentalVMOptions --strict-image-heap -H:+UnlockExperimentalVMOptions -H:+AllowFoldMethods -H:-UnlockExperimentalVMOptions -J-Djava.awt.headless=true --no-fallback --link-at-build-time -H:+UnlockExperimentalVMOptions -H:+ReportExceptionStackTraces -H:-UnlockExperimentalVMOptions -H:-AddAllCharsets --enable-url-protocols=http,https --enable-monitoring=heapdump -H:+UnlockExperimentalVMOptions -H:-UseServiceLoaderFeature -H:-UnlockExperimentalVMOptions -H:+UnlockExperimentalVMOptions -H:AdditionalSecurityProviders=org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI -H:-UnlockExperimentalVMOptions -J--add-exports=org.graalvm.nativeimage/org.graalvm.nativeimage.impl=ALL-UNNAMED --exclude-config io\.netty\.netty-codec /META-INF/native-image/io\.netty/netty-codec/generated/handlers/reflect-config\.json --exclude-config io\.netty\.netty-handler /META-INF/native-image/io\.netty/netty-handler/generated/handlers/reflect-config\.json quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner -jar quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner.jar ======================================================================================================================== GraalVM Native Image: Generating 'quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner' (executable)... ======================================================================================================================== For detailed information and explanations on the build output, visit: https://github.com/oracle/graal/blob/master/docs/reference-manual/native-image/BuildOutput.md ------------------------------------------------------------------------------------------------------------------------ [1/8] Initializing... (8.0s @ 0.16GB) Java version: 21.0.2+13-LTS, vendor version: Mandrel-23.1.2.0-Final Graal compiler: optimization level: 2, target machine: x86-64-v3 C compiler: gcc (redhat, x86_64, 8.5.0) Garbage collector: Serial GC (max heap size: 80% of RAM) 5 user-specific feature(s): - com.oracle.svm.thirdparty.gson.GsonFeature - io.quarkus.runner.Feature: Auto-generated class by Quarkus from the existing extensions - io.quarkus.runtime.graal.DisableLoggingFeature: Disables INFO logging during the analysis phase - org.eclipse.angus.activation.nativeimage.AngusActivationFeature - org.eclipse.angus.mail.nativeimage.AngusMailFeature ------------------------------------------------------------------------------------------------------------------------ 4 experimental option(s) unlocked: - '-H:+AllowFoldMethods' (origin(s): command line) - '-H:BuildOutputJSONFile' (origin(s): command line) - '-H:-UseServiceLoaderFeature' (origin(s): command line) - '-H:AdditionalSecurityProviders' (origin(s): command line) ------------------------------------------------------------------------------------------------------------------------ Build resources: - 5.68GB of memory (75.6% of 7.51GB system memory, determined at start) - 4 thread(s) (100.0% of 4 available processor(s), determined at start) ^[[B13:05:55,987 INFO [org.ehc.siz.fil.AnnotationSizeOfFilter] Using regular expression provided through VM argument org.ehcache.sizeof.filters.AnnotationSizeOfFilter.pattern for IgnoreSizeOf annotation : ^.*cache\..*IgnoreSizeOf$ [2/8] Performing analysis... [*****] (85.0s @ 2.20GB) 24,373 reachable types (90.5% of 26,935 total) 36,180 reachable fields (63.1% of 57,361 total) 124,330 reachable methods (62.7% of 198,190 total) 8,902 types, 1,609 fields, and 11,189 methods registered for reflection 62 types, 63 fields, and 55 methods registered for JNI access 4 native libraries: dl, pthread, rt, z [3/8] Building universe... (9.9s @ 2.96GB) [4/8] Parsing methods... [***] (7.3s @ 2.38GB) [5/8] Inlining methods... [***] (5.4s @ 2.88GB) [6/8] Compiling methods... [********] (60.1s @ 2.45GB) [7/8] Layouting methods... [***] (11.8s @ 2.54GB) [8/8] Creating image... [***] (10.6s @ 2.69GB) 56.29MB (48.88%) for code area: 82,446 compilation units 58.48MB (50.78%) for image heap: 571,531 objects and 475 resources 406.77kB ( 0.34%) for other data 115.16MB in total ------------------------------------------------------------------------------------------------------------------------ Top 10 origins of code area: Top 10 object types in image heap: 13.88MB java.base 17.69MB byte[] for code metadata 6.36MB java.xml 8.09MB byte[] for java.lang.String 2.23MB jdk.proxy4 6.17MB java.lang.Class 2.05MB svm.jar (Native Image) 5.22MB java.lang.String 1.89MB q.8.2-SNAPSHOT-runner.jar 2.81MB byte[] for embedded resources 1.86MB c.f.jackson.core.jackson-databind-2.16.1.jar 2.05MB com.oracle.svm.core.hub.DynamicHubCompanion 1.78MB org.apache.cxf.cxf-core-4.0.4.jar 1.71MB byte[] for reflection metadata 1.74MB org.ehcache.ehcache-3.10.8-jakarta.jar 1.48MB byte[] for general heap data 1.46MB org.apache.santuario.xmlsec-3.0.4.jar 1022.55kB java.lang.String[] 1.39MB java.net.http 859.34kB c.o.svm.core.hub.DynamicHub$ReflectionMetadata 21.07MB for 148 more packages 11.42MB for 4900 more object types ------------------------------------------------------------------------------------------------------------------------ Recommendations: AWT: Use the tracing agent to collect metadata for AWT. HEAP: Set max heap for improved and more predictable memory usage. CPU: Enable more CPU features with '-march=native' for improved performance. ------------------------------------------------------------------------------------------------------------------------ 35.3s (17.6% of total time) in 243 GCs | Peak RSS: 4.79GB | CPU load: 3.41 ------------------------------------------------------------------------------------------------------------------------ Produced artifacts: /project/libawt.so (jdk_library) /project/libawt_headless.so (jdk_library) /project/libawt_xawt.so (jdk_library) /project/libjava.so (jdk_library_shim) /project/libjvm.so (jdk_library_shim) /project/liblcms.so (jdk_library) /project/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner (executable) /project/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner-build-output-stats.json (build_info) ======================================================================================================================== Finished generating 'quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner' in 3m 19s. [INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] docker run --env LANG=C --rm --user 600:600 -v /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar:/project:z --entrypoint /bin/bash quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -c objcopy --strip-debug quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner [INFO] [io.quarkus.deployment.QuarkusAugmentor] Quarkus augmentation completed in 207339ms [INFO] [INFO] --- failsafe:3.2.5:integration-test (default) @ quarkus-cxf-integration-test-ws-security-policy --- [INFO] Using auto detected provider org.apache.maven.surefire.junitplatform.JUnitPlatformProvider [INFO] [INFO] ------------------------------------------------------- [INFO] T E S T S [INFO] ------------------------------------------------------- [INFO] Running io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyIT Executing "/home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner -Dquarkus.http.port=8081 -Dquarkus.http.ssl-port=8444 -Dtest.url=http://localhost:8081 -Dquarkus.log.file.path=/home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus.log -Dquarkus.log.file.enable=true -Dquarkus.log.category."io.quarkus".level=INFO" __ ____ __ _____ ___ __ ____ ______ --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \ --\___\_\____/_/ |_/_/|_/_/|_|\____/___/ 2024-03-18 13:07:59,204 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSign 2024-03-18 13:07:59,204 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,205 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml2 2024-03-18 13:07:59,205 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,206 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameToken 2024-03-18 13:07:59,206 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,207 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenAlt 2024-03-18 13:07:59,207 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,207 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenUncachedNonce 2024-03-18 13:07:59,207 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,208 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloHttps 2024-03-18 13:07:59,208 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,209 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong1 2024-03-18 13:07:59,209 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,209 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /hello 2024-03-18 13:07:59,209 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl on /services available. 2024-03-18 13:07:59,210 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomizedEncryptSign 2024-03-18 13:07:59,210 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,211 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSignCrypto 2024-03-18 13:07:59,211 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,211 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSign 2024-03-18 13:07:59,211 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,212 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml1 2024-03-18 13:07:59,212 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,213 INFO [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong2 2024-03-18 13:07:59,213 INFO [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl on /services available. 2024-03-18 13:07:59,255 INFO [io.quarkus] (main) quarkus-cxf-integration-test-ws-security-policy 3.8.2-SNAPSHOT native (powered by Quarkus 3.8.3) started in 0.138s. Listening on: http://0.0.0.0:8081 and https://0.0.0.0:8444 2024-03-18 13:07:59,255 INFO [io.quarkus] (main) Profile prod activated. 2024-03-18 13:07:59,255 INFO [io.quarkus] (main) Installed features: [cdi, cxf, cxf-rt-ws-security, resteasy, smallrye-context-propagation, vertx, xmlsec] 2024-03-18 13:08:00,243 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider STRTransform was added at position: 9 2024-03-18 13:08:00,243 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentContentSignatureTransform was added at position: 10 2024-03-18 13:08:00,243 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentCompleteSignatureTransform was added at position: 11 2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken 2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token 2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10 2024-03-18 13:08:00,244 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader. 2024-03-18 13:08:00,248 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded 2024-03-18 13:08:00,248 DEBUG [org.apa.wss.dom.mes.WSSecEncryptedKey] (executor-thread-1) cipher blksize: 0 2024-03-18 13:08:00,249 DEBUG [org.apa.wss.dom.mes.WSSecEncrypt] (executor-thread-1) Error destroying key: null 2024-03-18 13:08:00,269 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-2) WSS4JInInterceptor: enter handleMessage() 2024-03-18 13:08:00,308 INFO [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-1186773456' created in EhcacheManager. 2024-03-18 13:08:00,312 INFO [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'ws-security.timestamp.cache.instance-1186773456' created in EhcacheManager. 2024-03-18 13:08:00,313 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-2) Trying to find [bob-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader. 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) The KeyStore bob-keystore.pkcs12 of type pkcs12 has been loaded 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.dom.pro.TimestampProcessor] (executor-thread-2) Found Timestamp list element 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.uti.DateUtil] (executor-thread-2) Validation of Created: Everything is ok 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.dom.pro.EncryptedKeyProcessor] (executor-thread-2) Found encrypted key element 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-2) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095148 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148 2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Issuer Serial match found using keystore alias bob 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-2) Found signature element 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095147 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Issuer Serial match found using keystore alias alice 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Direct trust for certificate with CN=alice,OU=eng (NOT FOR PRODUCTION),O=apache.org 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.dom.val.SignatureTrustValidator] (executor-thread-2) Certificate path has been verified for certificate with subject CN=alice,OU=eng (NOT FOR PRODUCTION),O=apache.org 2024-03-18 13:08:00,325 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-2) Verify XML Signature 2024-03-18 13:08:00,326 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-2) Found reference list element 2024-03-18 13:08:00,326 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-2) Found data reference: ED-de9fd289-86c3-4b1a-bed6-ffd6487ae5b0 2024-03-18 13:08:00,326 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-2) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#aes256-cbc 2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-2) WSS4JInInterceptor: exit handleMessage() 2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken 2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token 2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10 2024-03-18 13:08:00,327 DEBUG [org.apa.wss.dom.mes.WSSecEncryptedKey] (executor-thread-2) cipher blksize: 0 2024-03-18 13:08:00,328 DEBUG [org.apa.wss.dom.mes.WSSecEncrypt] (executor-thread-2) Error destroying key: null 2024-03-18 13:08:00,328 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10 2024-03-18 13:08:00,334 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-1) WSS4JInInterceptor: enter handleMessage() 2024-03-18 13:08:00,343 INFO [org.ehc.cor.EhcacheManager] (executor-thread-1) Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-1572170400' created in EhcacheManager. 2024-03-18 13:08:00,343 DEBUG [org.apa.wss.dom.pro.TimestampProcessor] (executor-thread-1) Found Timestamp list element 2024-03-18 13:08:00,343 DEBUG [org.apa.wss.com.uti.DateUtil] (executor-thread-1) Validation of Created: Everything is ok 2024-03-18 13:08:00,343 DEBUG [org.apa.wss.dom.pro.EncryptedKeyProcessor] (executor-thread-1) Found encrypted key element 2024-03-18 13:08:00,343 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-1) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p 2024-03-18 13:08:00,343 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095147 2024-03-18 13:08:00,343 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147 2024-03-18 13:08:00,344 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Issuer Serial match found using keystore alias alice 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-1) Found signature element 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095148 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Issuer Serial match found using keystore alias bob 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095148 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Issuer Serial match found using keystore alias bob 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Direct trust for certificate with CN=bob,OU=eng (NOT FOR PRODUCTION),O=apache.org 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.val.SignatureTrustValidator] (executor-thread-1) Certificate path has been verified for certificate with subject CN=bob,OU=eng (NOT FOR PRODUCTION),O=apache.org 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-1) Verify XML Signature 2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-1) Found reference list element 2024-03-18 13:08:00,349 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-1) Found data reference: ED-b84457bc-a490-4a19-91f7-6d76f9176652 2024-03-18 13:08:00,349 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-1) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#aes256-cbc 2024-03-18 13:08:00,349 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-1) WSS4JInInterceptor: exit handleMessage() [ERROR] Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 3.424 s <<< FAILURE! -- in io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyIT [ERROR] io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyIT.helloCustomizedValuesCorrectly -- Time elapsed: 1.161 s <<< FAILURE! java.lang.AssertionError: 1 expectation failed. Expected status code <500> but was <200>. at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499) at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480) at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:73) at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:108) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:57) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:263) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:277) at io.restassured.internal.ResponseSpecificationImpl$HamcrestAssertionClosure.validate(ResponseSpecificationImpl.groovy:512) at io.restassured.internal.ResponseSpecificationImpl$HamcrestAssertionClosure$validate$1.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:139) at io.restassured.internal.ResponseSpecificationImpl.validateResponseIfRequired(ResponseSpecificationImpl.groovy:696) at io.restassured.internal.ResponseSpecificationImpl.this$2$validateResponseIfRequired(ResponseSpecificationImpl.groovy) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:198) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:62) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185) at io.restassured.internal.ResponseSpecificationImpl.statusCode(ResponseSpecificationImpl.groovy:135) at io.restassured.specification.ResponseSpecification$statusCode$0.callCurrent(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185) at io.restassured.internal.ResponseSpecificationImpl.statusCode(ResponseSpecificationImpl.groovy:143) at io.restassured.internal.ValidatableResponseOptionsImpl.statusCode(ValidatableResponseOptionsImpl.java:89) at io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyTest.helloCustomizedValuesCorrectly(CustomEncryptSignPolicyTest.java:38) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at io.quarkus.test.junit.QuarkusTestExtension.interceptTestMethod(QuarkusTestExtension.java:816) at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) [INFO] [INFO] Results: [INFO] [ERROR] Failures: [ERROR] CustomEncryptSignPolicyIT>CustomEncryptSignPolicyTest.helloCustomizedValuesCorrectly:38 1 expectation failed. Expected status code <500> but was <200>. [INFO] [ERROR] Tests run: 1, Failures: 1, Errors: 0, Skipped: 0 ```
JiriOndrusek commented 3 months ago

I'm able to debug the JVM execution via remote and I see the value entering org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:207) - which fails - to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p which should happen also in native. I haven't find a way of proving, that the value is the samethough.

JiriOndrusek commented 3 months ago

Thanks @ppalaga for the help! The behavior of the native testing makes sense, because the the natively compiled image is not FIPS compliant. I'll change the assertions of the tests to fails for FIPS in native + make them log, that native mode and FIPS behaves differently.

JiriOndrusek commented 3 months ago

I fixed the problems and change is prepared to be merged.

If test runs in native and the machine environment (where the test runs) or the binary is FIPS enabled, the test fails with the message: Combination of FIPS environment and native mode is not supported.

In jvm, test detects, whether system is FIPS compliant, and test asserts success or failure based on this information.

To show behavior correctly:

In non-fips mode (jvm or native), results are Tests run: 28, Failures: 0, Errors: 0, Skipped: 0 In FIPS jvm, results are: Tests run: 28, Failures: 0, Errors: 0, Skipped: 0 In FIPS native : Tests run: 28, Failures: 9, Errors: 0, Skipped: 0