Bug 796991 - Add support for other types of security certificates to BinarySecurityToken
Summary: Add support for other types of security certificates to BinarySecurityToken
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: JBoss Enterprise SOA Platform 5
Classification: JBoss
Component: JBossESB
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ER1
: 5.3.0 GA
Assignee: Kevin Conner
QA Contact: Gui Jospin
URL:
Whiteboard:
Depends On:
Blocks: 801872
TreeView+ depends on / blocked
 
Reported: 2012-02-24 00:59 UTC by Jason Shepherd
Modified: 2025-02-10 03:19 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-02-10 03:19:08 UTC
Type: Feature Request
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker JBESB-2460 0 Major Closed BinarySecurityToken class hardwired to X.509 certificates 2014-04-02 17:43:03 UTC

Description Jason Shepherd 2012-02-24 00:59:19 UTC 
Created attachment 565439 [details]
example project

Description of problem:
Implement a fix for this ESB problem in SOA-P 5

Version-Release number of selected component (if applicable):
ESB 4.10

How reproducible:
Use that attached example project.

Steps to Reproduce:
1. Deploy HttpGtwySec ESB Project to SOA-P 5.2 Standalone instance
2. Run the HttpGtwySecClient project with ant
3. Run the HttpGtwySecClient project with ant target 'test-v3' to see expected result
  
Actual results:
0:53:26,310 ERROR [[soap]] Servlet.service() for servlet soap threw exception
java.lang.IllegalStateException: Could not create certificate: 
	at org.jboss.soa.esb.services.security.auth.ws.BinarySecurityToken.setKey(BinarySecurityToken.java:89)
	at org.jboss.soa.esb.services.security.auth.ws.BinarySecurityTokenExtractor.extractBinarySecurityToken(BinarySecurityTokenExtractor.java:148)
	at org.jboss.soa.esb.services.security.auth.ws.BinarySecurityTokenExtractor.extractSecurityInfo(BinarySecurityTokenExtractor.java:105)
	at org.jboss.soa.esb.services.security.auth.ws.BinarySecurityTokenExtractor.extractSecurityInfo(BinarySecurityTokenExtractor.java:54)
	at org.jboss.soa.esb.services.security.auth.ExtractorUtil.extract(ExtractorUtil.java:59)
	at org.jboss.soa.esb.listeners.gateway.http.HttpMessageComposer.populateMessage(HttpMessageComposer.java:165)
	at org.jboss.soa.esb.listeners.gateway.http.HttpMessageComposer.populateMessage(HttpMessageComposer.java:79)
	at org.jboss.soa.esb.listeners.message.AbstractMessageComposer.compose(AbstractMessageComposer.java:76)
	at org.jboss.soa.esb.listeners.gateway.http.HttpGatewayServlet.processServiceRequest(HttpGatewayServlet.java:216)
	at org.jboss.soa.esb.listeners.gateway.http.HttpGatewayServlet.service(HttpGatewayServlet.java:195)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
	at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
	at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
	at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:182)
	at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:90)
	at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:305)
	at org.jboss.soa.esb.services.security.auth.ws.BinarySecurityToken.setKey(BinarySecurityToken.java:85)
	... 30 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
	at sun.security.util.DerInputStream.getLength(DerInputStream.java:544)
	at sun.security.util.DerValue.<init>(DerValue.java:235)
	at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:400)
	at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1708)
	at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:179)
	... 33 more

Expected results:
The request is printed in the server log

Additional info:
See https://issues.jboss.org/browse/JBESB-2460 for possible solution.

This case was Raised by Red Hat engineer via GSS in this support case:
https://c.na7.visual.force.com/apex/Case_View?id=500A00000091ml3
Comment 4 JBoss JIRA Server 2012-03-12 19:21:56 UTC 
Tom Cunningham <tcunning> updated the status of jira JBESB-2460 to Resolved
Comment 5 JBoss JIRA Server 2012-03-12 19:21:56 UTC 
Tom Cunningham <tcunning> made a comment on jira JBESB-2460

Make BinarySecurityToken an interface and make the implementation pluggable.
Adding a property to the security section of the jbossesb-properties.xml
containing your implementation class name makes it pluggable :

example : 
        <property name="org.jboss.soa.esb.services.security.auth.ws.binarysecuritytoken.implementationClass" value="org.jboss.soa.esb.services.security.auth.ws.BinarySecurityTokenImpl" />
Comment 6 JBoss JIRA Server 2012-03-12 19:22:05 UTC 
Tom Cunningham <tcunning> updated the status of jira JBESB-2460 to Closed
Comment 7 Rick Wagner 2012-03-19 21:33:11 UTC 
Customer facing, so high priority please.
Comment 8 tcunning 2012-04-05 15:46:16 UTC 
Should be in ER1, see JBESB-2460 for details.
Comment 9 Rick Wagner 2012-04-16 13:40:54 UTC 
See JBESB-3780, addressed in svn commit r38019 on https://svn.jboss.org/repos/labs/labs/jboss 
esb/branches/JBESB_4_10_CP.
Comment 10 Filip Elias 2012-06-11 12:47:43 UTC 
Verified in SOA-P 5.3 ER3
Comment 11 David Le Sage 2012-06-13 00:27:58 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The org.jboss.soa.esb.services.security.auth.ws.BinarySecurityToken class has been made abstract, allowing users to implement Kerberos Token Profiles. 
The BinarySecurityToken has been made into an interface and is pluggable. To use, add a property to the security section of the jbossesb-properties.xml file 
containing your implementation class name.
Comment 12 PnT Account Manager 2017-12-07 23:54:37 UTC 
Employee 'felias' has left the company.
Comment 14 Red Hat Bugzilla 2025-02-10 03:19:08 UTC 
This product has been discontinued or is no longer tracked in Red Hat Bugzilla.
Note You need to log in before you can comment on or make changes to this bug.