Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change tests assesrtions to pass on FIPS environment #1297

Merged
merged 1 commit into from
Mar 18, 2024
Merged

Change tests assesrtions to pass on FIPS environment #1297

merged 1 commit into from
Mar 18, 2024

Conversation

JiriOndrusek
Copy link
Contributor

fixes #1285

replaces #1286

Tests are capable of knowing whether the environment is FIPS, therefore assertions are changed accordingly (whether success or failure is expected)

!There is a problem with the execution in the native in the FIPS!
non-FIPS - jvm and native works
FIPS - jvm works, native fails - I'm investigating it now.

I created this draft to see the CI results.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 18, 2024
View reviewed changes
...test/java/io/quarkiverse/cxf/it/security/policy/AbstractUsernameTokenSecurityPolicyTest.java
response.statusCode(500)
.body(containsString("java.security.NoSuchAlgorithmException: Cannot find any provider supporting"));

final List<String> messages = PolicyTestUtils.drainMessages("drainMessages", 2);

Check notice

Code scanning / CodeQL

Unread local variable Note test

Variable 'List messages' is never read.
@JiriOndrusek
Copy link
Contributor Author

JiriOndrusek commented Mar 18, 2024
edited
Loading

@ppalaga (@ffang )
I added missing policy.xml files (with different ids) for each endpoint.
And I see a weird behavior (on FIPS):
JVM tests succed, but native tests fail.

Here is a few lines from the log when executing CustomEncryptSignPolicyIT.helloCustomizedValuesCorrectly
(the test customizes the suite to use weaker alghoritms, but the correct ones, therefor it shoul succeed on non-fips and fail on FIPS)

JVM part of log, FIPS (looks as expected):

2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
2024-03-18 13:04:27,443 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:04:27,452 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using QuarkusClassLoader:Quarkus Base Runtime ClassLoader: TEST for CustomEncryptSignPolicyTest (QuarkusTest)@44a14de0 class loader.
2024-03-18 13:04:27,455 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded
2024-03-18 13:04:27,460 DEBUG [org.apa.cxf.ws.sec.wss.pol.AsymmetricBindingHandler] (executor-thread-1) unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding": org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding"

native part of the log:

2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:08:00,244 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader.
2024-03-18 13:08:00,248 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded
2024-03-18 13:08:00,248 DEBUG [org.apa.wss.dom.mes.WSSecEncryptedKey] (executor-thread-1) cipher blksize: 0
2024-03-18 13:08:00,249 DEBUG [org.apa.wss.dom.mes.WSSecEncrypt] (executor-thread-1) Error destroying key: null
2024-03-18 13:08:00,269 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-2) WSS4JInInterceptor: enter handleMessage()
2024-03-18 13:08:00,308 INFO  [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-1186773456' created in EhcacheManager.
2024-03-18 13:08:00,312 INFO  [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'ws-security.timestamp.cache.instance-1186773456' created in EhcacheManager.
2024-03-18 13:08:00,313 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-2) Trying to find [bob-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader.

You can see the same line in both logs The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded
On JVM (with FIPS) the next message is failure to find an algorithm, the native successfully continues.

Do you have an idea, what can be wrong?

I'm pasting whole log here 
[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyTest
2024-03-18 13:04:24,087 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--3621590723721044165
2024-03-18 13:04:24,097 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 9 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl
2024-03-18 13:04:24,109 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy-5409562130846995547
2024-03-18 13:04:24,109 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl
2024-03-18 13:04:24,119 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--8813917047620089109
2024-03-18 13:04:24,120 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl
2024-03-18 13:04:24,132 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--2958597516832616441
2024-03-18 13:04:24,133 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl
2024-03-18 13:04:24,141 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy-7406301022699014404
2024-03-18 13:04:24,141 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl
2024-03-18 13:04:24,149 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--825235924504016394
2024-03-18 13:04:24,150 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl
2024-03-18 13:04:24,158 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--5117895124719482176
2024-03-18 13:04:24,158 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl
2024-03-18 13:04:24,169 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--2125483729719772079
2024-03-18 13:04:24,170 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl
2024-03-18 13:04:24,178 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--8896849571768878081
2024-03-18 13:04:24,178 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl
2024-03-18 13:04:24,182 INFO  [org.apa.cxf.end.ServerImpl] (build-21) Setting the server's publish address to be /QuarkusCxfProcessor/dummy--3280877060289177314
2024-03-18 13:04:24,183 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl
2024-03-18 13:04:24,192 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService
2024-03-18 13:04:24,196 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService
2024-03-18 13:04:24,200 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService
2024-03-18 13:04:24,204 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService
2024-03-18 13:04:24,208 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService
2024-03-18 13:04:24,214 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService
2024-03-18 13:04:24,216 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HelloService
2024-03-18 13:04:24,224 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloService
2024-03-18 13:04:24,227 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService
2024-03-18 13:04:24,231 INFO  [io.qua.cxf.dep.QuarkusCxfProcessor] (build-21) Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService
2024-03-18 13:04:24,241 INFO  [io.qua.cxf.dep.Java2WsdlProcessor] (build-49) java2ws processed 0 classes
2024-03-18 13:04:24,702 INFO  [io.qua.cxf.dep.CxfEndpointImplementationProcessor] (build-34) Mapping a Vert.x handler for CXF to /services/* as requested by [io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl]
2024-03-18 13:04:25,732 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong2
2024-03-18 13:04:25,738 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,744 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml1
2024-03-18 13:04:25,744 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,749 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSignCrypto
2024-03-18 13:04:25,749 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,754 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSign
2024-03-18 13:04:25,754 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,758 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomizedEncryptSign
2024-03-18 13:04:25,758 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,761 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /hello
2024-03-18 13:04:25,762 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl on /services available.
2024-03-18 13:04:25,766 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong1
2024-03-18 13:04:25,766 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,771 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloHttps
2024-03-18 13:04:25,771 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,775 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameToken
2024-03-18 13:04:25,775 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,779 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenAlt
2024-03-18 13:04:25,779 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,782 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenUncachedNonce
2024-03-18 13:04:25,782 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,787 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml2
2024-03-18 13:04:25,787 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,790 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSign
2024-03-18 13:04:25,791 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:04:25,956 INFO  [io.quarkus] (main) quarkus-cxf-integration-test-ws-security-policy 3.8.2-SNAPSHOT on JVM (powered by Quarkus 3.8.3) started in 4.259s. Listening on: http://localhost:8081 and https://localhost:8444
2024-03-18 13:04:25,957 INFO  [io.quarkus] (main) Profile test activated. 
2024-03-18 13:04:25,958 INFO  [io.quarkus] (main) Installed features: [cdi, cxf, cxf-rt-ws-security, resteasy, smallrye-context-propagation, vertx, xmlsec]
2024-03-18 13:04:27,041 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider ApacheXMLDSig - 3.04 was added at position: 8
2024-03-18 13:04:27,316 WARN  [org.apa.cxf.ws.pol.AssertionBuilderRegistryImpl] (executor-thread-1) No assertion builder for type {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}CustomAlgorithmSuite registered.
2024-03-18 13:04:27,421 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider STRTransform was added at position: 9
2024-03-18 13:04:27,421 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentContentSignatureTransform was added at position: 10
2024-03-18 13:04:27,422 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentCompleteSignatureTransform was added at position: 11
2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
2024-03-18 13:04:27,438 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
2024-03-18 13:04:27,443 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:04:27,452 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using QuarkusClassLoader:Quarkus Base Runtime ClassLoader: TEST for CustomEncryptSignPolicyTest (QuarkusTest)@44a14de0 class loader.
2024-03-18 13:04:27,455 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded
2024-03-18 13:04:27,460 DEBUG [org.apa.cxf.ws.sec.wss.pol.AsymmetricBindingHandler] (executor-thread-1) unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding": org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding"
Original Exception was java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding
	at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:207)
	at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:154)
	at org.apache.wss4j.dom.message.WSSecEncryptedKey.encryptSymmetricKey(WSSecEncryptedKey.java:584)
	at org.apache.wss4j.dom.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:227)
	at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:115)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:546)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryptBeforeSign(AsymmetricBindingHandler.java:366)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:119)
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:200)
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:113)
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:100)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
	at jdk.proxy6/jdk.proxy6.$Proxy157.hello(Unknown Source)
	at io.quarkiverse.cxf.it.security.policy.SecurityPolicyResource.hello(SecurityPolicyResource.java:189)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118)
	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452)
	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413)
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:70)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154)
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229)
	at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82)
	at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147)
	at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler$1.run(VertxRequestHandler.java:93)
	at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
	at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
	at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
	at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
	at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:181)
	... 49 more
Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA1AndMGF1Padding
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
	at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
	... 50 more

2024-03-18 13:04:27,462 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Not asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken: org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding"
Original Exception was java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding
2024-03-18 13:04:27,463 WARN  [org.apa.cxf.pha.PhaseInterceptorChain] (executor-thread-1) Interceptor for {http://policy.security.it.cxf.quarkiverse.io/}CustomizedEncryptSignPolicyHelloService#{http://policy.security.it.cxf.quarkiverse.io/}hello has thrown exception, unwinding now: org.apache.cxf.ws.policy.PolicyException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding"
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractCommonBindingHandler.unassertPolicy(AbstractCommonBindingHandler.java:114)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:589)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryptBeforeSign(AsymmetricBindingHandler.java:366)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.handleBinding(AsymmetricBindingHandler.java:119)
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessageInternal(PolicyBasedWSS4JOutInterceptor.java:200)
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:113)
	at org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor$PolicyBasedWSS4JOutInterceptorInternal.handleMessage(PolicyBasedWSS4JOutInterceptor.java:100)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:441)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:356)
	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:314)
	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:140)
	at jdk.proxy6/jdk.proxy6.$Proxy157.hello(Unknown Source)
	at io.quarkiverse.cxf.it.security.policy.SecurityPolicyResource.hello(SecurityPolicyResource.java:189)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:154)
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:118)
	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:560)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:452)
	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:413)
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:415)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:378)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:356)
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:70)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:429)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:240)
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:154)
	at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:321)
	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:157)
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:229)
	at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:82)
	at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:147)
	at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler$1.run(VertxRequestHandler.java:93)
	at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
	at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
	at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
	at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: unsupported key transport encryption algorithm: No such algorithm: "RSA/ECB/OAEPWithSHA1AndMGF1Padding"
Original Exception was java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding
	at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:207)
	at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:154)
	at org.apache.wss4j.dom.message.WSSecEncryptedKey.encryptSymmetricKey(WSSecEncryptedKey.java:584)
	at org.apache.wss4j.dom.message.WSSecEncryptedKey.prepare(WSSecEncryptedKey.java:227)
	at org.apache.wss4j.dom.message.WSSecEncrypt.prepare(WSSecEncrypt.java:115)
	at org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler.doEncryption(AsymmetricBindingHandler.java:546)
	... 44 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPWithSHA1AndMGF1Padding
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:571)
	at org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:181)
	... 49 more
Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding OAEPWithSHA1AndMGF1Padding
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:137)
	at java.base/javax.crypto.Cipher$Transform.setModePadding(Cipher.java:388)
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:564)
	... 50 more

[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 8.286 s -- in io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyTest
2024-03-18 13:04:27,628 INFO  [io.quarkus] (main) quarkus-cxf-integration-test-ws-security-policy stopped in 0.092s
[INFO] 
[INFO] Results:
[INFO] 
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
[INFO] 
[INFO] 
[INFO] --- jar:3.3.0:jar (default-jar) @ quarkus-cxf-integration-test-ws-security-policy ---
[INFO] Building jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT.jar
[INFO] 
[INFO] --- source:3.3.0:jar-no-fork (attach-sources) @ quarkus-cxf-integration-test-ws-security-policy ---
[INFO] Building jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-sources.jar
[INFO] 
[INFO] --- jar:3.3.0:test-jar (default) @ quarkus-cxf-integration-test-ws-security-policy ---
[INFO] Building jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-tests.jar
[INFO] 
[INFO] --- quarkus:3.8.3:build (default) @ quarkus-cxf-integration-test-ws-security-policy ---
[WARNING] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Cannot find the `native-image` in the GRAALVM_HOME, JAVA_HOME and System PATH. Install it using `gu install native-image` Attempting to fall back to container build.
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-4559857281264667813
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 9 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml2PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--2233034055351787650
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}UsernameTokenPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--375154147368465301
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HttpsPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--4221659488130387809
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong1PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-9014933952747715964
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.HelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-7994349831358209209
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomizedEncryptSignPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-9070293355230109440
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}EncryptSignPolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--8085849120177807383
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml1PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy--3904657221477083726
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong2PolicyHelloServiceImplService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService
[INFO] Setting the server's publish address to be /QuarkusCxfProcessor/dummy-8359058534788620340
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml2PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}UsernameTokenPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomizedEncryptSignPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HelloService from class io.quarkiverse.cxf.it.security.policy.HelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong1PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}EncryptSignPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}Saml1PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}HttpsPolicyHelloService from class io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloService
[INFO] Creating Service {http://policy.security.it.cxf.quarkiverse.io/}CustomEncryptSignWrong2PolicyHelloService from class io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.QuarkusCxfProcessor] Generated 0 ancillary classes for client io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloService
[INFO] [io.quarkiverse.cxf.deployment.Java2WsdlProcessor] java2ws processed 0 classes
[INFO] [io.quarkiverse.cxf.deployment.CxfEndpointImplementationProcessor] Mapping a Vert.x handler for CXF to /services/* as requested by [io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.HelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl, io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl]
[INFO] [io.quarkus.deployment.pkg.steps.JarResultBuildStep] Building native image source jar: /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner.jar
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Building native image from /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner.jar
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildContainerRunner] Using docker to run the native image builder
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildContainerRunner] Pulling builder image 'quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21'
jdk-21: Pulling from quarkus/ubi-quarkus-mandrel-builder-image
Digest: sha256:ed5d4bd07b94a1c5e11590449fe7b46ff2682f6eb1256ac80d870678afa135ec
Status: Image is up to date for quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21
quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildStep] Running Quarkus native-image plugin on MANDREL 23.1.2.0 JDK 21.0.2+13-LTS
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] docker run --env LANG=C --rm --user 600:600 -v /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar:/project:z --name build-native-aJTiB quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -J-Dsun.nio.ch.maxUpdateArraySize=100 -J-Djava.util.logging.manager=org.jboss.logmanager.LogManager -J-Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true -J-Dorg.ehcache.sizeof.AgentSizeOf.bypass=true -J-Dlogging.initial-configurator.min-level=500 -J-Dvertx.logger-delegate-factory-class-name=io.quarkus.vertx.core.runtime.VertxLogDelegateFactory -J-Dvertx.disableDnsResolver=true -J-Dio.netty.leakDetection.level=DISABLED -J-Dio.netty.allocator.maxOrder=3 -J-Duser.language=en -J-Duser.country=US -J-Dfile.encoding=UTF-8 --features=io.quarkus.runner.Feature,io.quarkus.runtime.graal.DisableLoggingFeature -J--add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED -J--add-opens=java.base/java.text=ALL-UNNAMED -J--add-opens=java.base/java.io=ALL-UNNAMED -J--add-opens=java.base/java.lang.invoke=ALL-UNNAMED -J--add-opens=java.base/java.util=ALL-UNNAMED -H:+UnlockExperimentalVMOptions -H:BuildOutputJSONFile=quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner-build-output-stats.json -H:-UnlockExperimentalVMOptions --strict-image-heap -H:+UnlockExperimentalVMOptions -H:+AllowFoldMethods -H:-UnlockExperimentalVMOptions -J-Djava.awt.headless=true --no-fallback --link-at-build-time -H:+UnlockExperimentalVMOptions -H:+ReportExceptionStackTraces -H:-UnlockExperimentalVMOptions -H:-AddAllCharsets --enable-url-protocols=http,https --enable-monitoring=heapdump -H:+UnlockExperimentalVMOptions -H:-UseServiceLoaderFeature -H:-UnlockExperimentalVMOptions -H:+UnlockExperimentalVMOptions -H:AdditionalSecurityProviders=org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI -H:-UnlockExperimentalVMOptions -J--add-exports=org.graalvm.nativeimage/org.graalvm.nativeimage.impl=ALL-UNNAMED --exclude-config io\.netty\.netty-codec /META-INF/native-image/io\.netty/netty-codec/generated/handlers/reflect-config\.json --exclude-config io\.netty\.netty-handler /META-INF/native-image/io\.netty/netty-handler/generated/handlers/reflect-config\.json quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner -jar quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner.jar
========================================================================================================================
GraalVM Native Image: Generating 'quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner' (executable)...
========================================================================================================================
For detailed information and explanations on the build output, visit:
https://github.com/oracle/graal/blob/master/docs/reference-manual/native-image/BuildOutput.md
------------------------------------------------------------------------------------------------------------------------
[1/8] Initializing...                                                                                    (8.0s @ 0.16GB)
 Java version: 21.0.2+13-LTS, vendor version: Mandrel-23.1.2.0-Final
 Graal compiler: optimization level: 2, target machine: x86-64-v3
 C compiler: gcc (redhat, x86_64, 8.5.0)
 Garbage collector: Serial GC (max heap size: 80% of RAM)
 5 user-specific feature(s):
 - com.oracle.svm.thirdparty.gson.GsonFeature
 - io.quarkus.runner.Feature: Auto-generated class by Quarkus from the existing extensions
 - io.quarkus.runtime.graal.DisableLoggingFeature: Disables INFO logging during the analysis phase
 - org.eclipse.angus.activation.nativeimage.AngusActivationFeature
 - org.eclipse.angus.mail.nativeimage.AngusMailFeature
------------------------------------------------------------------------------------------------------------------------
 4 experimental option(s) unlocked:
 - '-H:+AllowFoldMethods' (origin(s): command line)
 - '-H:BuildOutputJSONFile' (origin(s): command line)
 - '-H:-UseServiceLoaderFeature' (origin(s): command line)
 - '-H:AdditionalSecurityProviders' (origin(s): command line)
------------------------------------------------------------------------------------------------------------------------
Build resources:
 - 5.68GB of memory (75.6% of 7.51GB system memory, determined at start)
 - 4 thread(s) (100.0% of 4 available processor(s), determined at start)
^[[B13:05:55,987 INFO  [org.ehc.siz.fil.AnnotationSizeOfFilter] Using regular expression provided through VM argument org.ehcache.sizeof.filters.AnnotationSizeOfFilter.pattern for IgnoreSizeOf annotation : ^.*cache\..*IgnoreSizeOf$
[2/8] Performing analysis...  [*****]                                                                   (85.0s @ 2.20GB)
   24,373 reachable types   (90.5% of   26,935 total)
   36,180 reachable fields  (63.1% of   57,361 total)
  124,330 reachable methods (62.7% of  198,190 total)
    8,902 types, 1,609 fields, and 11,189 methods registered for reflection
       62 types,    63 fields, and    55 methods registered for JNI access
        4 native libraries: dl, pthread, rt, z
[3/8] Building universe...                                                                               (9.9s @ 2.96GB)
[4/8] Parsing methods...      [***]                                                                      (7.3s @ 2.38GB)
[5/8] Inlining methods...     [***]                                                                      (5.4s @ 2.88GB)
[6/8] Compiling methods...    [********]                                                                (60.1s @ 2.45GB)
[7/8] Layouting methods...    [***]                                                                     (11.8s @ 2.54GB)
[8/8] Creating image...       [***]                                                                     (10.6s @ 2.69GB)
  56.29MB (48.88%) for code area:    82,446 compilation units
  58.48MB (50.78%) for image heap:  571,531 objects and 475 resources
 406.77kB ( 0.34%) for other data
 115.16MB in total
------------------------------------------------------------------------------------------------------------------------
Top 10 origins of code area:                                Top 10 object types in image heap:
  13.88MB java.base                                           17.69MB byte[] for code metadata
   6.36MB java.xml                                             8.09MB byte[] for java.lang.String
   2.23MB jdk.proxy4                                           6.17MB java.lang.Class
   2.05MB svm.jar (Native Image)                               5.22MB java.lang.String
   1.89MB q.8.2-SNAPSHOT-runner.jar                            2.81MB byte[] for embedded resources
   1.86MB c.f.jackson.core.jackson-databind-2.16.1.jar         2.05MB com.oracle.svm.core.hub.DynamicHubCompanion
   1.78MB org.apache.cxf.cxf-core-4.0.4.jar                    1.71MB byte[] for reflection metadata
   1.74MB org.ehcache.ehcache-3.10.8-jakarta.jar               1.48MB byte[] for general heap data
   1.46MB org.apache.santuario.xmlsec-3.0.4.jar             1022.55kB java.lang.String[]
   1.39MB java.net.http                                      859.34kB c.o.svm.core.hub.DynamicHub$ReflectionMetadata
  21.07MB for 148 more packages                               11.42MB for 4900 more object types
------------------------------------------------------------------------------------------------------------------------
Recommendations:
 AWT:  Use the tracing agent to collect metadata for AWT.
 HEAP: Set max heap for improved and more predictable memory usage.
 CPU:  Enable more CPU features with '-march=native' for improved performance.
------------------------------------------------------------------------------------------------------------------------
                       35.3s (17.6% of total time) in 243 GCs | Peak RSS: 4.79GB | CPU load: 3.41
------------------------------------------------------------------------------------------------------------------------
Produced artifacts:
 /project/libawt.so (jdk_library)
 /project/libawt_headless.so (jdk_library)
 /project/libawt_xawt.so (jdk_library)
 /project/libjava.so (jdk_library_shim)
 /project/libjvm.so (jdk_library_shim)
 /project/liblcms.so (jdk_library)
 /project/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner (executable)
 /project/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner-build-output-stats.json (build_info)
========================================================================================================================
Finished generating 'quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner' in 3m 19s.
[INFO] [io.quarkus.deployment.pkg.steps.NativeImageBuildRunner] docker run --env LANG=C --rm --user 600:600 -v /home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-native-image-source-jar:/project:z --entrypoint /bin/bash quay.io/quarkus/ubi-quarkus-mandrel-builder-image:jdk-21 -c objcopy --strip-debug quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner
[INFO] [io.quarkus.deployment.QuarkusAugmentor] Quarkus augmentation completed in 207339ms
[INFO] 
[INFO] --- failsafe:3.2.5:integration-test (default) @ quarkus-cxf-integration-test-ws-security-policy ---
[INFO] Using auto detected provider org.apache.maven.surefire.junitplatform.JUnitPlatformProvider
[INFO] 
[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyIT
Executing "/home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus-cxf-integration-test-ws-security-policy-3.8.2-SNAPSHOT-runner -Dquarkus.http.port=8081 -Dquarkus.http.ssl-port=8444 -Dtest.url=http://localhost:8081 -Dquarkus.log.file.path=/home/hudson/jondruse/quarkus-cxf/integration-tests/ws-security-policy/target/quarkus.log -Dquarkus.log.file.enable=true -Dquarkus.log.category."io.quarkus".level=INFO"
__  ____  __  _____   ___  __ ____  ______ 
 --/ __ \/ / / / _ | / _ \/ //_/ / / / __/ 
 -/ /_/ / /_/ / __ |/ , _/ ,< / /_/ /\ \   
--\___\_\____/_/ |_/_/|_/_/|_|\____/___/   
2024-03-18 13:07:59,204 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSign
2024-03-18 13:07:59,204 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,205 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml2
2024-03-18 13:07:59,205 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml2PolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,206 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameToken
2024-03-18 13:07:59,206 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,207 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenAlt
2024-03-18 13:07:59,207 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,207 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloUsernameTokenUncachedNonce
2024-03-18 13:07:59,207 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.UsernameTokenPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,208 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloHttps
2024-03-18 13:07:59,208 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HttpsPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,209 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong1
2024-03-18 13:07:59,209 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong1PolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,209 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /hello
2024-03-18 13:07:59,209 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.HelloServiceImpl on /services available.
2024-03-18 13:07:59,210 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomizedEncryptSign
2024-03-18 13:07:59,210 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomizedEncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,211 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSignCrypto
2024-03-18 13:07:59,211 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,211 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloEncryptSign
2024-03-18 13:07:59,211 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.EncryptSignPolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,212 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloSaml1
2024-03-18 13:07:59,212 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.Saml1PolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,213 INFO  [org.apa.cxf.end.ServerImpl] (main) Setting the server's publish address to be /helloCustomEncryptSignWrong2
2024-03-18 13:07:59,213 INFO  [io.qua.cxf.tra.CxfHandler] (main) Web Service io.quarkiverse.cxf.it.security.policy.CustomEncryptSignWrong2PolicyHelloServiceImpl on /services available.
2024-03-18 13:07:59,255 INFO  [io.quarkus] (main) quarkus-cxf-integration-test-ws-security-policy 3.8.2-SNAPSHOT native (powered by Quarkus 3.8.3) started in 0.138s. Listening on: http://0.0.0.0:8081 and https://0.0.0.0:8444
2024-03-18 13:07:59,255 INFO  [io.quarkus] (main) Profile prod activated. 
2024-03-18 13:07:59,255 INFO  [io.quarkus] (main) Installed features: [cdi, cxf, cxf-rt-ws-security, resteasy, smallrye-context-propagation, vertx, xmlsec]
2024-03-18 13:08:00,243 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider STRTransform was added at position: 9
2024-03-18 13:08:00,243 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentContentSignatureTransform was added at position: 10
2024-03-18 13:08:00,243 DEBUG [org.apa.wss.com.cry.WSProviderConfig] (executor-thread-1) The provider AttachmentCompleteSignatureTransform was added at position: 11
2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}RecipientToken
2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
2024-03-18 13:08:00,243 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-1) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:08:00,244 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-1) Trying to find [alice-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader.
2024-03-18 13:08:00,248 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) The KeyStore alice-keystore.pkcs12 of type pkcs12 has been loaded
2024-03-18 13:08:00,248 DEBUG [org.apa.wss.dom.mes.WSSecEncryptedKey] (executor-thread-1) cipher blksize: 0
2024-03-18 13:08:00,249 DEBUG [org.apa.wss.dom.mes.WSSecEncrypt] (executor-thread-1) Error destroying key: null
2024-03-18 13:08:00,269 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-2) WSS4JInInterceptor: enter handleMessage()
2024-03-18 13:08:00,308 INFO  [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-1186773456' created in EhcacheManager.
2024-03-18 13:08:00,312 INFO  [org.ehc.cor.EhcacheManager] (executor-thread-2) Cache 'ws-security.timestamp.cache.instance-1186773456' created in EhcacheManager.
2024-03-18 13:08:00,313 DEBUG [org.apa.wss.com.uti.Loader] (executor-thread-2) Trying to find [bob-keystore.pkcs12] using jdk.internal.loader.ClassLoaders$AppClassLoader@2c8d66b2 class loader.
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) The KeyStore bob-keystore.pkcs12 of type pkcs12 has been loaded
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.dom.pro.TimestampProcessor] (executor-thread-2) Found Timestamp list element
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.uti.DateUtil] (executor-thread-2) Validation of Created: Everything is ok
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.dom.pro.EncryptedKeyProcessor] (executor-thread-2) Found encrypted key element
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-2) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095148
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148
2024-03-18 13:08:00,317 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Issuer Serial match found using keystore alias bob
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-2) Found signature element
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095147
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Issuer Serial match found using keystore alias alice
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-2) Direct trust for certificate with CN=alice,OU=eng (NOT FOR PRODUCTION),O=apache.org
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.dom.val.SignatureTrustValidator] (executor-thread-2) Certificate path has been verified for certificate with subject CN=alice,OU=eng (NOT FOR PRODUCTION),O=apache.org
2024-03-18 13:08:00,325 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-2) Verify XML Signature
2024-03-18 13:08:00,326 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-2) Found reference list element
2024-03-18 13:08:00,326 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-2) Found data reference: ED-de9fd289-86c3-4b1a-bed6-ffd6487ae5b0
2024-03-18 13:08:00,326 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-2) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#aes256-cbc
2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-2) WSS4JInInterceptor: exit handleMessage()
2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}InitiatorToken
2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702}X509Token
2024-03-18 13:08:00,327 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:08:00,327 DEBUG [org.apa.wss.dom.mes.WSSecEncryptedKey] (executor-thread-2) cipher blksize: 0
2024-03-18 13:08:00,328 DEBUG [org.apa.wss.dom.mes.WSSecEncrypt] (executor-thread-2) Error destroying key: null
2024-03-18 13:08:00,328 DEBUG [org.apa.cxf.ws.sec.wss.pol.AbstractCommonBindingHandler] (executor-thread-2) Asserting {http://schemas.xmlsoap.org/ws/2005/07/securitypolicy}Wss10
2024-03-18 13:08:00,334 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-1) WSS4JInInterceptor: enter handleMessage()
2024-03-18 13:08:00,343 INFO  [org.ehc.cor.EhcacheManager] (executor-thread-1) Cache 'org.apache.cxf.ws.security.tokenstore.TokenStore-1572170400' created in EhcacheManager.
2024-03-18 13:08:00,343 DEBUG [org.apa.wss.dom.pro.TimestampProcessor] (executor-thread-1) Found Timestamp list element
2024-03-18 13:08:00,343 DEBUG [org.apa.wss.com.uti.DateUtil] (executor-thread-1) Validation of Created: Everything is ok
2024-03-18 13:08:00,343 DEBUG [org.apa.wss.dom.pro.EncryptedKeyProcessor] (executor-thread-1) Found encrypted key element
2024-03-18 13:08:00,343 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-1) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2024-03-18 13:08:00,343 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095147
2024-03-18 13:08:00,343 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147
2024-03-18 13:08:00,344 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Issuer Serial match found using keystore alias alice
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-1) Found signature element
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095148
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Issuer Serial match found using keystore alias bob
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Searching keystore for cert with issuer CN=cxfca, OU=eng (NOT FOR PRODUCTION), O=apache.org and serial 250310938450443491057346128601344994041201095148
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias alice has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095147
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Keystore alias bob has issuer CN=cxfca,OU=eng (NOT FOR PRODUCTION),O=apache.org and serial 250310938450443491057346128601344994041201095148
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Issuer Serial match found using keystore alias bob
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.com.cry.Merlin] (executor-thread-1) Direct trust for certificate with CN=bob,OU=eng (NOT FOR PRODUCTION),O=apache.org
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.val.SignatureTrustValidator] (executor-thread-1) Certificate path has been verified for certificate with subject CN=bob,OU=eng (NOT FOR PRODUCTION),O=apache.org
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.pro.SignatureProcessor] (executor-thread-1) Verify XML Signature
2024-03-18 13:08:00,348 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-1) Found reference list element
2024-03-18 13:08:00,349 DEBUG [org.apa.wss.dom.pro.ReferenceListProcessor] (executor-thread-1) Found data reference: ED-b84457bc-a490-4a19-91f7-6d76f9176652
2024-03-18 13:08:00,349 DEBUG [org.apa.wss.dom.uti.X509Util] (executor-thread-1) Sym Enc Algo: http://www.w3.org/2001/04/xmlenc#aes256-cbc
2024-03-18 13:08:00,349 DEBUG [org.apa.cxf.ws.sec.wss.WSS4JInInterceptor] (executor-thread-1) WSS4JInInterceptor: exit handleMessage()
[ERROR] Tests run: 1, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 3.424 s <<< FAILURE! -- in io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyIT
[ERROR] io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyIT.helloCustomizedValuesCorrectly -- Time elapsed: 1.161 s <<< FAILURE!
java.lang.AssertionError: 
1 expectation failed.
Expected status code <500> but was <200>.

	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
	at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:73)
	at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:108)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:57)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:263)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:277)
	at io.restassured.internal.ResponseSpecificationImpl$HamcrestAssertionClosure.validate(ResponseSpecificationImpl.groovy:512)
	at io.restassured.internal.ResponseSpecificationImpl$HamcrestAssertionClosure$validate$1.call(Unknown Source)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:45)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:139)
	at io.restassured.internal.ResponseSpecificationImpl.validateResponseIfRequired(ResponseSpecificationImpl.groovy:696)
	at io.restassured.internal.ResponseSpecificationImpl.this$2$validateResponseIfRequired(ResponseSpecificationImpl.groovy)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at org.codehaus.groovy.runtime.callsite.PlainObjectMetaMethodSite.doInvoke(PlainObjectMetaMethodSite.java:43)
	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSiteNoUnwrapNoCoerce.invoke(PogoMetaMethodSite.java:198)
	at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.callCurrent(PogoMetaMethodSite.java:62)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185)
	at io.restassured.internal.ResponseSpecificationImpl.statusCode(ResponseSpecificationImpl.groovy:135)
	at io.restassured.specification.ResponseSpecification$statusCode$0.callCurrent(Unknown Source)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:49)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:171)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:185)
	at io.restassured.internal.ResponseSpecificationImpl.statusCode(ResponseSpecificationImpl.groovy:143)
	at io.restassured.internal.ValidatableResponseOptionsImpl.statusCode(ValidatableResponseOptionsImpl.java:89)
	at io.quarkiverse.cxf.it.security.policy.CustomEncryptSignPolicyTest.helloCustomizedValuesCorrectly(CustomEncryptSignPolicyTest.java:38)
	at java.base/java.lang.reflect.Method.invoke(Method.java:568)
	at io.quarkus.test.junit.QuarkusTestExtension.interceptTestMethod(QuarkusTestExtension.java:816)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)

[INFO] 
[INFO] Results:
[INFO] 
[ERROR] Failures: 
[ERROR]   CustomEncryptSignPolicyIT>CustomEncryptSignPolicyTest.helloCustomizedValuesCorrectly:38 1 expectation failed.
Expected status code <500> but was <200>.

[INFO] 
[ERROR] Tests run: 1, Failures: 1, Errors: 0, Skipped: 0

@JiriOndrusek
Copy link
Contributor Author

JiriOndrusek commented Mar 18, 2024
edited
Loading

I'm able to debug the JVM execution via remote and I see the value entering org.apache.wss4j.common.util.KeyUtils.getCipherInstance(KeyUtils.java:207) - which fails - to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p which should happen also in native. I haven't find a way of proving, that the value is the samethough.

@JiriOndrusek
Copy link
Contributor Author

Thanks @ppalaga for the help!
The behavior of the native testing makes sense, because the the natively compiled image is not FIPS compliant.
I'll change the assertions of the tests to fails for FIPS in native + make them log, that native mode and FIPS behaves differently.

@JiriOndrusek
Copy link
Contributor Author

I fixed the problems and change is prepared to be merged.

If test runs in native and the machine environment (where the test runs) or the binary is FIPS enabled, the test fails with the message: Combination of FIPS environment and native mode is not supported.

In jvm, test detects, whether system is FIPS compliant, and test asserts success or failure based on this information.

To show behavior correctly:

In non-fips mode (jvm or native), results are Tests run: 28, Failures: 0, Errors: 0, Skipped: 0
In FIPS jvm, results are: Tests run: 28, Failures: 0, Errors: 0, Skipped: 0
In FIPS native : Tests run: 28, Failures: 9, Errors: 0, Skipped: 0

@JiriOndrusek JiriOndrusek marked this pull request as ready for review March 18, 2024 16:05
@JiriOndrusek JiriOndrusek mentioned this pull request Mar 18, 2024
Closed
@ppalaga ppalaga merged commit 2ccdbe3 into quarkiverse:main Mar 18, 2024
23 checks passed
@JiriOndrusek JiriOndrusek mentioned this pull request Apr 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Move tests passing on a FIPS system from ws-security-policy to ws-security-policy-fips
2 participants
@JiriOndrusek @ppalaga