Imagina que estás recibiendo una excepción como esta cuando estas tratando de desencriptar un mensaje en kafka que ha sido cifrado usando AES256:

org.apache.xml.security.algorithms.JCEMapper:09/10/2016 11:24:52:559 AM UTC: Thread[http-nio-10600-exec-8,5,main]: TransactionId[0f6493db-02a6-45d8-8aa9-7c0571c85d77-267] Request for URI http://www.w3.org/2001/04/xmlenc#aes256-cbc org.apache.xml.security.encryption.XMLCipher:09/10/2016 11:24:52:559 AM UTC: Thread[http-nio-10600-exec-8,5,main]: TransactionId[0f6493db-02a6-45d8-8aa9-7c0571c85d77-267] JCE Algorithm = AES/CBC/ISO10126Padding libSAML2:09/10/2016 11:24:52:559 AM UTC: Thread[http-nio-10600-exec-8,5,main]: TransactionId[0f6493db-02a6-45d8-8aa9-7c0571c85d77-267] ERROR: FMEncProvider.decrypt: Failed to decrypt data. org.apache.xml.security.encryption.XMLEncryptionException: Illegal key size Original Exception was java.security.InvalidKeyException: Illegal key size at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1762) at org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1618) at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:932) at com.sun.identity.saml2.xmlenc.FMEncProvider.decrypt(FMEncProvider.java:621)

Causa:

Java® 8 y versiones anteriores no admiten claves con cifrado AES de 256 bits de forma predeterminada; solo se admite el cifrado AES de 128 bits. Esto no quiere decir que a partir de cualquier versión de java8 este se use por defecto AES256. Este problema lo detecté usando jdk_1.8_045.

Solución:

This issue can be resolved by installing the Oracle® Java JCE unlimited strength jars. These jars can be downloaded from the following link for Java 8 and earlier.

Luego, debemos instalar estos archivos jar en el directorio $ JAVA_HOME/jre/lib/security y volver a levantar la app. Las excepciones deberían haber desaparecido.

En ingles.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s