OC4J Client throws javax.crypto.IllegalBlockSizeException After a New Security Provider is Inserted (Doc ID 1142357.1)

Last updated on DECEMBER 05, 2016

Applies to:

Oracle Containers for J2EE - Version 10.1.3.3.0 to 10.1.3.5.0 [Release AS10gR3]
Information in this document applies to any platform.
***Checked for relevance on 10-Sep_2012***

Symptoms

In OC4J 10.1.3 based environments, when a client tries to establish connections with OC4J client side, and an external security provider is inserted, then the client side is unable to talk with the OC4J server process, and it reports following kind of exceptions:


ExchangingEncryptor.getDecryptedValue() THROW
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8
when decrypting with padded cipher is showed on oc4j

or

javax.naming.CommunicationException: <no message>
oracle.oc4j.security.ExchangingEncryptor.getEncryptedValue(ExchangingEncryptor.java:161)
com.evermind.server.rmi.RMIProtocol$SecureCredentials.send(RMIProtocol.java:246)
com.evermind.server.rmi.RMIProtocol.sendCredentials(RMIProtocol.java:95)
oracle.oc4j.rmi.ClientRmiTransport.connectToServer(ClientRmiTransport.java:91)
oracle.oc4j.rmi.ClientSocketRmiTransport.connectToServer(ClientSocketRmiTransport.java:68)
com.evermind.server.rmi.RMIClientConnection.connect(RMIClientConnection.java:646)
com.evermind.server.rmi.RMIClientConnection.sendLookupRequest(RMIClientConnection.java:190)
com.evermind.server.rmi.RMIClientConnection.lookup(RMIClientConnection.java:174)
com.evermind.server.rmi.RMIClient.lookup(RMIClient.java:283)
com.evermind.server.rmi.RMIClientContext.lookup(RMIClientContext.java:51)
...

and inner exception is

caused by: Illegal key size or default parameters [Root exception is
oracle.oc4j.security.ExchangingEncryptor$EncryptionException]
at
Thor.API.Security.LoginHandler.oracleLoginHandler.handleOracleClientLogin(Unknown Source)
at Thor.API.Security.LoginHandler.oracleLoginHandler.login(Unknown Source)
at Thor.API.Security.ClientLoginUtility.login(Unknown Source)
at Thor.API.tcUtilityFactory.<init>(Unknown Source)
..
at servlets.ServletPrinClose.doGet(ServletPrinClose.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
...
 


The exceptions appear after the OC4J client application executes method call to add an extra security provider.

Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 3);


In this specific scenario the client side is JBoss running a web application that interacts as client of OIM 9.1.0.1 that runs in remote OC4J 10.1.3.5, but the problem could reproduce as well for other kind of OC4J clients, such as fat applications or other application servers.

Changes

The exception are thrown only if the client side inserts a new security provider for example as follows


Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 3);



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms