Encoding in the element EncryptedData is returning an invalid value (Doc ID 1404411.1)

Last updated on JUNE 09, 2016

Applies to:

Oracle Weblogic Server - Version 10.3.2 to 10.3.3
Information in this document applies to any platform.

Symptoms

On WLS 10.3.3,the response SOAP envelope returned by weblogic is not compatible with the XML Encryption Syntax and Processing (http://www.w3.org/TR/xmlenc-core/).

According to this specification, the Encoding attribute is optional for the EncryptedData element, but if specified it must indicate a value of type 'anyURI'.

The attribute Encoding in the element EncryptedData is returning an invalid value. It should return a value of type anyURI with a valid URI, but instead of this is returning the value 'utf-8'.

As a result its generating an exception with the message 'scheme not found in uri: utf-8

java.lang.IllegalArgumentException
org.apache.ws.security.WSSecurityException: The signature or decryption was invalid; nested exception is:
java.lang.IllegalArgumentException
at org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:241)
at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:443)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:381)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:104)
at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:84)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
at com.eviware.soapui.impl.wsdl.support.wss.IncomingWss.processIncoming(IncomingWss.java:119)
at com.eviware.soapui.impl.wsdl.submit.transports.http.support.attachments.WsdlSinglePartHttpResponse.processIncomingWss(WsdlSinglePartHttpResponse.java:49)
at com.eviware.soapui.impl.wsdl.submit.transports.http.support.attachments.WsdlSinglePartHttpResponse.<init>(WsdlSinglePartHttpResponse.java:38)
at com.eviware.soapui.impl.wsdl.submit.filters.HttpPackagingResponseFilter.wsdlRequest(HttpPackagingResponseFilter.java:64)
at com.eviware.soapui.impl.wsdl.submit.filters.HttpPackagingResponseFilter.afterAbstractHttpResponse(HttpPackagingResponseFilter.java:42)
at com.eviware.soapui.impl.wsdl.submit.filters.AbstractRequestFilter.afterRequest(AbstractRequestFilter.java:64)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:228)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:123)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.IllegalArgumentException
at org.apache.xml.security.encryption.XMLCipher$Factory$EncryptedTypeImpl.setEncoding(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher$Factory.newEncryptedData(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown Source)
at org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:239)
... 20 more
Caused by: org.apache.xml.utils.URI$MalformedURIException: No scheme found in URI: UTF-8
at org.apache.xml.utils.URI.initialize(URI.java:394)
at org.apache.xml.utils.URI.<init>(URI.java:196)
at org.apache.xml.utils.URI.<init>(URI.java:179)
... 27 more


Below is the sample snippet of response returned by WLS

<S:Body wsu:Id="Body_8lyOCmhKtoaYjuu1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ns1:EncryptedData Encoding="UTF-8" Id="sf1bnxJAp0Y1pCd5" MimeType="text/xml" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:ns1="http://www.w3.org/2001/04/xmlenc#">
<ns1:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ns1:CipherData>
<ns1:CipherValue>

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms