bc-java
bc-java copied to clipboard
bcgit
HTTP headers difference & BouncyCastle error with Spring version upgrade from 5.1.0.RELEASE to 5.2.20.RELEASE
I'm working on kotlin gradle springboot project which uses
spring version : 5.1.0.RELEASE springboot version : 1.5.4.RELEASE bouncyCastle version : 1.66
In order to remove the vulnerabilities from the project i upgraded above versions to the following : spring version : 5.2.20.RELEASE springboot version : 2.6.6 bouncyCastle version : 1.68
But the above change gave me the following error:
2022-05-11 21:58:11,277 ERROR [https-openssl-nio-8443-exec-14] com.organisation.abc.def.api.InstrumentServiceWrapper Communication error with underlying service for abc instrument
com.organisation.abc.def.exception.abcServiceException: Downstream Error from abc-vault-instrument-service (PVIS)
at com.organisation.abc.def.api.pi.impl.abcInstrumentServiceExecutor.sendRequest(abcInstrumentServiceExecutor.java:82)
at com.organisation.abc.def.api.pi.impl.abcInstrumentServiceExecutor.execute(abcInstrumentServiceExecutor.java:51)
at com.organisation.abc.def.api.pi.impl.abcInstrumentServiceExecutor.execute(abcInstrumentServiceExecutor.java:30)
at com.organisation.abc.def.api.InstrumentServiceWrapper.callabcInstrumentSummaryProvider(InstrumentServiceWrapper.java:69)
at com.organisation.abc.def.api.pi.impl.abcInstrumentServiceImpl.retrieveabcInstrument(abcInstrumentServiceImpl.java:61)
at com.organisation.abc.def.service.impl.VerifyabcdefService.populateRequestWithApplicationState(VerifyabcdefService.java:340)
at com.organisation.abc.def.service.impl.VerifyabcdefService.persistabcPlan(VerifyabcdefService.java:187)
at com.organisation.abc.def.service.impl.VerifyabcdefService.execute(VerifyabcdefService.java:150)
at com.organisation.abc.def.handler.VerifyMessageHandler.process(VerifyMessageHandler.java:135)
at com.organisation.abc.def.handler.VerifyMessageHandler.process(VerifyMessageHandler.java:32)
at com.organisation.abc.def.handler.AbstractMessageHandler.processMessage(AbstractMessageHandler.java:52)
at com.organisation.abc.def.webservice.v2.abcProcessorPortTypeImpl.verifyabc(abcProcessorPortTypeImpl.java:189)
at jdk.internal.reflect.GeneratedMethodAccessor505.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
at org.apache.cxf.jaxws.JAXWSMethodInvoker.performInvocation(JAXWSMethodInvoker.java:66)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
at org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:232)
at org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:85)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:74)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInvokerInterceptor.java:126)
at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:131)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:304)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:279)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at com.organisation.abc.def.monitoring.EndpointLoggingServletFilter.doFilter(EndpointLoggingServletFilter.java:83)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:660)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://SCRAMBLED/F447596B-256F-6080-F62E-EC467967B745": Could not generate secret; nested exception is javax.net.ssl.SSLHandshakeException: Could not generate secret
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:746)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:712)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:630)
at com.organisation.abc.def.api.pi.impl.abcInstrumentServiceExecutor.sendRequest(abcInstrumentServiceExecutor.java:63)
... 63 more
Caused by: javax.net.ssl.SSLHandshakeException: Could not generate secret
at java.base/sun.security.ssl.KAKeyDerivation.t13DeriveKey(KAKeyDerivation.java:128)
at java.base/sun.security.ssl.KAKeyDerivation.deriveKey(KAKeyDerivation.java:63)
at java.base/sun.security.ssl.ServerHello$T13ServerHelloConsumer.consume(ServerHello.java:1251)
at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.onServerHello(ServerHello.java:985)
at java.base/sun.security.ssl.ServerHello$ServerHelloConsumer.consume(ServerHello.java:873)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1501)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1411)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:451)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:422)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.http.client.BufferingClientHttpRequestWrapper.executeInternal(BufferingClientHttpRequestWrapper.java:63)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:109)
at com.organisation.abc.def.logging.LoggingInterceptor.intercept(LoggingInterceptor.java:91)
at com.organisation.abc.def.logging.abcInstrumentServiceLoggingInterceptor.intercept(abcInstrumentServiceLoggingInterceptor.java:36)
at org.springframework.http.client.InterceptingClientHttpRequest$InterceptingRequestExecution.execute(InterceptingClientHttpRequest.java:93)
at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:77)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:737)
... 66 more
Caused by: java.security.InvalidKeyException: cannot identify XDH private key
at org.bouncycastle.jcajce.provider.asymmetric.edec.KeyAgreementSpi.engineDoPhase(Unknown Source)
at java.base/javax.crypto.KeyAgreement.doPhase(KeyAgreement.java:579)
at java.base/sun.security.ssl.KAKeyDerivation.t13DeriveKey(KAKeyDerivation.java:104)
... 105 more
What I percieve from the above error is that there might be some compatibility issue between spring and bouncycastle versions.
Also, I later found that the request headers formed before and after the versions upgrades are different. I tried making changes one by one to see exactly at what point headers are getting changed and i found its due to spring version 5.2.20.RELEASE.
Before :
@RequestHeaders={Accept=[application/json, application/*+json], Authorization=[Bearer#SCRAMBLED#], Content-Type=[application/json], Content-Length=[0]}
After versions upgarde :
@RequestHeaders=[Accept:"application/json, application/*+json", Authorization:"Bearer#SCRAMBLED#", Content-Type:"application/json", Content-Length:"0”]
I'm scratching my head from one week, Can anyone help me knowing if change in headers is causing this or there might be some different reason ?
Its extremely important for me to move forward. Thanks in advance!
