United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-8017173 XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated
JDK-8017173 : XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated

Details
Type:
Bug
Submit Date:
2013-06-20
Status:
Closed
Updated Date:
2013-07-29
Project Name:
JDK
Resolved Date:
2013-07-11
Component:
security-libs
OS:
generic
Sub-Component:
javax.xml.crypto
CPU:
Priority:
P2
Resolution:
Fixed
Affected Versions:
6u51,7u25
Fixed Versions:
7u40 (b34)

Related Reports
Backport:
Backport:
Relates:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
Java(TM) SE Runtime Environment (build 1.7.0_25-b16)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode sharing)

error present also in other versions java 7 update 25

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows 8 64bit [Version 6.2.9200]

A DESCRIPTION OF THE PROBLEM :
I have the software based on jax-ws services that was built in NetBeans. Software uses Standard Encription  " Username Authentication with Symmetric key " , and algorithm site: Basic 128. Everything built like standard netbeans Sample  " Secured Calculator " , but with one difference: My client is standalone swing application.

Prior java7 update 25 everything worked fine but after update i got exception printed below. By the way, to reproduce exception you don't need server side of jax-ws, it appeared in the client part before connecting to the server side.

REGRESSION.  Last worked in version 7u21

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
use netbeans IDE
1) create sample existed in netbeans: secured calculator
2) delete client part.
3) Create standalone java application
4) add webservice client from secured calculator wsdl
5) activate security of web service client using standard login, pasword and glassfish cacerts file (you can get config from deleted secured calculator client)
6) run the client.
And you will get Exception !!!


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Please fix this bug in the next update of java !
ACTUAL -
  Program doesn't work !!!

ERROR MESSAGES/STACK TRACES THAT OCCUR :
[com.sun.xml.ws.policy.jaxws.PolicyConfigParser]  parse
INFO: WSP5018: Loaded WSIT configuration from file: file:/D:/Project/delCl/build/classes/META-INF/wsit-client.xml.
???? 20, 2013 8:00:25 AM com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor getCipherValueOfEK
SEVERE: WSS1904: Unable to compute Cipher Value / decrypt key as http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p algorithm is not supported for key encryption
java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at javax.crypto.Cipher.getInstance(Cipher.java:524)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.initCipher(CryptoProcessor.java:124)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:166)
at com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey.getCipherValue(JAXBEncryptedKey.java:274)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:255)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at com.sun.proxy.$Proxy42.getSystemVersion(Unknown Source)
at delcl.DelCl.getSystemVersion(DelCl.java:23)
at delcl.DelCl.main(DelCl.java:17)

???? 20, 2013 8:00:25 AM com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor sign
SEVERE: WSS1701: Sign operation failed.
com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:172)
at com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey.getCipherValue(JAXBEncryptedKey.java:274)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:255)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at com.sun.proxy.$Proxy42.getSystemVersion(Unknown Source)
at delcl.DelCl.getSystemVersion(DelCl.java:23)
at delcl.DelCl.main(DelCl.java:17)
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at javax.crypto.Cipher.getInstance(Cipher.java:524)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.initCipher(CryptoProcessor.java:124)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:166)
... 25 more

???? 20, 2013 8:00:25 AM com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:140)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at com.sun.proxy.$Proxy42.getSystemVersion(Unknown Source)
at delcl.DelCl.getSystemVersion(DelCl.java:23)
at delcl.DelCl.main(DelCl.java:17)
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:172)
at com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey.getCipherValue(JAXBEncryptedKey.java:274)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:255)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
... 21 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at javax.crypto.Cipher.getInstance(Cipher.java:524)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.initCipher(CryptoProcessor.java:124)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:166)
... 25 more

???? 20, 2013 8:00:25 AM com.sun.xml.wss.jaxws.impl.SecurityClientTube processClientRequestPacket
SEVERE: WSSTUBE0024: Error in Securing Outbound Message.
com.sun.xml.wss.impl.WssSoapFaultException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at com.sun.proxy.$Proxy42.getSystemVersion(Unknown Source)
at delcl.DelCl.getSystemVersion(DelCl.java:23)
at delcl.DelCl.main(DelCl.java:17)
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:140)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
... 14 more
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:172)
at com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey.getCipherValue(JAXBEncryptedKey.java:274)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:255)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
... 21 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at javax.crypto.Cipher.getInstance(Cipher.java:524)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.initCipher(CryptoProcessor.java:124)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:166)
... 25 more

Exception in thread  " main "  javax.xml.ws.WebServiceException: WSSTUBE0024: Error in Securing Outbound Message.
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:316)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:240)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470)
at com.sun.xml.ws.client.Stub.process(Stub.java:319)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:157)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at com.sun.proxy.$Proxy42.getSystemVersion(Unknown Source)
at delcl.DelCl.getSystemVersion(DelCl.java:23)
at delcl.DelCl.main(DelCl.java:17)
Caused by: javax.xml.ws.soap.SOAPFaultException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.getSOAPFaultException(SecurityTubeBase.java:674)
... 14 more
Caused by: com.sun.xml.wss.impl.WssSoapFaultException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.wss.impl.SecurableSoapMessage.newSOAPFaultException(SecurableSoapMessage.java:336)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:402)
at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:311)
... 13 more
Caused by: com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:140)
at com.sun.xml.wss.impl.filter.SignatureFilter.sign(SignatureFilter.java:631)
at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:589)
at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93)
at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:272)
at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:189)
at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:150)
at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:397)
... 14 more
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:172)
at com.sun.xml.ws.security.opt.impl.enc.JAXBEncryptedKey.getCipherValue(JAXBEncryptedKey.java:274)
at com.sun.xml.ws.security.opt.impl.keyinfo.SymmetricTokenBuilder.process(SymmetricTokenBuilder.java:255)
at com.sun.xml.ws.security.opt.impl.dsig.TokenProcessor.process(TokenProcessor.java:190)
at com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign(SignatureProcessor.java:109)
... 21 more
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/OAEPPadding
at javax.crypto.Cipher.getInstance(Cipher.java:524)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.initCipher(CryptoProcessor.java:124)
at com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor.getCipherValueOfEK(CryptoProcessor.java:166)
... 25 more

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
**To download source:** please go to the link bellow and select file menu after select download, you will download archive delCl.zip. it consists three folders 1)delCl -client part 2)delServ - server part 3)certs - certificates
Standard NetBeans project:

https://docs.google.com/file/d/0Bxah0w_hE4JZTy16YUZGREgzN2s/edit?usp=sharing
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
I didn't find the solution !
                                    

Comments
The Apache code that was pulled in as part of JDK-6741606 changed the mapping of the Cipher algorithm name of RSA/ECB/OAEPWithSHA1AndMGF1Padding to RSA/ECB/OAEPPadding. The latter algorithm is not supported by our provider. This change was made by one of the Apache committers. I don't know why this change was made yet but it needs to be reverted back to fix this issue.
                                     
2013-06-20
Added 7u40-critical-watch label. 
Justification: serious regression introduced in 7u21, affects JAXWS Metro applications
Workaround: none known as of yet
Risk: low risk.
Size of fix: small
Test: new regression test to be added
                                     
2013-07-08
This issue does not affect JDK 8. The fix for JDK-8011547 pulled in additional code from Apache Santuario release that resolved this issue.
                                     
2013-07-08
The fix for JDK-8011547 resolves this issue, but since that was only fixed in JDK 8, we need to extract the code from Apache Santuario 1.5.4 that just fixes this issue.
                                     
2013-07-08
A workaround for this issue: an application can invoke the following method to override the default JCE mapping, after Init.init is invoked, ex:

        com.sun.org.apache.xml.internal.security.Init.init();
        com.sun.org.apache.xml.internal.security.algorithms.JCEMapper.register(
            com.sun.org.apache.xml.internal.security.encryption.XMLCipher.RSA_OAEP,
            new com.sun.org.apache.xml.internal.security.algorithms.JCEMapper.Algorithm(
                "RSA", "RSA/ECB/OAEPWithSHA1AndMGF1Padding", "KeyTransport"));
        com.sun.org.apache.xml.internal.security.encryption.XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");

                                     
2013-07-08
The code in JDK 8 handles this by first trying to instantiate a Cipher with "RSA/ECB/OAEPPadding", and then falls back to "RSA/ECB/OAEPWithSHA1AndMGF1Padding" if the algorithm can't be found. According to the standard algorithm names document at  http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#Cipher, "If OAEPPadding is used, Cipher objects are initialized with a javax.crypto.spec.OAEPParameterSpec object to supply values needed for OAEPPadding." However, this doesn't seem to work -- you must still also specify the full padding name, ex - OAEPWithSHA1AndMGF1Padding,  so I will file a separate bug for that.

For the 7u40 fix, it is much simpler to simply revert to always mapping the algorithm as "RSA/ECB/OAEPWithSHA1AndMGF1Padding". The JDK 8 code is a bit more involved and riskier to backport.
                                     
2013-07-08
7u40-critical-request justification:

This bug fix is needed because it is a serious regression introduced in 7u25 and affects JAX-WS Metro applications. There is a workaround, but it requires modifications to the application code or Metro runtime.

It is a one-line fix and is very low risk. It has been reviewed by Xuelei Fan and Vincent Ryan. A new regression test has been added. Pointer to review thread: http://mail.openjdk.java.net/pipermail/security-dev/2013-July/008112.html
                                     
2013-07-09
I found a much simpler workaround. Before calling Init.init(), do the following:

System.setProperty("com.sun.org.apache.xml.internal.security.resource.config", "resource/config.xml");

This overrides the builtin JCE algorithm mappings with those in the XML configuration file, which contain the proper mapping for our providers. 
                                     
2013-07-09
Need SQE-OK before approving
                                     
2013-07-09
Hi Sean,

I am OK to take it to 7u40

I see there is a test for the bug:
http://cr.openjdk.java.net/~mullan/webrevs/8017173/webrev.00/
<http://cr.openjdk.java.net/%7Emullan/webrevs/8017173/webrev.00/>

                                     
2013-07-11
URL:   http://hg.openjdk.java.net/jdk7u/jdk7u40-dev/jdk/rev/c5d869453212
User:  mullan
Date:  2013-07-11 17:15:34 +0000

                                     
2013-07-11
URL:   http://hg.openjdk.java.net/jdk7u/jdk7u40/jdk/rev/c5d869453212
User:  lana
Date:  2013-07-17 06:01:47 +0000

                                     
2013-07-17
Verified with jdk 7u40 b34 on Windows x64 with regression test
                                     
2013-07-29



Hardware and Software, Engineered to Work Together