[jira] [Commented] (WSS-688) Signatures created with Merlin start being invalid after changing key-store a few times

Mon, 30 Aug 2021 23:05:05 -0700 


    [ 
https://issues.apache.org/jira/browse/WSS-688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17407094#comment-17407094
 ] 

Colm O hEigeartaigh commented on WSS-688:
-----------------------------------------

What stack trace do you see in the logs when it starts failing?

> Signatures created with Merlin start being invalid after changing key-store a 
> few times
> ---------------------------------------------------------------------------------------
>
>                 Key: WSS-688
>                 URL: https://issues.apache.org/jira/browse/WSS-688
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.3.2
>         Environment: Java 11 (version 11.0.11.0.9)
> org.apache.cxf:cxf-rt-frontend-jaxws:3.4.4
> org.apache.cxf:cxf-rt-ws-security:3.4.4
> org.apache.cxf:cxf-rt-transports-http:3.4.4
> org.apache.cxf:cxf-rt-features-logging:3.4.4
> javax.xml.ws:jaxws-api:2.3.1
> javax.jws:javax.jws-api:1.1
> com.sun.xml.messaging.saaj:saaj-impl:1.5.3
>            Reporter: Tor Ranfelt
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>
> In our system we can't use a static certificate because it's a service that 
> many users use, and they need to use their own certificate to communicate 
> with a third-party SOAP-service.
> I used to be able to change Merlin's keystore whenever a new certificate was 
> needed, but after upgrading from Apache CXF 3.3.7 to 3.4.4 (and other third 
> party libraries that CXF depends on) a problem arose:
> Signatures created by some certificates would be invalid. It was never the 
> certificate that was the problem, but which number of replacing key-store it 
> was put into.
> So for instance number 1 and 2 would be fine, but 3 would fail, and 4 would 
> be fine. - After which any new key-store with either certificate 1, 2 and 4 
> would keep working, but 3 would fail every time. Probably due to some cache.
> I have circumvented the problem by creating a new Merlin instance every time, 
> instead of just a new key-store instance. This works because the problem 
> never manifest with the first key-store.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to