Re: axis2 1.6.0 rampart exception in keystore

Sun, 13 May 2012 04:55:24 -0700 

Hi,

When generating the key-pair, you need to specify the key algorithm as RSA.
For eg: if you used java keytool to generate the key pair, you need to add
-keyalg RSA to the genkey command.
If it is not specified, it defaults to DSA.

Same issue is discussed at [1] as well.

But I am not sure why it gives an error for DSA. Can you please attach your
complete policy?

[1]
http://stackoverflow.com/questions/3151147/cant-sign-a-dig-sig-utilizing-java-keytool

Thanks,
Hasini.

On Thu, Apr 26, 2012 at 12:18 PM, Natanasabai C <nad...@gmail.com> wrote:

> Hi All,
>
> I am using axis21.6.0 with rampart. My policy.xml has the details of the
> client provided keystore provided below. I am getting the exception
> "org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance".
> (details below.
> If any of you have faced this issue can you please provide me inputs.
> Thanks in advance.
>
> regards,
> Natanasabai.
>             <ramp:RampartConfig xmlns:ramp="
> http://ws.apache.org/rampart/policy";>
>                 <ramp:user>loyalty</ramp:user>
>                 <ramp:encryptionUser>service</ramp:encryptionUser>
>                 <ramp:passwordCallbackClass>javaclient.PWCBHandler
>                 </ramp:passwordCallbackClass>
>                 <ramp:signatureCrypto>
>                     <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">loyalty.keystore</ramp:property>
>                         <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
>                     </ramp:crypto>
>                 </ramp:signatureCrypto>
>             </ramp:RampartConfig>
>
> org.apache.axis2.AxisFault: Error in signature with X509Token
>     at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)
>     at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
>     at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
>     at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
>     at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
>     at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
>     at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
>     at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
>     at javaclient.TestStub.testOperation(TestStub.java:181)
>     at
> javaclient.LoyaltySecurityClientXMLBeans.main(LoyaltySecurityClientXMLBeans.java:63)
> Caused by: org.apache.rampart.RampartException: Error in signature with
> X509Token
>     at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
>     at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
>     at
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
>     at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
>     at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
>     ... 9 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation
> failed; nested exception is:
>     org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> Original Exception was
> org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> Original Exception was java.security.InvalidKeyException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
>     at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:722)
>     at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
>     ... 13 more
> Caused by: org.apache.xml.security.signature.XMLSignatureException:
> Supplied key (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey
> instance
> Original Exception was
> org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> Original Exception was java.security.InvalidKeyException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
>     at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
>     at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:718)
>     ... 14 more
>

Reply via email to