Hi, "Unrecoverable key" usually means that your keystore password is incorrect. Have you tried to access keystore/truststore using JDK keytool?
Regards, Andrei. > -----Original Message----- > From: Giriraj Bhojak [mailto:[email protected]] > Sent: Dienstag, 15. Juli 2014 00:05 > To: [email protected] > Subject: Re: Supplying passwords for key manager and trust manager to > http:conduit > > Thank you Andrei. > I ended up using Spring EL to supply the password. > But I have noticed that if the keystore and key passwords are different, I get > "Unrecoverable key" exception. > Is this some sort of bug with Merlin or am I missing something? > > Thanks, > Giriraj. > > > On Sat, Jul 12, 2014 at 11:15 AM, Andrei Shakirin <[email protected]> > wrote: > > > Hi, > > > > In spring configuration you can only specify password directly: > > <httpj:engine-factory id="port-9001-tls-config"> > > <httpj:engine port="9001"> > > <httpj:tlsServerParameters> > > <sec:keyManagers keyPassword="password"> > > <sec:keyStore type="JKS" password="password" > > file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/> > > </sec:keyManagers> > > <sec:trustManagers> > > <sec:keyStore type="JKS" password="password" > > file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> > > </sec:trustManagers> > > </httpj:tlsServerParameters> > > </httpj:engine> > > </httpj:engine-factory> > > > > But you can get password from the callback or other store using > > programmatic initialization of tlsClientParameters: > > TLSClientParameters tlsClientParameters = new TLSClientParameters(); > > ... > > String alg = KeyManagerFactory.getDefaultAlgorithm(); > > char[] keyPass = keyPassword != null > > ? keyPassword.toCharArray() > > : null; > > KeyManagerFactory fac = KeyManagerFactory.getInstance(alg); > > fac.init(keyStore, keyPass); > > tlsClientParameters.setKeyManagers(fac.getKeyManagers()); > > HTTPConduit http = > > (HTTPConduit) client.getConduit(); > > http.setTlsClientParameters(tlsClientParameters); > > ... > > > > Regards, > > Andrei. > > > > > > > -----Original Message----- > > > From: Giriraj Bhojak [mailto:[email protected]] > > > Sent: Freitag, 11. Juli 2014 22:16 > > > To: [email protected] > > > Subject: Supplying passwords for key manager and trust manager to > > > http:conduit > > > > > > Hello all, > > > > > > I am using http-conduit for SSL support in CXF 2.7.11. > > > Is there a way I can specify a password callback for > > > <sec:keyManagers> > > and > > > <sec:trustManagers>? > > > > > > Thanks, > > > Giriraj. > >
