Hi, I can't reproduce this problem. For example, see the following CXF test configuration (search for "*DoubleItSignedTimestampPort")*:
https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml;h=ad76afe61c83b576059acd9791394910de2f691f;hb=HEAD A passwordCallbackClass is specified. "alice.properties" does not have the private key specified in it: https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/alice.properties;h=f2dbb4b60bdd6adba0ab3f07ba82850c9f58fd9b;hb=HEAD Could you create a quick test-case to reproduce the problem and I'll take a look? Failing that, you could try debugging the WSS4J code. The CallbackHandler is queried in WSHandler.getPasswordCB, called in turn from the SignatureAction class. Colm. On Fri, Jul 22, 2016 at 9:33 AM, Emulator <[email protected]> wrote: > A quick update, I found that I add UsernameToken into Action, now the > private > key password works. > But when I try to remove the keystone password or modify wrong one, > PasswordCallback is constructed but never call handle method and throw such > exception: > > Caused by: org.apache.wss4j.common.ext.WSSecurityException: Failed to load > credentials. > Original Exception was java.io.IOException: Keystore was tampered with, or > password was incorrect > at org.apache.wss4j.common.crypto.Merlin.load(Merlin.java:397) > at > org.apache.wss4j.common.crypto.Merlin.loadProperties(Merlin.java:218) > at org.apache.wss4j.common.crypto.Merlin.<init>(Merlin.java:151) > at > > org.apache.wss4j.common.crypto.CryptoFactory.getInstance(CryptoFactory.java:127) > ... 46 more > Caused by: java.io.IOException: Keystore was tampered with, or password was > incorrect > at > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780) > at > sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) > at > > sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) > at > > sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) > at java.security.KeyStore.load(KeyStore.java:1445) > at org.apache.wss4j.common.crypto.Merlin.load(Merlin.java:391) > ... 49 more > Caused by: java.security.UnrecoverableKeyException: Password verification > failed > at > sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778) > ... 54 more > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Password-Callback-did-not-fire-tp5770579p5770580.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
