Hi Colm:
Please take a look my second post, now the private key has no problem
with PasswordCallback(though I don't know why it needs "UsernameToken" to be
added to Action), but I also need keystone password encrypted or set by
PasswordCallback(or any other way out from properties).
So I need to remove
org.apache.wss4j.crypto.merlin.keystore.password=password or decrypt this
value.
If you are looking the reason for adding UsernameToken, can you provide
a example wsdl for me to make a quick example? I am not that familiar with
wsdl definition.
Regards,
Victor Chen
coheigea wrote
> Hi,
>
> I can't reproduce this problem. For example, see the following CXF test
> configuration (search for "*DoubleItSignedTimestampPort")*:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml;h=ad76afe61c83b576059acd9791394910de2f691f;hb=HEAD
>
> A passwordCallbackClass is specified. "alice.properties" does not have the
> private key specified in it:
>
> https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=systests/ws-security/src/test/resources/alice.properties;h=f2dbb4b60bdd6adba0ab3f07ba82850c9f58fd9b;hb=HEAD
>
> Could you create a quick test-case to reproduce the problem and I'll take
> a
> look? Failing that, you could try debugging the WSS4J code. The
> CallbackHandler is queried in WSHandler.getPasswordCB, called in turn from
> the SignatureAction class.
>
> Colm.
>
>
> On Fri, Jul 22, 2016 at 9:33 AM, Emulator <
> emulator.chen@
> > wrote:
>
>> A quick update, I found that I add UsernameToken into Action, now the
>> private
>> key password works.
>> But when I try to remove the keystone password or modify wrong one,
>> PasswordCallback is constructed but never call handle method and throw
>> such
>> exception:
>>
>> Caused by: org.apache.wss4j.common.ext.WSSecurityException: Failed to
>> load
>> credentials.
>> Original Exception was java.io.IOException: Keystore was tampered with,
>> or
>> password was incorrect
>> at org.apache.wss4j.common.crypto.Merlin.load(Merlin.java:397)
>> at
>> org.apache.wss4j.common.crypto.Merlin.loadProperties(Merlin.java:218)
>> at org.apache.wss4j.common.crypto.Merlin.
> <init>
> (Merlin.java:151)
>> at
>>
>> org.apache.wss4j.common.crypto.CryptoFactory.getInstance(CryptoFactory.java:127)
>> ... 46 more
>> Caused by: java.io.IOException: Keystore was tampered with, or password
>> was
>> incorrect
>> at
>> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
>> at
>> sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
>> at
>>
>> sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
>> at
>>
>> sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
>> at java.security.KeyStore.load(KeyStore.java:1445)
>> at org.apache.wss4j.common.crypto.Merlin.load(Merlin.java:391)
>> ... 49 more
>> Caused by: java.security.UnrecoverableKeyException: Password verification
>> failed
>> at
>> sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
>> ... 54 more
>>
>>
>>
>> --
>> View this message in context:
>> http://cxf.547215.n5.nabble.com/Password-Callback-did-not-fire-tp5770579p5770580.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
--
View this message in context:
http://cxf.547215.n5.nabble.com/Password-Callback-did-not-fire-tp5770579p5770592.html
Sent from the cxf-user mailing list archive at Nabble.com.
