BTW, I forgot: the java keystore implemntation (maybe also the BC)
have the behavior as described by Martin: if key store password _and_
key password are the same the keystroe implementation does not request
the second password. This is a key store behavior, not WSS4J.
Werner
Martin Kuba wrote:
> Ruchith Fernando wrote:
>> Hi Martin,
>>
>> I just tried changing the password of my private key in one of my test
>> cases that does signature only. Then I got this error:
>>
>> org.apache.ws.security.WSSecurityException: WSHandler: Signature:
>> error during message
>> procesingorg.apache.ws.security.WSSecurityException: Signature
>> creation failed; nested exception is:
>> java.security.UnrecoverableKeyException: Cannot recover key
>> at
>> org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
>>
>> at
>> org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:191)
>>
>>
>> I also tried a keystore of which the private key used to sign had a
>> different password.
>>
>> Seems like its working as expected !
>>
>> Can you help reproduce this issue.
>
> Yes, I can reproduce it. I just created a PKCS12 file, which has
> different MAC (KeyStore) password and export (PrivateKey) password.
> The passwords are "first" and "second".
> When I specify
>
> org.apache.ws.security.crypto.merlin.file=server2.p12
> org.apache.ws.security.crypto.merlin.keystore.password=first
>
> in crypto.properties and in client-config.wsdd I have
>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <parameter name="user" value="michalUser"/>
> <parameter name="passwordCallbackClass"
> value="cz.makub.PWCallback"/>
>
> and the cz.makub.PWCallback class is:
>
> public class PWCallback implements CallbackHandler {
> static Logger log = Logger.getLogger(PWCallback.class);
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
> for (int i = 0; i < callbacks.length; i++) {
> if (callbacks[i] instanceof WSPasswordCallback) {
> WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
> // set the password given a username
> log.debug("getIdentifier()="+pc.getIdentifer());
> if ("michalUser".equals(pc.getIdentifer())) {
> pc.setPassword("second"); return; }
> } else {
> throw new UnsupportedCallbackException(callbacks[i],
> "Unrecognized Callback");
> }
> }
> }
> }
>
> then I get the following exception:
>
> java.io.IOException: exception decrypting data -
> javax.crypto.BadPaddingException: pad block corrupted
> at
> org.bouncycastle.jce.provider.JDKPKCS12KeyStore.decryptData(Unknown Source)
> at
> org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source)
> at java.security.KeyStore.load(KeyStore.java:1150)
> at
> org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)
>
>
>
> The interesting point is that my callback handler is never called !
> It is not even created ! Otherwise I would see its debug output.
>
> So it looks like WSS4J just wants the callback class to be specified,
> but it never uses it, it uses the keystore password for the
> key.
>
> Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
