Hi, You're using an ancient version of WSS4J, any chance you can upgrade to 1.5.5? It sounds like the problem lies in all of the keystore manipulation you're doing. Try examining the server-side keystore using the Java keytool utility to see if you can access the entry properly. What does the request look like?
Colm. -----Original Message----- From: Shzd81 [mailto:[email protected]] Sent: 19 February 2009 14:31 To: [email protected] Subject: java.security.UnrecoverableKeyException: Cannot recover key Hi, I have available with me a CA signed certificate + its private key in seperate files, i want to use these for encrypting and decrypting the xml payload for my web service. For that i used openssl to convert the cert + key in pkcs12 keystore and then imported this keystore through java keytool in a JKS. For some reason i had to remove the password on my private key. Now what happened is when i tried to decrypt the request payload using wss4j-1.5.1, i got error as it cannot find the password for the private key. To resolve this I had reset the password on the private key which may not be the same as the one originally set. Now when i tried to decrypt again i am getting java.security.UnrecoverableKeyException: Cannot recover key. I do not have any clue about the exact cause of this error and need some help here. On the Client side java keystore, i have a self-signed certificate (signed using openssl) and i have imported my CA signed server certificate in this keystore. On the server side java keystore, i have the server certifcate (signed by CA) + its private key, and i have imported the client certificate in this keystore. --------------------------------- Server side handler configuration: --------------------------------- <handler name="receiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="action" value="Encrypt" /> <parameter name="decryptionPropFile" value="serv_enc.properties" /> <parameter name="passwordCallbackClass" value="com.wsserver.PasswordProvider" /> <parameter name="enableSignatureConfirmation" value="0" /> <parameter name="encryptionUser" value="shzd" /> <parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; /> <parameter name="encryptionKeyIdentifier" value="X509KeyIdentifier" /> </handler> -------------------- serv_enc.properties -------------------- org.apache.ws.security.crypto.provider=org.apache.ws.security.components .crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=testtest org.apache.ws.security.crypto.merlin.keystore.alias=shzd org.apache.ws.security.crypto.merlin.file=myks.ks ------------ StackTrace: ------------ Merlin(CryptoBase).getPrivateKey(String, String) line: 148 EncryptedKeyProcessor.handleEncryptedKey(Element, CallbackHandler, Crypto, PrivateKey) line: 295 EncryptedKeyProcessor.handleEncryptedKey(Element, CallbackHandler, Crypto) line: 92 EncryptedKeyProcessor.handleToken(Element, Crypto, Crypto, CallbackHandler, WSDocInfo, Vector, WSSConfig) line: 80 WSSecurityEngine.processSecurityHeader(Element, CallbackHandler, Crypto, Crypto) line: 326 WSSecurityEngine.processSecurityHeader(Document, String, CallbackHandler, Crypto, Crypto) line: 243 WSDoAllReceiver.invoke(MessageContext) line: 162 InvocationStrategy.visit(Handler, MessageContext) line: 32 SimpleChain.doVisiting(MessageContext, HandlerIterationStrategy) line: 118 SimpleChain.invoke(MessageContext) line: 83 InvocationStrategy.visit(Handler, MessageContext) line: 32 SOAPService(SimpleChain).doVisiting(MessageContext, HandlerIterationStrategy) line: 118 SOAPService(SimpleChain).invoke(MessageContext) line: 83 SOAPService.invoke(MessageContext) line: 454 AxisServer.invoke(MessageContext) line: 281 AxisServlet.doPost(HttpServletRequest, HttpServletResponse) line: 699 AxisServlet(HttpServlet).service(HttpServletRequest, HttpServletResponse) line: 710 AxisServlet(AxisServletBase).service(HttpServletRequest, HttpServletResponse) line: 327 AxisServlet(HttpServlet).service(ServletRequest, ServletResponse) line: 803 ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 290 ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 206 StandardWrapperValve.invoke(Request, Response) line: 230 StandardContextValve.invoke(Request, Response) line: 175 StandardHostValve.invoke(Request, Response) line: 128 ErrorReportValve.invoke(Request, Response) line: 104 StandardEngineValve.invoke(Request, Response) line: 109 CoyoteAdapter.service(Request, Response) line: 261 Http11Processor.process(Socket) line: 844 Http11Protocol$Http11ConnectionHandler.process(Socket) line: 581 JIoEndpoint$Worker.run() line: 447 Thread.run() line: 619 Thanks.... -- View this message in context: http://www.nabble.com/java.security.UnrecoverableKeyException%3A-Cannot- recover-key-tp22101691p22101691.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
