Better error message(s) for failure to load keystore
----------------------------------------------------
Key: WSS-11
URL: http://issues.apache.org/jira/browse/WSS-11
Project: WSS4J
Type: Improvement
Environment: SUN JDK 1.5.0, WSS4J 1.0.0
Reporter: Guy Rixon
Assigned to: Davanum Srinivas
Priority: Minor
Merlin gives poor error messages when it can't load a keystore. If the wrong
password is configured for the store, then this stack-dump appears when calling
CryptoFactor.getInstance(String, String):
java.io.IOException: failed to decrypt safe contents
entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275)
at java.security.KeyStore.load(KeyStore.java:652)
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
at
org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at
org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
at
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at junit.framework.TestSuite.runTest(TestSuite.java:208)
at junit.framework.TestSuite.run(TestSuite.java:203)
at
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
at
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
Caused by: COM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad
byte.
at COM.rsa.jsafe.SunJSSE_al.a(DashoA12275)
at COM.rsa.jsafe.SunJSSE_ag.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275)
... 25 more
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at
org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
at
org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at junit.framework.TestSuite.runTest(TestSuite.java:208)
at junit.framework.TestSuite.run(TestSuite.java:203)
at
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
at
org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed
to load credentials. Inner Exception: [failed to decrypt safe contents
entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.]
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:530)
at
org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
... 21 more
java.lang.InstantiationException:
org.apache.ws.security.components.crypto.Merlin
at java.lang.Class.newInstance0(Class.java:293)
which suggests a format error in the keystore rather than a bad password: very
mislading and wasteful of time.
Currently, a default password is used if no password is configured; IMHO it
would be better to throw a CredentialException if the password is missing. In
that mode, a helpful error-message could be given. See CryptoFactor lines
524..537.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
