[ http://issues.apache.org/jira/browse/WSS-11?page=comments#action_12318814 ]
Werner Dittmann commented on WSS-11: ------------------------------------ Guy, such a check for a null password would make sense only if the keystore mandates a password. IMO you may set up keystores (JKS, PKCS#12) without a password. The error message is correct if someone specifies the wrong/or no password when opening a keystore - it just can't decrypt the content. Werner > Better error message(s) for failure to load keystore > ---------------------------------------------------- > > Key: WSS-11 > URL: http://issues.apache.org/jira/browse/WSS-11 > Project: WSS4J > Type: Improvement > Environment: SUN JDK 1.5.0, WSS4J 1.0.0 > Reporter: Guy Rixon > Assignee: Davanum Srinivas > Priority: Minor > > Merlin gives poor error messages when it can't load a keystore. If the wrong > password is configured for the store, then this stack-dump appears when > calling CryptoFactor.getInstance(String, String): > java.io.IOException: failed to decrypt safe contents > entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte. > at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275) > at java.security.KeyStore.load(KeyStore.java:652) > at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527) > at > org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) > at java.lang.reflect.Constructor.newInstance(Constructor.java:274) > at > org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117) > at > org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72) > at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at junit.framework.TestCase.runTest(TestCase.java:154) > at junit.framework.TestCase.runBare(TestCase.java:127) > at junit.framework.TestResult$1.protect(TestResult.java:106) > at junit.framework.TestResult.runProtected(TestResult.java:124) > at junit.framework.TestResult.run(TestResult.java:109) > at junit.framework.TestCase.run(TestCase.java:118) > at junit.framework.TestSuite.runTest(TestSuite.java:208) > at junit.framework.TestSuite.run(TestSuite.java:203) > at > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325) > at > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536) > Caused by: COM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad > byte. > at COM.rsa.jsafe.SunJSSE_al.a(DashoA12275) > at COM.rsa.jsafe.SunJSSE_ag.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275) > ... 25 more > java.lang.reflect.InvocationTargetException > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) > at java.lang.reflect.Constructor.newInstance(Constructor.java:274) > at > org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117) > at > org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72) > at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at junit.framework.TestCase.runTest(TestCase.java:154) > at junit.framework.TestCase.runBare(TestCase.java:127) > at junit.framework.TestResult$1.protect(TestResult.java:106) > at junit.framework.TestResult.runProtected(TestResult.java:124) > at junit.framework.TestResult.run(TestResult.java:109) > at junit.framework.TestCase.run(TestCase.java:118) > at junit.framework.TestSuite.runTest(TestSuite.java:208) > at junit.framework.TestSuite.run(TestSuite.java:203) > at > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325) > at > org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536) > Caused by: org.apache.ws.security.components.crypto.CredentialException: > Failed to load credentials. Inner Exception: [failed to decrypt safe contents > entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.] > at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:530) > at > org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119) > ... 21 more > java.lang.InstantiationException: > org.apache.ws.security.components.crypto.Merlin > at java.lang.Class.newInstance0(Class.java:293) > which suggests a format error in the keystore rather than a bad password: > very mislading and wasteful of time. > Currently, a default password is used if no password is configured; IMHO it > would be better to throw a CredentialException if the password is missing. In > that mode, a helpful error-message could be given. See CryptoFactor lines > 524..537. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
