Hi Martin,
I just tried changing the password of my private key in one of my test
cases that does signature only. Then I got this error:
org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error during message
procesingorg.apache.ws.security.WSSecurityException: Signature
creation failed; nested exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57)
at
org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:191)
I also tried a keystore of which the private key used to sign had a
different password.
Seems like its working as expected !
Can you help reproduce this issue.
Thanks,
Ruchith
On 6/14/06, Martin Kuba <[EMAIL PROTECTED]> wrote:
Hi,
I am trying to use WSS4J 1.5.0 for message signing, and I found the
following problem. I have to specify the keystore password twice,
first in callback class using client-config.wsdd:
<deployment xmlns="http://xml.apache.org/axis/wsdd/";
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java";>
<transport name="http"
pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<globalConfiguration>
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
<parameter name="user" value="michal"/>
<parameter name="passwordCallbackClass"
value="cz.makub.PWCallback"/>
<parameter name="action" value="Signature"/>
<parameter name="signaturePropFile"
value="crypto.properties"/>
</handler>
</requestFlow>
</globalConfiguration>
</deployment>
and then second time in crypto.properties:
org.apache.ws.security.crypto.merlin.file=server1.p12
org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
org.apache.ws.security.crypto.merlin.keystore.password=michal
Only the one from crypto.properties is used ! But I have
to provide also the callback class, if I don't, I get
an exception:
Exception in thread "main" org.apache.ws.security.WSSecurityException:
WSHandler: application provided null or empty password
The callback class must be specified and it must provide a password,
but the password in not used then, as I can specify a wrong password
there and it still works.
Martin
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno Martin Kuba
Institute of Computer Science email: [EMAIL PROTECTED]
Masaryk University http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775
--------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
