Re: two password bug when signing

Wed, 14 Jun 2006 09:49:35 -0700 

Ruchith Fernando wrote:

Hi Martin,

I just tried changing the password of my private key in one of my test
cases that does signature only. Then I got this error:

org.apache.ws.security.WSSecurityException: WSHandler: Signature:
error during message
procesingorg.apache.ws.security.WSSecurityException: Signature
creation failed; nested exception is:
    java.security.UnrecoverableKeyException: Cannot recover key
at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:191) 

I also tried a keystore of which the private key used to sign had a
different password.

Seems like its working as expected !

Can you help reproduce this issue.


Yes, I can reproduce it. I just created a PKCS12 file, which has
different MAC (KeyStore) password and export (PrivateKey) password.
The passwords are "first" and "second".
When I specify

org.apache.ws.security.crypto.merlin.file=server2.p12
org.apache.ws.security.crypto.merlin.keystore.password=first

in crypto.properties and in client-config.wsdd I have

<handler type="java:org.apache.ws.axis.security.WSDoAllSender">
                <parameter name="user" value="michalUser"/>
<parameter name="passwordCallbackClass" value="cz.makub.PWCallback"/> 

and the cz.makub.PWCallback class is:

public class PWCallback implements CallbackHandler {
    static Logger log = Logger.getLogger(PWCallback.class);
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { 
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof WSPasswordCallback) {
                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
                // set the password given a username
                log.debug("getIdentifier()="+pc.getIdentifer());
if ("michalUser".equals(pc.getIdentifer())) { pc.setPassword("second"); return; } 
            } else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); 
            }
        }
    }
}

then I get the following exception:
java.io.IOException: exception decrypting data - javax.crypto.BadPaddingException: pad block corrupted at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.decryptData(Unknown Source) at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineLoad(Unknown Source) 
        at java.security.KeyStore.load(KeyStore.java:1150)
at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525) 


The interesting point is that my callback handler is never called !
It is not even created ! Otherwise I would see its debug output.

So it looks like WSS4J just wants the callback class to be specified,
but it never uses it, it uses the keystore password for the
key.

Martin
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno             Martin Kuba
Institute of Computer Science    email: [EMAIL PROTECTED]
Masaryk University             http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ     mobil: +420-603-533775
--------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to