Re: Using WSSecSignature

[Xinjun Chen]

Hi

 

I got the following new exception when I switch to JDK1.5. I have already include bouncycastle in the classpath.

 

I feel it is some common error. Could you enlighten me on it? Do I missed some step? I am using the sample crypto.properties provided by WSS4J.

 

 

java.io.IOException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded
 at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
 at java.security.KeyStore.load(KeyStore.java:1150)
 at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)
 at org.apache.ws.security.components.crypto.AbstractCrypto.<init>( AbstractCrypto.java:121)
 at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)
 

Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
 at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
 at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
 at com.sun.crypto.provider.SunJCE_ab.b (DashoA12275)
 at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA12275)
 at javax.crypto.Cipher.doFinal(DashoA12275)
 at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad (PKCS12KeyStore.java:1272)
 

 

On 11/9/06, Xinjun Chen <[EMAIL PROTECTED]> wrote:

Hi,

 

I am trying to use WSS4J as API to do signature for a SOAPEnvelope. More specifically, I am using WSSecSignature with the following sample crypto provided by WSS4J to do the testing.

 

   org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
        org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
        org.apache.ws.security.crypto.merlin.keystore.password=security
        org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
        org.apache.ws.security.crypto.merlin.alias.password=security
        org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
   

However, I received the following exception:

 

unknown attr1.3.6.1.4.1.311.17.1
Doc after insert security header: <?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header >
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello xmlns=" http://services/helloworld"><value>Hello world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
java.lang.NullPointerException
 at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain (DashoA6275)
 at java.security.KeyStore.getCertificateChain(KeyStore.java:312)
 at org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(AbstractCrypto.java:407)
 at org.apache.ws.security.message.WSSecSignature.prepare (WSSecSignature.java:272)
 at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:643)
 at tests.TestX509Signature.main(TestX509Signature.java:108)
Exception in thread "main"

 

 

I am using the WSS4J 1.5, Sun JDK1.4.2.

From google, I know that the message "unknown attr1.3.6.1.4.1.311.17.1" can be just ignored.

It seems that the NullPointerException is due to the empty cert chain. But there should be at least one cert in the chain, right?
 

Could anyone suggest what I can do? Those who has managed to do signature using the sample crypto.propertie, could you help? Thank you.

 

 

Regards,

Xinjun