Yup Dan's right I think. I tested both of the keystores and it works
fine:
Crypto crypto = CryptoFactory.getInstance("lukasz.properties");
WSSecSignature builder = new WSSecSignature();
builder.setUserInfo("JJ", "JJ-Password");
Document doc = unsignedEnvelope.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = builder.build(doc, crypto, secHeader);
...
Crypto cryptoPub = CryptoFactory.getInstance("lukasz_pub.properties");
secEngine.processSecurityHeader(doc, null, this, cryptoPub);
Where "this" is a CallbackHandler implementation where we set:
pc.setPassword("JJ-Password");
Are you sure that you were doing this last step?
Colm.
-----Original Message-----
From: Daniel Kulp [mailto:[email protected]]
Sent: 29 January 2009 18:07
To: [email protected]
Cc: Lukasz L.
Subject: Re: Exception: DerInputStream.getLength(): lengthTag=119, too
big
I've seen this error when the alias and/or password passed in is not
correct.
I'd double check that.
Dan
On Thursday 29 January 2009 6:04:36 am Lukasz L. wrote:
> Hi Colm,
>
> here are the details you asked for.
> Generation commands were as following:
>
> keytool -genkey -alias JJ -keypass JJ-Password -keystore
> PrivateKeystore.jks -storepass keyStorePassword -dname "cn=JJ" -keyalg
RSA
>
> keytool -selfcert -alias JJ -keypass JJ-Password -keystore
> PrivateKeystore.jks -storepass keyStorePassword
>
> keytool -export -alias JJ -file tmpKey.rsa -keystore
PrivateKeystore.jks
> -storepass keyStorePassword
>
> keytool -import -alias JJ -file tmpKey.rsa -keystore
PublicKeystore.jks
> -storepass keyStorePassword
>
> Merlin config:
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components
.cr
>ypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks
>
org.apache.ws.security.crypto.merlin.keystore.password=keyStorePassword
> org.apache.ws.security.crypto.merlin.keystore.alias=JJ
> org.apache.ws.security.crypto.merlin.file=PublicKeystore.jks
>
> attaching the public and private keystore
>
> http://www.nabble.com/file/p21724785/PrivateKeystore.jks
> PrivateKeystore.jks
http://www.nabble.com/file/p21724785/PublicKeystore.jks
> PublicKeystore.jks
>
> Colm O hEigeartaigh wrote:
> > Can you attach the keystore, and the Merlin config? How was the
keystore
> > in question generated, i.e. the exact parameters given to keytool?
> >
> > Colm.
--
Daniel Kulp
[email protected]
http://dankulp.com/blog
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
