I have upgraded the version to 1.5.5, but don't you think the issue is because of changing the private key password? I think in this case we need to regenerate the certificate.
One more question i want to ask Is there any possibility in WSS4J of using a private key with no password for decryption? Thanks... Colm O hEigeartaigh wrote: > > Hi, > > You're using an ancient version of WSS4J, any chance you can upgrade to > 1.5.5? It sounds like the problem lies in all of the keystore > manipulation you're doing. Try examining the server-side keystore using > the Java keytool utility to see if you can access the entry properly. > What does the request look like? > > Colm. > > -----Original Message----- > From: Shzd81 [mailto:[email protected]] > Sent: 19 February 2009 14:31 > To: [email protected] > Subject: java.security.UnrecoverableKeyException: Cannot recover key > > > Hi, > > I have available with me a CA signed certificate + its private key in > seperate files, i want to use these for encrypting and decrypting the > xml > payload for my web service. For that i used openssl to convert the cert > + > key in pkcs12 keystore and then imported this keystore through java > keytool > in a JKS. For some reason i had to remove the password on my private > key. > Now what happened is when i tried to decrypt the request payload using > wss4j-1.5.1, i got error as it cannot find the password for the private > key. > To resolve this I had reset the password on the private key which may > not be > the same as the one originally set. Now when i tried to decrypt again i > am > getting java.security.UnrecoverableKeyException: Cannot recover key. I > do > not have any clue about the exact cause of this error and need some help > here. > > On the Client side java keystore, i have a self-signed certificate > (signed > using openssl) and i have imported my CA signed server certificate in > this > keystore. > > On the server side java keystore, i have the server certifcate (signed > by > CA) + its private key, and i have imported the client certificate in > this > keystore. > > --------------------------------- > Server side handler configuration: > --------------------------------- > <handler name="receiver" > type="java:org.apache.ws.axis.security.WSDoAllReceiver"> > <parameter name="action" value="Encrypt" /> > <parameter name="decryptionPropFile" > value="serv_enc.properties" /> > <parameter name="passwordCallbackClass" > value="com.wsserver.PasswordProvider" /> > <parameter name="enableSignatureConfirmation" value="0" > /> > <parameter name="encryptionUser" value="shzd" /> > <parameter name="encryptionSymAlgorithm" > value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; /> > <parameter name="encryptionKeyIdentifier" > value="X509KeyIdentifier" /> > </handler> > > -------------------- > serv_enc.properties > -------------------- > org.apache.ws.security.crypto.provider=org.apache.ws.security.components > .crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > org.apache.ws.security.crypto.merlin.keystore.password=testtest > org.apache.ws.security.crypto.merlin.keystore.alias=shzd > org.apache.ws.security.crypto.merlin.file=myks.ks > > > > > ------------ > StackTrace: > ------------ > Merlin(CryptoBase).getPrivateKey(String, String) line: 148 > EncryptedKeyProcessor.handleEncryptedKey(Element, CallbackHandler, > Crypto, > PrivateKey) line: 295 > EncryptedKeyProcessor.handleEncryptedKey(Element, CallbackHandler, > Crypto) > line: 92 > EncryptedKeyProcessor.handleToken(Element, Crypto, Crypto, > CallbackHandler, > WSDocInfo, Vector, WSSConfig) line: 80 > WSSecurityEngine.processSecurityHeader(Element, CallbackHandler, Crypto, > Crypto) line: 326 > WSSecurityEngine.processSecurityHeader(Document, String, > CallbackHandler, > Crypto, Crypto) line: 243 > WSDoAllReceiver.invoke(MessageContext) line: 162 > InvocationStrategy.visit(Handler, MessageContext) line: 32 > SimpleChain.doVisiting(MessageContext, HandlerIterationStrategy) line: > 118 > SimpleChain.invoke(MessageContext) line: 83 > InvocationStrategy.visit(Handler, MessageContext) line: 32 > SOAPService(SimpleChain).doVisiting(MessageContext, > HandlerIterationStrategy) line: 118 > SOAPService(SimpleChain).invoke(MessageContext) line: 83 > SOAPService.invoke(MessageContext) line: 454 > AxisServer.invoke(MessageContext) line: 281 > AxisServlet.doPost(HttpServletRequest, HttpServletResponse) line: 699 > AxisServlet(HttpServlet).service(HttpServletRequest, > HttpServletResponse) > line: 710 > AxisServlet(AxisServletBase).service(HttpServletRequest, > HttpServletResponse) line: 327 > AxisServlet(HttpServlet).service(ServletRequest, ServletResponse) line: > 803 > ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) > line: 290 > ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: > 206 > StandardWrapperValve.invoke(Request, Response) line: 230 > StandardContextValve.invoke(Request, Response) line: 175 > StandardHostValve.invoke(Request, Response) line: 128 > ErrorReportValve.invoke(Request, Response) line: 104 > StandardEngineValve.invoke(Request, Response) line: 109 > CoyoteAdapter.service(Request, Response) line: 261 > Http11Processor.process(Socket) line: 844 > Http11Protocol$Http11ConnectionHandler.process(Socket) line: 581 > JIoEndpoint$Worker.run() line: 447 > Thread.run() line: 619 > > Thanks.... > -- > View this message in context: > http://www.nabble.com/java.security.UnrecoverableKeyException%3A-Cannot- > recover-key-tp22101691p22101691.html > Sent from the WSS4J mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- View this message in context: http://www.nabble.com/java.security.UnrecoverableKeyException%3A-Cannot-recover-key-tp22101691p22177990.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
