You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Guy Rixon (JIRA)" <ji...@apache.org> on 2005/08/02 13:32:35 UTC
[jira] Created: (WSS-11) Better error message(s) for failure to load keystore
Better error message(s) for failure to load keystore
----------------------------------------------------
Key: WSS-11
URL: http://issues.apache.org/jira/browse/WSS-11
Project: WSS4J
Type: Improvement
Environment: SUN JDK 1.5.0, WSS4J 1.0.0
Reporter: Guy Rixon
Assigned to: Davanum Srinivas
Priority: Minor
Merlin gives poor error messages when it can't load a keystore. If the wrong password is configured for the store, then this stack-dump appears when calling CryptoFactor.getInstance(String, String):
java.io.IOException: failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275)
at java.security.KeyStore.load(KeyStore.java:652)
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at junit.framework.TestSuite.runTest(TestSuite.java:208)
at junit.framework.TestSuite.run(TestSuite.java:203)
at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
Caused by: COM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
at COM.rsa.jsafe.SunJSSE_al.a(DashoA12275)
at COM.rsa.jsafe.SunJSSE_ag.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275)
... 25 more
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at junit.framework.TestCase.runTest(TestCase.java:154)
at junit.framework.TestCase.runBare(TestCase.java:127)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:118)
at junit.framework.TestSuite.runTest(TestSuite.java:208)
at junit.framework.TestSuite.run(TestSuite.java:203)
at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.]
at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:530)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
... 21 more
java.lang.InstantiationException: org.apache.ws.security.components.crypto.Merlin
at java.lang.Class.newInstance0(Class.java:293)
which suggests a format error in the keystore rather than a bad password: very mislading and wasteful of time.
Currently, a default password is used if no password is configured; IMHO it would be better to throw a CredentialException if the password is missing. In that mode, a helpful error-message could be given. See CryptoFactor lines 524..537.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Closed: (WSS-11) Better error message(s) for failure to load
keystore
Posted by "Werner Dittmann (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-11?page=all ]
Werner Dittmann closed WSS-11:
------------------------------
Resolution: Won't Fix
The exception is thrown from the keystore implementation, WSS4J can only forward this but cannot
perform additional checks or recovery.
> Better error message(s) for failure to load keystore
> ----------------------------------------------------
>
> Key: WSS-11
> URL: http://issues.apache.org/jira/browse/WSS-11
> Project: WSS4J
> Type: Improvement
> Environment: SUN JDK 1.5.0, WSS4J 1.0.0
> Reporter: Guy Rixon
> Assignee: Davanum Srinivas
> Priority: Minor
>
> Merlin gives poor error messages when it can't load a keystore. If the wrong password is configured for the store, then this stack-dump appears when calling CryptoFactor.getInstance(String, String):
> java.io.IOException: failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275)
> at java.security.KeyStore.load(KeyStore.java:652)
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: COM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at COM.rsa.jsafe.SunJSSE_al.a(DashoA12275)
> at COM.rsa.jsafe.SunJSSE_ag.a(DashoA12275)
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275)
> ... 25 more
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.]
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:530)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> ... 21 more
> java.lang.InstantiationException: org.apache.ws.security.components.crypto.Merlin
> at java.lang.Class.newInstance0(Class.java:293)
> which suggests a format error in the keystore rather than a bad password: very mislading and wasteful of time.
> Currently, a default password is used if no password is configured; IMHO it would be better to throw a CredentialException if the password is missing. In that mode, a helpful error-message could be given. See CryptoFactor lines 524..537.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-11) Better error message(s) for failure to load keystore
Posted by "Werner Dittmann (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-11?page=comments#action_12318814 ]
Werner Dittmann commented on WSS-11:
------------------------------------
Guy,
such a check for a null password would make sense only if the keystore
mandates a password. IMO you may set up keystores (JKS, PKCS#12) without
a password.
The error message is correct if someone specifies the wrong/or no password
when opening a keystore - it just can't decrypt the content.
Werner
> Better error message(s) for failure to load keystore
> ----------------------------------------------------
>
> Key: WSS-11
> URL: http://issues.apache.org/jira/browse/WSS-11
> Project: WSS4J
> Type: Improvement
> Environment: SUN JDK 1.5.0, WSS4J 1.0.0
> Reporter: Guy Rixon
> Assignee: Davanum Srinivas
> Priority: Minor
>
> Merlin gives poor error messages when it can't load a keystore. If the wrong password is configured for the store, then this stack-dump appears when calling CryptoFactor.getInstance(String, String):
> java.io.IOException: failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275)
> at java.security.KeyStore.load(KeyStore.java:652)
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: COM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at COM.rsa.jsafe.SunJSSE_al.a(DashoA12275)
> at COM.rsa.jsafe.SunJSSE_ag.a(DashoA12275)
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275)
> ... 25 more
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.]
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:530)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> ... 21 more
> java.lang.InstantiationException: org.apache.ws.security.components.crypto.Merlin
> at java.lang.Class.newInstance0(Class.java:293)
> which suggests a format error in the keystore rather than a bad password: very mislading and wasteful of time.
> Currently, a default password is used if no password is configured; IMHO it would be better to throw a CredentialException if the password is missing. In that mode, a helpful error-message could be given. See CryptoFactor lines 524..537.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Closed: (WSS-11) Better error message(s) for failure to load
keystore
Posted by "Werner Dittmann (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-11?page=all ]
Werner Dittmann closed WSS-11:
------------------------------
Resolution: Won't Fix
The exception is thrown from the keystore implementation, WSS4J can only forward this but cannot
perform additional checks or recovery.
> Better error message(s) for failure to load keystore
> ----------------------------------------------------
>
> Key: WSS-11
> URL: http://issues.apache.org/jira/browse/WSS-11
> Project: WSS4J
> Type: Improvement
> Environment: SUN JDK 1.5.0, WSS4J 1.0.0
> Reporter: Guy Rixon
> Assignee: Davanum Srinivas
> Priority: Minor
>
> Merlin gives poor error messages when it can't load a keystore. If the wrong password is configured for the store, then this stack-dump appears when calling CryptoFactor.getInstance(String, String):
> java.io.IOException: failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275)
> at java.security.KeyStore.load(KeyStore.java:652)
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: COM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at COM.rsa.jsafe.SunJSSE_al.a(DashoA12275)
> at COM.rsa.jsafe.SunJSSE_ag.a(DashoA12275)
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275)
> ... 25 more
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.]
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:530)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> ... 21 more
> java.lang.InstantiationException: org.apache.ws.security.components.crypto.Merlin
> at java.lang.Class.newInstance0(Class.java:293)
> which suggests a format error in the keystore rather than a bad password: very mislading and wasteful of time.
> Currently, a default password is used if no password is configured; IMHO it would be better to throw a CredentialException if the password is missing. In that mode, a helpful error-message could be given. See CryptoFactor lines 524..537.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
[jira] Commented: (WSS-11) Better error message(s) for failure to load keystore
Posted by "Werner Dittmann (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/WSS-11?page=comments#action_12318814 ]
Werner Dittmann commented on WSS-11:
------------------------------------
Guy,
such a check for a null password would make sense only if the keystore
mandates a password. IMO you may set up keystores (JKS, PKCS#12) without
a password.
The error message is correct if someone specifies the wrong/or no password
when opening a keystore - it just can't decrypt the content.
Werner
> Better error message(s) for failure to load keystore
> ----------------------------------------------------
>
> Key: WSS-11
> URL: http://issues.apache.org/jira/browse/WSS-11
> Project: WSS4J
> Type: Improvement
> Environment: SUN JDK 1.5.0, WSS4J 1.0.0
> Reporter: Guy Rixon
> Assignee: Davanum Srinivas
> Priority: Minor
>
> Merlin gives poor error messages when it can't load a keystore. If the wrong password is configured for the store, then this stack-dump appears when calling CryptoFactor.getInstance(String, String):
> java.io.IOException: failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(DashoA12275)
> at java.security.KeyStore.load(KeyStore.java:652)
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:527)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: COM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.
> at COM.rsa.jsafe.SunJSSE_al.a(DashoA12275)
> at COM.rsa.jsafe.SunJSSE_ag.a(DashoA12275)
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.a(DashoA12275)
> ... 25 more
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
> at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:117)
> at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)
> at org.astrogrid.security.MerlinTest.testAll(MerlinTest.java:31)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at junit.framework.TestCase.runTest(TestCase.java:154)
> at junit.framework.TestCase.runBare(TestCase.java:127)
> at junit.framework.TestResult$1.protect(TestResult.java:106)
> at junit.framework.TestResult.runProtected(TestResult.java:124)
> at junit.framework.TestResult.run(TestResult.java:109)
> at junit.framework.TestCase.run(TestCase.java:118)
> at junit.framework.TestSuite.runTest(TestSuite.java:208)
> at junit.framework.TestSuite.run(TestSuite.java:203)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.run(JUnitTestRunner.java:325)
> at org.apache.tools.ant.taskdefs.optional.junit.JUnitTestRunner.main(JUnitTestRunner.java:536)
> Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [failed to decrypt safe contents entryCOM.rsa.jsafe.SunJSSE_cs: Could not perform unpadding: invalid pad byte.]
> at org.apache.ws.security.components.crypto.Merlin.load(Merlin.java:530)
> at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:119)
> ... 21 more
> java.lang.InstantiationException: org.apache.ws.security.components.crypto.Merlin
> at java.lang.Class.newInstance0(Class.java:293)
> which suggests a format error in the keystore rather than a bad password: very mislading and wasteful of time.
> Currently, a default password is used if no password is configured; IMHO it would be better to throw a CredentialException if the password is missing. In that mode, a helpful error-message could be given. See CryptoFactor lines 524..537.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org