You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by csj <jo...@clarkson.edu> on 2005/09/16 14:15:06 UTC
Client side p12's
I'm having problems getting wss4j working with my own keystores,
everything seems to work with the packaged sample keystore x509.PFX.MSFT
but when I replace it with my own .p12 file and replace all references to
the x509.PFX.MSFT with my .p12 in client_deploy.wsdd, crypto.properties,
and PWCallback.java I get the following..
java.io.IOException: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: Given final block not properly padded
at
com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1150)
I have used this same p12 for signing in other applications.
Thanks
..Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Client side p12's
Posted by csj <jo...@clarkson.edu>.
Solved:
Turns out you need
org.apache.ws.security.crypto.merlin.keystore.password=password
in the crypto.properties file for it to work. Everything seemed to work
fine without it when I used the canned keystores but wont work when i use
my own..
On Mon, 19 Sep 2005, csj wrote:
> Werner -
>
> Again thanks for the reply..
>
> The provider as configured in my crypto.properties ..
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.file=csj.p12
>
> Just to test to make sure I had the password right I used keytool and
> listed the information in the keystore..
>
> keytool -list -storetype pkcs12 -keystore csj.p12
> Enter keystore password: password
>
> Keystore type: pkcs12
> Keystore provider: SunJSSE
>
> Your keystore contains 1 entry
>
> csj, Sep 19, 2005, keyEntry,
> Certificate fingerprint (MD5):
> CB:E9:4B:C5:2D:1A:58:5B:69:E4:0A:49:4A:E7:7F:90
>
> If I'm not using the right provider what should I be using and how do I
> set it?
>
> Thanks
> ..Chris
>
>
>
>
> On Fri, 16 Sep 2005, Werner Dittmann wrote:
>
> > Chris,
> >
> > I guess a wrong password or a wrong provider. AFAIK the Sun provider
> > (security provider) does not support PKCS#12, Bouncycastel does.
> >
> > According to the trace you are using the Sun provider... also you
> > may check the password.
> >
> > Regards,
> > Werner
> >
> > csj wrote:
> > > I'm having problems getting wss4j working with my own keystores,
> > > everything seems to work with the packaged sample keystore x509.PFX.MSFT
> > > but when I replace it with my own .p12 file and replace all references to
> > > the x509.PFX.MSFT with my .p12 in client_deploy.wsdd, crypto.properties,
> > > and PWCallback.java I get the following..
> > >
> > > java.io.IOException: failed to decrypt safe contents entry:
> > > javax.crypto.BadPaddingException: Given final block not properly padded
> > > at
> > > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> > > at java.security.KeyStore.load(KeyStore.java:1150)
> > >
> > > I have used this same p12 for signing in other applications.
> > >
> > > Thanks
> > > ..Chris
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
> --
> Chris Johnson
> johnsocs@clarkson.edu
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Client side p12's
Posted by csj <jo...@clarkson.edu>.
Solved:
Turns out you need
org.apache.ws.security.crypto.merlin.keystore.password=password
in the crypto.properties file for it to work. Everything seemed to work
fine without it when I used the canned keystores but wont work when i use
my own..
On Mon, 19 Sep 2005, csj wrote:
> Werner -
>
> Again thanks for the reply..
>
> The provider as configured in my crypto.properties ..
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.file=csj.p12
>
> Just to test to make sure I had the password right I used keytool and
> listed the information in the keystore..
>
> keytool -list -storetype pkcs12 -keystore csj.p12
> Enter keystore password: password
>
> Keystore type: pkcs12
> Keystore provider: SunJSSE
>
> Your keystore contains 1 entry
>
> csj, Sep 19, 2005, keyEntry,
> Certificate fingerprint (MD5):
> CB:E9:4B:C5:2D:1A:58:5B:69:E4:0A:49:4A:E7:7F:90
>
> If I'm not using the right provider what should I be using and how do I
> set it?
>
> Thanks
> ..Chris
>
>
>
>
> On Fri, 16 Sep 2005, Werner Dittmann wrote:
>
> > Chris,
> >
> > I guess a wrong password or a wrong provider. AFAIK the Sun provider
> > (security provider) does not support PKCS#12, Bouncycastel does.
> >
> > According to the trace you are using the Sun provider... also you
> > may check the password.
> >
> > Regards,
> > Werner
> >
> > csj wrote:
> > > I'm having problems getting wss4j working with my own keystores,
> > > everything seems to work with the packaged sample keystore x509.PFX.MSFT
> > > but when I replace it with my own .p12 file and replace all references to
> > > the x509.PFX.MSFT with my .p12 in client_deploy.wsdd, crypto.properties,
> > > and PWCallback.java I get the following..
> > >
> > > java.io.IOException: failed to decrypt safe contents entry:
> > > javax.crypto.BadPaddingException: Given final block not properly padded
> > > at
> > > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> > > at java.security.KeyStore.load(KeyStore.java:1150)
> > >
> > > I have used this same p12 for signing in other applications.
> > >
> > > Thanks
> > > ..Chris
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
> --
> Chris Johnson
> johnsocs@clarkson.edu
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Client side p12's
Posted by csj <jo...@clarkson.edu>.
Werner -
Again thanks for the reply..
The provider as configured in my crypto.properties ..
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.file=csj.p12
Just to test to make sure I had the password right I used keytool and
listed the information in the keystore..
keytool -list -storetype pkcs12 -keystore csj.p12
Enter keystore password: password
Keystore type: pkcs12
Keystore provider: SunJSSE
Your keystore contains 1 entry
csj, Sep 19, 2005, keyEntry,
Certificate fingerprint (MD5):
CB:E9:4B:C5:2D:1A:58:5B:69:E4:0A:49:4A:E7:7F:90
If I'm not using the right provider what should I be using and how do I
set it?
Thanks
..Chris
On Fri, 16 Sep 2005, Werner Dittmann wrote:
> Chris,
>
> I guess a wrong password or a wrong provider. AFAIK the Sun provider
> (security provider) does not support PKCS#12, Bouncycastel does.
>
> According to the trace you are using the Sun provider... also you
> may check the password.
>
> Regards,
> Werner
>
> csj wrote:
> > I'm having problems getting wss4j working with my own keystores,
> > everything seems to work with the packaged sample keystore x509.PFX.MSFT
> > but when I replace it with my own .p12 file and replace all references to
> > the x509.PFX.MSFT with my .p12 in client_deploy.wsdd, crypto.properties,
> > and PWCallback.java I get the following..
> >
> > java.io.IOException: failed to decrypt safe contents entry:
> > javax.crypto.BadPaddingException: Given final block not properly padded
> > at
> > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> > at java.security.KeyStore.load(KeyStore.java:1150)
> >
> > I have used this same p12 for signing in other applications.
> >
> > Thanks
> > ..Chris
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Chris Johnson
johnsocs@clarkson.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Client side p12's
Posted by csj <jo...@clarkson.edu>.
Werner -
Again thanks for the reply..
The provider as configured in my crypto.properties ..
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.file=csj.p12
Just to test to make sure I had the password right I used keytool and
listed the information in the keystore..
keytool -list -storetype pkcs12 -keystore csj.p12
Enter keystore password: password
Keystore type: pkcs12
Keystore provider: SunJSSE
Your keystore contains 1 entry
csj, Sep 19, 2005, keyEntry,
Certificate fingerprint (MD5):
CB:E9:4B:C5:2D:1A:58:5B:69:E4:0A:49:4A:E7:7F:90
If I'm not using the right provider what should I be using and how do I
set it?
Thanks
..Chris
On Fri, 16 Sep 2005, Werner Dittmann wrote:
> Chris,
>
> I guess a wrong password or a wrong provider. AFAIK the Sun provider
> (security provider) does not support PKCS#12, Bouncycastel does.
>
> According to the trace you are using the Sun provider... also you
> may check the password.
>
> Regards,
> Werner
>
> csj wrote:
> > I'm having problems getting wss4j working with my own keystores,
> > everything seems to work with the packaged sample keystore x509.PFX.MSFT
> > but when I replace it with my own .p12 file and replace all references to
> > the x509.PFX.MSFT with my .p12 in client_deploy.wsdd, crypto.properties,
> > and PWCallback.java I get the following..
> >
> > java.io.IOException: failed to decrypt safe contents entry:
> > javax.crypto.BadPaddingException: Given final block not properly padded
> > at
> > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> > at java.security.KeyStore.load(KeyStore.java:1150)
> >
> > I have used this same p12 for signing in other applications.
> >
> > Thanks
> > ..Chris
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Chris Johnson
johnsocs@clarkson.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Client side p12's
Posted by Werner Dittmann <We...@t-online.de>.
Chris,
I guess a wrong password or a wrong provider. AFAIK the Sun provider
(security provider) does not support PKCS#12, Bouncycastel does.
According to the trace you are using the Sun provider... also you
may check the password.
Regards,
Werner
csj wrote:
> I'm having problems getting wss4j working with my own keystores,
> everything seems to work with the packaged sample keystore x509.PFX.MSFT
> but when I replace it with my own .p12 file and replace all references to
> the x509.PFX.MSFT with my .p12 in client_deploy.wsdd, crypto.properties,
> and PWCallback.java I get the following..
>
> java.io.IOException: failed to decrypt safe contents entry:
> javax.crypto.BadPaddingException: Given final block not properly padded
> at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> at java.security.KeyStore.load(KeyStore.java:1150)
>
> I have used this same p12 for signing in other applications.
>
> Thanks
> ..Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Client side p12's
Posted by Werner Dittmann <We...@t-online.de>.
Chris,
I guess a wrong password or a wrong provider. AFAIK the Sun provider
(security provider) does not support PKCS#12, Bouncycastel does.
According to the trace you are using the Sun provider... also you
may check the password.
Regards,
Werner
csj wrote:
> I'm having problems getting wss4j working with my own keystores,
> everything seems to work with the packaged sample keystore x509.PFX.MSFT
> but when I replace it with my own .p12 file and replace all references to
> the x509.PFX.MSFT with my .p12 in client_deploy.wsdd, crypto.properties,
> and PWCallback.java I get the following..
>
> java.io.IOException: failed to decrypt safe contents entry:
> javax.crypto.BadPaddingException: Given final block not properly padded
> at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> at java.security.KeyStore.load(KeyStore.java:1150)
>
> I have used this same p12 for signing in other applications.
>
> Thanks
> ..Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org