[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-user
Subject: Re: axis2 1.6.0 rampart exception in keystore
From: Hasini Gunasinghe <hasi7786 () gmail ! com>
Date: 2012-05-13 11:57:46
Message-ID: CAJW3xdo2dAe_6_=+gw9MQ7DNLOzssPOh3PsK6rvSNFRQMf7+Wg () mail ! gmail ! com
[Download RAW message or body]
Hi,
When generating the key-pair, you need to specify the key algorithm as RSA.
For eg: if you used java keytool to generate the key pair, you need to add
-keyalg RSA to the genkey command.
If it is not specified, it defaults to DSA.
Same issue is discussed at [1] as well.
But I am not sure why it gives an error for DSA. Can you please attach your
complete policy?
[1]
http://stackoverflow.com/questions/3151147/cant-sign-a-dig-sig-utilizing-java-keytool
Thanks,
Hasini.
On Thu, Apr 26, 2012 at 12:18 PM, Natanasabai C <nadans@gmail.com> wrote:
> Hi All,
>
> I am using axis21.6.0 with rampart. My policy.xml has the details of the
> client provided keystore provided below. I am getting the exception
> "org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance".
> (details below.
> If any of you have faced this issue can you please provide me inputs.
> Thanks in advance.
>
> regards,
> Natanasabai.
> <ramp:RampartConfig xmlns:ramp="
> http://ws.apache.org/rampart/policy">
> <ramp:user>loyalty</ramp:user>
> <ramp:encryptionUser>service</ramp:encryptionUser>
> <ramp:passwordCallbackClass>javaclient.PWCBHandler
> </ramp:passwordCallbackClass>
> <ramp:signatureCrypto>
> <ramp:crypto
> provider="org.apache.ws.security.components.crypto.Merlin">
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.file">loyalty.keystore</ramp:property>
> <ramp:property
> name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
> </ramp:crypto>
> </ramp:signatureCrypto>
> </ramp:RampartConfig>
>
> org.apache.axis2.AxisFault: Error in signature with X509Token
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)
> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
> at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at javaclient.TestStub.testOperation(TestStub.java:181)
> at
> javaclient.LoyaltySecurityClientXMLBeans.main(LoyaltySecurityClientXMLBeans.java:63)
> Caused by: org.apache.rampart.RampartException: Error in signature with
> X509Token
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at
> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 9 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation
> failed; nested exception is:
> org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> Original Exception was
> org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> Original Exception was java.security.InvalidKeyException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:722)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
>
> ... 13 more
> Caused by: org.apache.xml.security.signature.XMLSignatureException:
> Supplied key (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey
> instance
> Original Exception was
> org.apache.xml.security.signature.XMLSignatureException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> Original Exception was java.security.InvalidKeyException: Supplied key
> (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:718)
>
> ... 14 more
>
[Attachment #3 (text/html)]
Hi,<br><br>When generating the key-pair, you need to specify the key algorithm as \
RSA.<br>For eg: if you used java keytool to generate the key pair, you need to add \
-keyalg RSA to the genkey command.<br>If it is not specified, it defaults to DSA.<br> \
<br>Same issue is discussed at [1] as well.<br><br>But I am not sure why it gives an \
error for DSA. Can you please attach your complete policy?<br><br>[1]<a \
href="http://stackoverflow.com/questions/3151147/cant-sign-a-dig-sig-utilizing-java-ke \
ytool">http://stackoverflow.com/questions/3151147/cant-sign-a-dig-sig-utilizing-java-keytool</a><br>
<br>Thanks,<br>Hasini.<br><br><div class="gmail_quote">On Thu, Apr 26, 2012 at 12:18 \
PM, Natanasabai C <span dir="ltr"><<a href="mailto:nadans@gmail.com" \
target="_blank">nadans@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> Hi All,<br><br>I am using axis21.6.0 with \
rampart. My policy.xml has the details of the client provided keystore provided \
below. I am getting the exception \
"org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance". (details \
below.<br>If any of you have faced this issue can you please provide me inputs. \
Thanks in advance.<br><br>regards,<br>Natanasabai.<br>
<ramp:RampartConfig xmlns:ramp="<a \
href="http://ws.apache.org/rampart/policy" \
target="_blank">http://ws.apache.org/rampart/policy</a>"><br> \
<ramp:user>loyalty</ramp:user><br>
<ramp:encryptionUser>service</ramp:encryptionUser><br>
<ramp:passwordCallbackClass>javaclient.PWCBHandler<br> \
</ramp:passwordCallbackClass><br> \
<ramp:signatureCrypto><br> <ramp:crypto \
provider="org.apache.ws.security.components.crypto.Merlin"><br>
<ramp:property \
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property><br> \
<ramp:property name="org.apache.ws.security.crypto.merlin.file">loyalty.keystore</ramp:property><br>
<ramp:property \
name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property><br> \
</ramp:crypto><br> </ramp:signatureCrypto><br>
</ramp:RampartConfig><br><br>org.apache.axis2.AxisFault: Error in \
signature with X509Token<br> at \
org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)<br> at \
org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)<br>
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)<br> at \
org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:262)<br> at \
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:427)<br> at \
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)<br>
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)<br> \
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)<br> \
at javaclient.TestStub.testOperation(TestStub.java:181)<br>
at javaclient.LoyaltySecurityClientXMLBeans.main(LoyaltySecurityClientXMLBeans.java:63)<br>Caused \
by: org.apache.rampart.RampartException: Error in signature with X509Token<br> at \
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)<br>
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)<br> \
at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)<br> \
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)<br>
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)<br> \
... 9 more<br>Caused by: org.apache.ws.security.WSSecurityException: Signature \
creation failed; nested exception is: <br> \
org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance<br>
Original Exception was org.apache.xml.security.signature.XMLSignatureException: \
Supplied key (sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was java.security.InvalidKeyException: Supplied key \
(sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance<br>
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:722)<br> \
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)<br> \
... 13 more<br>
Caused by: org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance<br>Original \
Exception was org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance<br>
Original Exception was java.security.InvalidKeyException: Supplied key \
(sun.security.provider.DSAPrivateKey) is not a RSAPrivateKey instance<br> at \
org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)<br>
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:718)<br> \
... 14 more<br> </blockquote></div><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic