'[jira] [Commented] (WSS-688) Signatures created with Merlin start being invalid after changing key-s'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    [jira] [Commented] (WSS-688) Signatures created with Merlin start being invalid after changing key-s
From:       "Colm O hEigeartaigh (Jira)" <jira () apache ! org>
Date:       2021-08-31 6:05:00
Message-ID: JIRA.13398205.1630323357000.949399.1630389900268 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/WSS-688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17407094#comment-17407094 \
] 

Colm O hEigeartaigh commented on WSS-688:
-----------------------------------------

What stack trace do you see in the logs when it starts failing?

> Signatures created with Merlin start being invalid after changing key-store a few \
>                 times
> ---------------------------------------------------------------------------------------
>  
> Key: WSS-688
> URL: https://issues.apache.org/jira/browse/WSS-688
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 2.3.2
> Environment: Java 11 (version 11.0.11.0.9)
> org.apache.cxf:cxf-rt-frontend-jaxws:3.4.4
> org.apache.cxf:cxf-rt-ws-security:3.4.4
> org.apache.cxf:cxf-rt-transports-http:3.4.4
> org.apache.cxf:cxf-rt-features-logging:3.4.4
> javax.xml.ws:jaxws-api:2.3.1
> javax.jws:javax.jws-api:1.1
> com.sun.xml.messaging.saaj:saaj-impl:1.5.3
> Reporter: Tor Ranfelt
> Assignee: Colm O hEigeartaigh
> Priority: Major
> 
> In our system we can't use a static certificate because it's a service that many \
> users use, and they need to use their own certificate to communicate with a \
> third-party SOAP-service. I used to be able to change Merlin's keystore whenever a \
> new certificate was needed, but after upgrading from Apache CXF 3.3.7 to 3.4.4 (and \
> other third party libraries that CXF depends on) a problem arose: Signatures \
> created by some certificates would be invalid. It was never the certificate that \
> was the problem, but which number of replacing key-store it was put into. So for \
> instance number 1 and 2 would be fine, but 3 would fail, and 4 would be fine. - \
> After which any new key-store with either certificate 1, 2 and 4 would keep \
> working, but 3 would fail every time. Probably due to some cache. I have \
> circumvented the problem by creating a new Merlin instance every time, instead of \
> just a new key-store instance. This works because the problem never manifest with \
> the first key-store.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic