I'm trying to get an instance of org.apache.ws.security.components.crypto.Merlin
using org.apache.ws.security.components.crypto.CryptoFactory
specifically the CryptoFactory.getInstance(properties)
method.
This will consistantly throw
java.lang.RuntimeException: org.apache.ws.security.components.crypto.Merlin cannot create instance
which evantually is caused by
java.security.UnrecoverableKeyException: Password verification failed
The password on the keystore file has been checked with the keytool on the command line and is correct.
the keystore is generated via the following process:
Which is in the root directory of the eclipse porject.
The test applciation is as follows:
public class App {
public static void main(String[] args) throws CredentialException,
IOException {
System.out.println("Starting");
Properties p = new Properties();
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.password",
"password");
p.setProperty("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
p.setProperty("org.apache.ws.security.crypto.merlin.keystore.type",
"jks");
p.setProperty("org.apache.ws.security.crypto.merlin.file", "./testkeystore.jks");
Crypto crypto = CryptoFactory.getInstance(p);
System.out.println(" Complete ");
}
}
and the following exception is generated:
Exception in thread "main" java.lang.RuntimeException: org.apache.ws.security.components.crypto.Merlin cannot create instance
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:225)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:73)
at com.restart.test.cryptotest2.App.main(App.java:22)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:211)
... 3 more
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials.
at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:174)
at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:135)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:71)
... 8 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:168)
... 10 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 13 more
The password as indicated in the cmd window is set to "password" , but by all accounts the application is rejecting it, I can change the password using keytool -storepasswd
with no issues, So i know the the password I am providing is correct; can anyone suggest what may be going wrong here? I've been trying to debug this unsuccessfully for full a day now.
If there is any additional information I can provide please let me know.
edit --
the folloing maven dependency is required to build this test:
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.5.8</version>
<scope>provided</scope>
</dependency>
After reading the comments from User I built it against a different version of the JDK/JRE and it worked, after downloading the sources for rt.java and stepping through I found that the CryptoBase class was instantiating two JavaKeyStores, the first (being my .jks file) which instantiated fine, but the second was the cacerts
keystore in jre\lib\security>
which did not have the default password of changeit
which was causing the failure;
I have now changed the password on the jre keystore and I'm working fine in my original jre/jdk.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With