Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

WSS4J Crypto object initialisation with non-text keystore password

843811Feb 16 2007 — edited Aug 10 2007
Hi there,

I am writing a client that invokes a web service, and am trying to sign the SOAP message using WSS4J.
I have a .p12 file that contains the private key to be used for signing (received from the third party hosting the web service).
The private key's password is: "password" (ignoring the quotation marks.)

Here's the crucial bit - the password for the .p12 file is not the same as that of the private key within. Nor is the .p12 file's password 'clear text', i.e. regular characters.
The .p12 file's password is obtained as follows:
Compute the MD5 hash of "password". 
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digestBytes = md.digest("password".getBytes());
Take the resulting byte[] and decode it to a String according to the ISO-8859-1 charset 
String p12FilePassword = new String(digestBytes, "ISO-8859-1");
I verified that this is giving me the correct password to the .p12 file; I can retrieve the private key.


However, using WSS4J, I need to initialise a Crypto object using a properties file, but cannot type the MD5 result to the flat file because it does not map to 'regular characters': 
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.BouncyCastle

org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
org.apache.ws.security.crypto.merlin.keystore.password=password

org.apache.ws.security.crypto.merlin.keystore.alias=alias
org.apache.ws.security.crypto.merlin.alias.password=password

org.apache.ws.security.crypto.merlin.file=C:\\myFile.p12
My work around is to:
Load the above file into a Properties object.
Retrieve the keystore password (i.e. "password") under key 
org.apache.ws.security.crypto.merlin.keystore.password
Hash it, as already described
Replace the value within the Properties with the result of the hashing under the same key.
Initialise the Crypto object as follows: 
Crypto cryptoClient_c = CryptoFactory.getInstance("org.apache.ws.security.components.crypto.BouncyCastle", cryptoProperties);
This yields the exception below which would appear to be caused by the Properties containing a keystore password that is not in ASCII.

Is it possible to pass into the Crypto object a 'hashed password' as i have computed above?
Is there something that I'm missing from my properties file that will instruct the Crypto object to expect, and accept, my 'hashed' keystore password?


Many thanks for your help.
Ken.

P.S. I have also tried with crypto provider Merlin, but received the same result.
java.io.IOException: Error in loading the keystore: Private key decryption error: (java.security.spec.InvalidKeySpecException: Password is not ASCII)
	at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)
	at java.security.KeyStore.load(KeyStore.java:695)
	at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:517)
	at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:113)
	at org.apache.ws.security.components.crypto.BouncyCastle.<init>(BouncyCastle.java:63)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:80)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:44)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:315)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:157)
	at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:110)
	at ie.colman.sad.soap.utils.SOAPUtils.<clinit>(SOAPUtils.java:143)
	at ie.colman.sad.services.SadFileClient.<init>(SadFileClient.java:61)
	at ie.colman.sad.services.SadController.processCapFiles(SadController.java:229)
	at ie.colman.sad.services.SadController.run(SadController.java:82)
	at ie.colman.sad.services.SadController.main(SadController.java:68)
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:80)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:44)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:315)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:157)
	at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:110)
	at ie.colman.sad.soap.utils.SOAPUtils.<clinit>(SOAPUtils.java:143)
	at ie.colman.sad.services.SadFileClient.<init>(SadFileClient.java:61)
	at ie.colman.sad.services.SadController.processCapFiles(SadController.java:229)
	at ie.colman.sad.services.SadController.run(SadController.java:82)
	at ie.colman.sad.services.SadController.main(SadController.java:68)
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [Error in loading the keystore: Private key decryption error: (java.security.spec.InvalidKeySpecException: Password is not ASCII)]
	at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:520)
	at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:113)
	at org.apache.ws.security.components.crypto.BouncyCastle.<init>(BouncyCastle.java:63)
	... 12 more
2007/02/16 15:25:53 ERROR crypto.CryptoFactory - Unable to instantiate (1): org.apache.ws.security.components.crypto.BouncyCastle
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:80)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:44)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:315)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:157)
	at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:110)
	at ie.colman.sad.soap.utils.SOAPUtils.<clinit>(SOAPUtils.java:143)
	at ie.colman.sad.services.SadFileClient.<init>(SadFileClient.java:61)
	at ie.colman.sad.services.SadController.processCapFiles(SadController.java:229)
	at ie.colman.sad.services.SadController.run(SadController.java:82)
	at ie.colman.sad.services.SadController.main(SadController.java:68)
Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials. Inner Exception: [Error in loading the keystore: Private key decryption error: (java.security.spec.InvalidKeySpecException: Password is not ASCII)]
	at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:520)
	at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:113)
	at org.apache.ws.security.components.crypto.BouncyCastle.<init>(BouncyCastle.java:63)
	... 12 more
java.lang.InstantiationException: org.apache.ws.security.components.crypto.BouncyCastle
	at java.lang.Class.newInstance3(Class.java:346)
	at java.lang.Class.newInstance(Class.java:305)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:188)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:157)
	at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:110)
2007/02/16 15:25:53 ERROR crypto.CryptoFactory - Unable to instantiate (2): org.apache.ws.security.components.crypto.BouncyCastle
java.lang.InstantiationException: org.apache.ws.security.components.crypto.BouncyCastle
	at java.lang.Class.newInstance3(Class.java:346)
	at java.lang.Class.newInstance(Class.java:305)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:188)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:157)
	at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:110)
	at ie.colman.sad.soap.utils.SOAPUtils.<clinit>(SOAPUtils.java:143)
	at ie.colman.sad.services.SadFileClient.<init>(SadFileClient.java:61)
	at ie.colman.sad.services.SadController.processCapFiles(SadController.java:229)
	at ie.colman.sad.services.SadController.run(SadController.java:82)
	at ie.colman.sad.services.SadController.main(SadController.java:68)
	at ie.colman.sad.soap.utils.SOAPUtils.<clinit>(SOAPUtils.java:143)
	at ie.colman.sad.services.SadFileClient.<init>(SadFileClient.java:61)
	at ie.colman.sad.services.SadController.processCapFiles(SadController.java:229)
	at ie.colman.sad.services.SadController.run(SadController.java:82)
	at ie.colman.sad.services.SadController.main(SadController.java:68)
Exception in thread "main" java.lang.ExceptionInInitializerError
	at ie.colman.sad.services.SadFileClient.<init>(SadFileClient.java:61)
	at ie.colman.sad.services.SadController.processCapFiles(SadController.java:229)
	at ie.colman.sad.services.SadController.run(SadController.java:82)
	at ie.colman.sad.services.SadController.main(SadController.java:68)
Caused by: java.lang.RuntimeException: org.apache.ws.security.components.crypto.BouncyCastle cannot create instance
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:193)
	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:157)
	at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:110)
	at ie.colman.sad.soap.utils.SOAPUtils.<clinit>(SOAPUtils.java:143)
	... 4 more
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 7 2007
Added on Feb 16 2007
#cryptography
2 comments
2,346 views