[Mashup-dev] [jira] Commented: (MASHUP-1023) Cannot invoke secured mashups if user's private key is generated with RSA algorithm

Keith Godwin Chapman (JIRA) jira at wso2.org
Wed Jul 23 05:32:52 PDT 2008


    [ https://wso2.org/jira/browse/MASHUP-1023?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18304#action_18304 ] 

Keith Godwin Chapman commented on MASHUP-1023:
----------------------------------------------

The issue is that your private key has expired. Anyway this is a good catch cause this shows that we should provide a way to manage your private keys too. But on a security front the reason this failed is because the private key has expired.

> Cannot invoke secured mashups if user's private key is generated with RSA algorithm
> -----------------------------------------------------------------------------------
>
>                 Key: MASHUP-1023
>                 URL: https://wso2.org/jira/browse/MASHUP-1023
>             Project: WSO2 Mashup Server
>          Issue Type: Bug
>          Components: Core
>         Environment: winxp, jdk15
>            Reporter: Charitha Kankanamge
>            Assignee: Keith Godwin Chapman
>            Priority: Critical
>         Attachments: qaclient.jks
>
>
> I could not invoke a secured mashup (UT enabled) with WSRequest if the private keystore is generated using RSA keyalg.
> I'm getting the following exception.
> ERROR [2008-07-23 11:56:10,546]  java.security.UnrecoverableKeyException: Cannot recover key
> ERROR [2008-07-23 11:56:10,562]  Cannot recover key
> org.wso2.mashup.MashupFault: Cannot recover key
>         at org.wso2.mashup.hostobjects.wsrequest.WSRequestHostImpl.jsFunction_send(WSRequestHostImpl.java:745)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:155)
>         at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:411)
>         at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:76)
>         at org.mozilla.javascript.gen.c66._c1(charitha-MyRequest:8)
>         at org.mozilla.javascript.gen.c66.call(charitha-MyRequest)
>         at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:393)
>         at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2834)
>         at org.mozilla.javascript.gen.c66.call(charitha-MyRequest)
>         at org.wso2.javascript.rhino.JavaScriptEngine.call(JavaScriptEngine.java:180)
>         at org.wso2.javascript.rhino.JavaScriptEngine.call(JavaScriptEngine.java:210)
>         at org.wso2.javascript.rhino.JavaScriptReceiver.invokeBusinessLogic(JavaScriptReceiver.java:195)
>         at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
>         at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:100)
>         at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:176)
>         at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:275)
>         at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:131)
>         at org.wso2.mashup.transport.MashupServlet.doPost(MashupServlet.java:69)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.wso2.mashup.transport.ServiceUIFilter.doFilter(ServiceUIFilter.java:207)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.wso2.adminui.AdminUIServletFilter.doFilter(AdminUIServletFilter.java:135)
>         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
>         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
>         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
>         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
>         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
>         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
>         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
>         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
>         at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
>         at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
>         at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
>         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
>         at java.lang.Thread.run(Thread.java:595)
> Caused by: org.wso2.mashup.MashupFault: Cannot recover key
>         at org.wso2.mashup.utils.CustomProtocolSocketFactory.createSSLContext(CustomProtocolSocketFactory.java:146)
>         at org.wso2.mashup.utils.CustomProtocolSocketFactory.getSSLContext(CustomProtocolSocketFactory.java:161)
>         at org.wso2.mashup.utils.CustomProtocolSocketFactory.<init>(CustomProtocolSocketFactory.java:69)
>         at org.wso2.mashup.utils.MashupUtils.getCustomProtocolSocketFactory(MashupUtils.java:1419)
>         at org.wso2.mashup.hostobjects.wsrequest.WSRequestHostImpl.setSSLProperties(WSRequestHostImpl.java:1113)
>         at org.wso2.mashup.hostobjects.wsrequest.WSRequestHostImpl.jsFunction_send(WSRequestHostImpl.java:724)
>         ... 43 more
> Caused by: java.security.UnrecoverableKeyException: Cannot recover key
>         at sun.security.provider.KeyProtector.recover(KeyProtector.java:301)
>         at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
>         at java.security.KeyStore.getKey(KeyStore.java:731)
>         at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:111)
>         at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:41)
>         at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:192)
>         at org.wso2.mashup.utils.CustomProtocolSocketFactory.createSSLContext(CustomProtocolSocketFactory.java:118)
>         ... 48 more
> Steps to reproduce:
> ===============
> 1. Upload the attached keystore
> 2. Enable UT in a sample mashup
> 3. Invoke the mashup using a client as given below
> function SecuredService(){
> var request = new WSRequest();
> var options = new Array();
> options["username"] = "charitha";
> options["password"] = "charitha";
> //options["encryptionUser"] = "charitha";
> request.openWSDL("http://localhost:7762/services/charitha/Hello?wsdl",false, options);
> request.send("hello",null);
> return request.responseXML;
> }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        



More information about the Mashup-dev mailing list