Uploaded image for project: 'ServiceMix 4'
  1. ServiceMix 4
  2. SMX4-518

Camel NMR component WSSecurityTest fails

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 4.2.0
    • Fix Version/s: 4.4.0
    • Component/s: None
    • Labels:
      None

      Description

      When running the features/camel/servicemix-camel unit test on a Mac with JDK 1.6 installed, the WSSecurityTest fails.

      java.lang.RuntimeException: org.apache.ws.security.components.crypto.Merlin cannot create instance
      	at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:225)
      	at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:176)
      	at org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor.loadSignatureCrypto(AbstractWSS4JInterceptor.java:178)
      	at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:137)
      	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor.access$200(WSS4JOutInterceptor.java:47)
      	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:236)
      	at org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor$WSS4JOutInterceptorInternal.handleMessage(WSS4JOutInterceptor.java:122)
      	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
      	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:484)
      	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:310)
      	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:262)
      	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
      	at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
      <snip>
      Caused by: org.apache.ws.security.components.crypto.CredentialException: Failed to load credentials.
      	at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:174)
      	at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:135)
      	at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:71)
      	... 42 more
      Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
      	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
      	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
      	at java.security.KeyStore.load(KeyStore.java:1185)
      	at org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:168)
      	... 44 more
      Caused by: java.security.UnrecoverableKeyException: Password verification failed
      	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
      	... 47 more
      

        Activity

        Hide
        gertvanthienen Gert Vanthienen added a comment -

        A workaround for this issue is to revert the JDK update by Apple as explained in http://www.toolsforteams.com/roller/blog/entry/don_t_update_java_for.

        For now, I have added a profile to exclude the tests on the affected platforms to ensure we can all build the code without running into this issue (profile added as part of http://svn.apache.org/viewvc?view=revision&revision=936226)

        Show
        gertvanthienen Gert Vanthienen added a comment - A workaround for this issue is to revert the JDK update by Apple as explained in http://www.toolsforteams.com/roller/blog/entry/don_t_update_java_for . For now, I have added a profile to exclude the tests on the affected platforms to ensure we can all build the code without running into this issue (profile added as part of http://svn.apache.org/viewvc?view=revision&revision=936226 )
        Hide
        ccustine Chris Custine added a comment -

        I documented a permanent workaround for this issue on this thread as well:
        http://mail-archives.apache.org/mod_mbox/servicemix-dev/201004.mbox/%3Cj2r43b026c71004191518l182a2ac4nb442126530ae2d68@mail.gmail.com%3E

        In short, run the following command to change the cacert keystore password from the JDK back to the expected value:

        sudo keytool -storepasswd -new changeit -keystore /System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts -storepass changeme
        

        I'm not sure there is anything else that can be done, but this will at least fix your local JDK install permanently for anything else that expects the default password.

        Show
        ccustine Chris Custine added a comment - I documented a permanent workaround for this issue on this thread as well: http://mail-archives.apache.org/mod_mbox/servicemix-dev/201004.mbox/%3Cj2r43b026c71004191518l182a2ac4nb442126530ae2d68@mail.gmail.com%3E In short, run the following command to change the cacert keystore password from the JDK back to the expected value: sudo keytool -storepasswd -new changeit -keystore /System/Library/Frameworks/JavaVM.framework/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts -storepass changeme I'm not sure there is anything else that can be done, but this will at least fix your local JDK install permanently for anything else that expects the default password.
        Hide
        gertvanthienen Gert Vanthienen added a comment -
        Show
        gertvanthienen Gert Vanthienen added a comment - Reverting the POM changes made in http://svn.apache.org/viewvc?view=revision&revision=936665

          People

          • Assignee:
            Unassigned
            Reporter:
            gertvanthienen Gert Vanthienen
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development