Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-688

Signatures created with Merlin start being invalid after changing key-store a few times

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.3.2
    • None
    • WSS4J Core
    • None

    Description

      In our system we can't use a static certificate because it's a service that many users use, and they need to use their own certificate to communicate with a third-party SOAP-service.

      I used to be able to change Merlin's keystore whenever a new certificate was needed, but after upgrading from Apache CXF 3.3.7 to 3.4.4 (and other third party libraries that CXF depends on) a problem arose:
      Signatures created by some certificates would be invalid. It was never the certificate that was the problem, but which number of replacing key-store it was put into.
      So for instance number 1 and 2 would be fine, but 3 would fail, and 4 would be fine. - After which any new key-store with either certificate 1, 2 and 4 would keep working, but 3 would fail every time. Probably due to some cache.

      I have circumvented the problem by creating a new Merlin instance every time, instead of just a new key-store instance. This works because the problem never manifest with the first key-store.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            Tor Tor Ranfelt
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: