Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.3.2
-
None
-
None
-
Java 11 (version 11.0.11.0.9)
org.apache.cxf:cxf-rt-frontend-jaxws:3.4.4
org.apache.cxf:cxf-rt-ws-security:3.4.4
org.apache.cxf:cxf-rt-transports-http:3.4.4
org.apache.cxf:cxf-rt-features-logging:3.4.4
javax.xml.ws:jaxws-api:2.3.1
javax.jws:javax.jws-api:1.1
com.sun.xml.messaging.saaj:saaj-impl:1.5.3Java 11 (version 11.0.11.0.9) org.apache.cxf:cxf-rt-frontend-jaxws:3.4.4 org.apache.cxf:cxf-rt-ws-security:3.4.4 org.apache.cxf:cxf-rt-transports-http:3.4.4 org.apache.cxf:cxf-rt-features-logging:3.4.4 javax.xml.ws:jaxws-api:2.3.1 javax.jws:javax.jws-api:1.1 com.sun.xml.messaging.saaj:saaj-impl:1.5.3
Description
In our system we can't use a static certificate because it's a service that many users use, and they need to use their own certificate to communicate with a third-party SOAP-service.
I used to be able to change Merlin's keystore whenever a new certificate was needed, but after upgrading from Apache CXF 3.3.7 to 3.4.4 (and other third party libraries that CXF depends on) a problem arose:
Signatures created by some certificates would be invalid. It was never the certificate that was the problem, but which number of replacing key-store it was put into.
So for instance number 1 and 2 would be fine, but 3 would fail, and 4 would be fine. - After which any new key-store with either certificate 1, 2 and 4 would keep working, but 3 would fail every time. Probably due to some cache.
I have circumvented the problem by creating a new Merlin instance every time, instead of just a new key-store instance. This works because the problem never manifest with the first key-store.