3 Replies Latest reply on May 24, 2011 2:52 AM by imanzano

    Problems using WS-Security encryption...

    mauro.brasil

      Hello there!

       

      We have an application environment here working with JBossWS and WS-Security enabled on server side and Axis2c (with rampartc for security) on client side.

      For start, we developed all the solution using just UserNameToken security and all was fine.

       

      We decided to enable wsse encryption in order to improve communication security and, since then, I'm stucked on the same problem.

       

      The server throwns an exception on the moment it receives the first message, like below:

       

      Caused by: java.security.cert.CertificateParsingException: signed overrun, bytes = 67

          at sun.security.x509.X509CertImpl.parse(Unknown Source)

          at sun.security.x509.X509CertImpl.<init>(Unknown Source)

          at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)

          at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)

          at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)

          at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)

          at java.security.KeyStore.load(Unknown Source)

          at org.jboss.ws.extensions.security.SecurityStore.loadStore(SecurityStore.java:158)

       

      After two days of constant searching trying/validating almost everything I've found about this issue, I decided to post a message here so someone can maybe give me just a hint to were to start digging.

       

      I followed the chapter 9 of "JBoss In Action" to create the keystores/truststores/certificates and to configure my environment ("jboss-wsse-server.xml", because other files were already defined to WS-Security) without any success.

      I've found sugestions about missing parameters on keytool usage, orientation regarding some sort of update of java encryption (adding JCE and BouncyCastle provider implementation), but nothing seems to work or make sense.

       

      If someone have any idea of solution I'll be very thankfull.

       

      Best regards,

      Mauro.