santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40826] - Private keys must be instance of RSAPrivate or have PKCS#8 encoding
Date Thu, 02 Nov 2006 15:42:42 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40826>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40826





------- Additional Comments From sean.mullan@sun.com  2006-11-02 07:42 -------

> Each time i sign, i add the provider (Security.addProvider(p)) and create a new
> PrivateKey object. Im not reusing nothing.. is it correct ? or i must have to
> remove and add the provider each time? from what i know...when we use the
> addProvider, it add the provider in the available slot, but we can add in a
> specific slot, just using addProviderAt(p, 2) for instance.

Ahh, here's what I think is happening:

The first time you call Security.addProvider(p), your provider is added 
correctly, you create a new PrivateKey object using that same provider and
the xml signing operation works ok.

The next time you create a new provider and call Security.addProvider(p), 
I bet the provider is not added because it is already installed (from the APIs
standpoint, it is the same provider even though it is a new instance). Check 
the return value of addProvider to see if it returns -1. 

*But* (and this is a major but), you then use the new provider instance to
create a PrivateKey object. There's the problem. When you use this PrivateKey
to sign, the xml signature cannot find the provider that you used to create it
(since it is not installed, it only finds the old provider but that won't
work with the new PrivateKey) and therefore the signing operation fails because
it cannot find a provider that the key can be used with.

Workarounds:

Either, 1) explicitly remove the provider before you reinstall it each 
time, or 2) only create and install the provider once and always use 
this provider to create the PrivateKeys.  

Please confirm if this is the case. 

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message