This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 95733 - Secured WS not works when use custom keystore
Summary: Secured WS not works when use custom keystore
Status: VERIFIED FIXED
Alias: None
Product: serverplugins
Classification: Unclassified
Component: Identity (show other bugs)
Version: 6.x
Hardware: All All
: P2 blocker (vote)
Assignee: Peter Liu
URL:
Keywords: RELNOTE
Depends on:
Blocks:
 
Reported: 2007-02-15 19:30 UTC by Andrey Yamkovoy
Modified: 2007-08-24 16:41 UTC (History)
2 users (show)

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Yamkovoy 2007-02-15 19:30:46 UTC 
Steps to reproduce:
1. Creating custom keystore "mykeystore.jks" and import certificate from
"amclientkeystore.jks".

    keytool -genkey -keystore mykeystore.jks -alias myalias -storepass password
-keypass password
    keytool -export -rfc -keystore amclientkeystore.jks -alias amclient -file
amclient.cer
    keytool -import -keystore mykeystore.jks -alias amclient -file amclient.cer.

2. Configure AM.
   - Edit SAML-HolderOfKey profile to use custom keystore:
       location - ../mykeystore.jks
       password - password
       alias - myalias
       alias password - password

3. Configure WSC.
   - Create StockServer and StockClient samples.
   - Edit WS attributes in StockServer to use SAML-HolderOfKey profile.
   - Edit WSC attributes in StockClient to use SAML-HolderOfKey profile and
custom keystore.
       location - ../mykeystore.jks
       password - password
       alias - myalias
       alias password - password

4. Running.
   - Deploy both applications and run StockClient. In opened browser push "Submit".

5. Result:
    Exception occurs: "Securing request failed"

After this any secured web service (even newly created and configured with
default keystore) can't be invoked because of this error ...
Comment 1 Peter Liu 2007-02-16 00:14:26 UTC 
It looks like there is a bug in the amclientsdk for setting the custom keystore
information.  I tried pointing the custom keystore to the default
amclientkeystore.jks and it doesn't work either. 

I'll file a bug against AM and file a waiver request for this bug.
Comment 2 Peter Liu 2007-02-16 06:44:10 UTC 
File a bug against access manager in bugtraq:

http://bt2ws.central.sun.com/CrPrint?id=6525783
Comment 3 Peter Liu 2007-02-16 09:10:31 UTC 
I am downgrading this to p2 since users can still use the default keystore.
Comment 4 astashkova 2007-02-16 19:04:45 UTC 
Added to staged NB Enterprise Pack 5.5.1 Beta Release Notes
(http://nbstaging.czech.sun.com/community/releases/55/1/entpack_relnotes.html#95733)
Description needs verification.
Workaround (if any)needed.
Comment 5 Alexei Mokeev 2007-02-19 07:10:18 UTC 
No Objections in 48 hours. Waived.
Comment 6 Alexei Mokeev 2007-03-05 17:22:57 UTC 
Removed Beta EP551_WAIVER_APPROVED keyword - we are going forward to FCS.
Comment 7 astashkova 2007-04-27 12:33:13 UTC 
Added to NB IDE 6.0 Preview RNs as follows:

Issue #95733: Secure Web Services do not work when using custom key store.
 
Description:The custom key store support for web service security does not work.

Workaround: Use the default key store by selecting the Use Default Key Store
checkbox in the UI panels.
Comment 8 tonybeckham 2007-05-24 20:02:14 UTC 
Removing status whiteboard: EP551_BETA_RN and change version to 6.0.
Comment 9 Peter Liu 2007-06-22 22:49:51 UTC 
This issue is fixed in the latest AM bits in SDK b18. 

Note that AM, by default, uses RSA keys whereas keytool generate DSA keys be default.  In order for customer keystore to
work correctly, you need to create a RSA key by using the following command:

keytool -genkey -keystore mykeystore.jks -alias myalias -keyalg rsa -storepass password -keypass password
Comment 10 Jaroslav Pospisil 2007-08-24 16:41:54 UTC 
VERIFIED