ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bennett III, James William" <jawbe...@indiana.edu>
Subject Issuer name getting truncated
Date Wed, 19 Sep 2012 21:24:55 GMT
Hello everyone,

I work with an application which uses WSS4j version 1.5.11 and we get an exception fairly
regularly which seems to truncate the end of the issuer name when it signs a request.  We
end up seeing these exceptions thrown on the server when we make a web service call:

java.lang.IllegalArgumentException: improperly specified input name: CN=Foo Bar,OU=Baz,O=Org,L=City,ST=IN,
        at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:150)
        at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:102)
        at org.apache.ws.security.components.crypto.CryptoBase.createBCX509Name(CryptoBase.java:283)
        at org.apache.ws.security.components.crypto.CryptoBase.getAliasForX509Cert(CryptoBase.java:335)
        at org.apache.ws.security.components.crypto.CryptoBase.getAliasForX509Cert(CryptoBase.java:300)
        at org.apache.ws.security.message.token.SecurityTokenReference.getX509IssuerSerialAlias(SecurityTokenReference.java:562)
        at org.apache.ws.security.message.token.SecurityTokenReference.getX509IssuerSerial(SecurityTokenReference.java:541)
        at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:377)
        at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:116)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:219)
        at org.kuali.rice.ksb.security.soap.CXFWSS4JInInterceptor.handleMessage(CXFWSS4JInInterceptor.java:93)
        at org.kuali.rice.ksb.security.soap.CXFWSS4JInInterceptor.handleMessage(CXFWSS4JInInterceptor.java:41)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113)
        at org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:102)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:464)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188)
        at org.kuali.rice.ksb.messaging.servlet.CXFServletControllerAdapter.handleRequest(CXFServletControllerAdapter.java:47)
        at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:900)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:827)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:789)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
        at org.kuali.rice.ksb.messaging.servlet.KSBDispatcherServlet.service(KSBDispatcherServlet.java:138)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:219)
        at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:333)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Caused by: java.io.IOException: empty AVA in RDN ""
        at sun.security.x509.RDN.<init>(RDN.java:132)
        at sun.security.x509.X500Name.parseDN(X500Name.java:918)
        at sun.security.x509.X500Name.<init>(X500Name.java:148)
        at javax.security.auth.x500.X500Principal.<init>(X500Principal.java:148)
        ... 45 more

I checked the keystore and the issuer name is "CN=Foo Bar,OU=Baz,O=Org,L=City,ST=IN,C=US"
so it appears that it is truncating the country off of the end but not removing the last comma
which causes the name to be invalid.  Has anyone seen anything like this before?  If there's
any other information I can provide please let me know.

Thanks,
James

Mime
View raw message