Rampart: how to use a JKS certificate without any password

Question

I have the following situation:

a JKS keystore file without password, containing a private key ALSO unprotected. I've tried to configure Rampart in order to use this keystore, but i keep getting the following error:

Caused by: org.apache.rampart.RampartException: No password supplied by the callback handler for the user : "username"

my password callback handler is as follows:

public class PWCBHandlerCertificate implements CallbackHandler {

public void handle( Callback[] callbacks ) throws IOException, UnsupportedCallbackException {

    for ( int i = 0; i < callbacks.length; i++ ) {
        WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];

        String id = pwcb.getIdentifer();
        int usage = pwcb.getUsage();            
        if ( usage == WSPasswordCallback.DECRYPT || usage == WSPasswordCallback.SIGNATURE ) {                              
            Element temp = pwcb.getCustomToken();
            // used to retrieve password for private key
            if ( "username".equals( id ) ) {
                pwcb.setPassword( "" );
            }

        }
    }
}

}

what am i missing?

Thanks in advance

Answer 1

It turned out that rampart 1.5.2 (i don't know about newer versions, i must keep this one...) forces the certificate to have a valid password (not null and not empty). I downloaded the source for rampart 1.5.2, and i found the following code inside the class BindingBuilder.java (package org.apache.rampart.builder):

WSPasswordCallback[] cb = { new WSPasswordCallback(user,
                WSPasswordCallback.SIGNATURE) };

        try {
            handler.handle(cb);
            if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {                
                password = cb[0].getPassword();
                log.debug("Password : " + password);
            } else {
                //If there's no password then throw an exception
                throw new RampartException("noPasswordForUser", 
                        new String[]{user});
            }
        }

The problem resides here:

if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword()))

The exception is thrown if the password is received null or empty from the callback. In order to avoid this problem i had to comment out a part of the code like this:

if(cb[0].getPassword() != null /*&& !"".equals(cb[0].getPassword())*/)

I recompiled the class and replaced the resulting .class inside rampart-core-1.5.2.jar

The exception disappeared, i can now successfully use the passwordless certificate.

I hope it helps.