Forum Discussion

IanWatson92's avatar
IanWatson92
Occasional Contributor
12 years ago

SecretKey not supported due to JCEKS keystores not supported

Hello,

I am trying to implement Outoing WS-Security to comply with the OWSM "oracle/wss11_username_token_with_message_protection_service_policy" which requires the Signature algorithm of "http://www.w3.org/2000/09/xmldsig#hmac-sha1"

The algorithm requires a SecretKey.

However it appears that the free version does not support a JCEKS keystore type and only supports a JKS keystore.

A JKS keystore doesn't support SecretKeys.

SOAPUI does however offer the option to use the signature algorithm.

To summarise:
JKS does not support SecretKeys
HMAC-SHA1 needs a SecretKey
SOAPUI supports HMAC-SHA1 but does not support a JCEKS keystore, so there is no way to get a secret key, hence will fail.

If you try and import a JCEKS keystore you will not be able to access the store due to SOAPUI thinking its a JKS keystore not a JCEKS.
  • SmartBear_Suppo's avatar
    SmartBear_Suppo
    SmartBear Alumni (Retired)
    Hi,

    I've created enhancement request SOAP-1153 for JCEKS keystore support.





    Regards,
    Marcus
    SmartBear Support
    • simonjdonnelly's avatar
      simonjdonnelly
      Contributor

      Was this feature ever added? I'm currently having issues configuring WSS11 with Ready API 1.4.1

    • PiotrG's avatar
      PiotrG
      Occasional Contributor

      What is current ETA?

      • makix13's avatar
        makix13
        Frequent Visitor

        Hi,

        I'm currently with same issue.

        My SOAPUI Version is the free one 5.3.0.

        Each time I try to configure a jceks with a secret key (for hmac signature):

        • Wed Apr 19 19:34:22 CEST 2017:ERROR:Could not load keystore/truststore
        • Wed Apr 19 19:34:22 CEST 2017:ERROR:java.lang.ClassCastException: javax.crypto.spec.SecretKeySpec cannot be cast to java.security.PrivateKey
        • java.lang.ClassCastException: javax.crypto.spec.SecretKeySpec cannot be cast to java.security.PrivateKey

        I saw that there was a feature request SOAP-1153 in 12-09-2013 (https://community.smartbear.com/t5/SoapUI-NG/JCEKS-keystores/td-p/37376)  but it seems it's not implemented, at least in the free one.

         

        Any idea about it.

         

        Best regards