a sample x509 token project for a self signed cert?

Mon, 21 Dec 2009 18:32:40 -0800 

Hi!

I am trying to figure out how to configure UserNameToken and X509 together to 
access the DocuSign web service. I can't find a WSS4J reference project.

My client application is using Axis2 and Java 1.6.  If there is a reference 
project I can use - please point me into that direction.  I am sure I am not 
alone in this quest so if anyone has already figured out the config - I'd love 
to stand on the shoulders of the giants.

#1 - generating a self signed cert.
mike$ keytool -selfcert -alias borozdin -keystore esign.jks -storepass blahblah

#2 - copied the jks into the src folder for simplicity.

#3 - axis2.xml - configuration file for axis.
        <parameter name="OutflowSecurity">
                <action>
                        <items>Signature UsernameToken Timestamp</items>
                        <user>###########</user>
                        
<passwordCallbackClass>net.docusign.wsclient.Authenticator</passwordCallbackClass>
                        <passwordType>PasswordText</passwordType>               
        
                        
                        <signatureUser>borozdin</signatureUser>
                        
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
                        <signaturePropFile>cert.properties</signaturePropFile>
                        <signatureCrypto>
                                <crypto 
provider="org.apache.ws.security.components.crypto.Merlin">
                                        <property 
name="org.apache.ws.security.crypto.merlin.keystore.type">jks</property>
                                        <property 
name="org.apache.ws.security.crypto.merlin.file">esign.jks</property>
                                        <property 
name="org.apache.ws.security.crypto.merlin.keystore.alias">borozdin</property>
                                        <property 
name="org.apache.ws.security.crypto.merlin.keystore.password">blahblah</property>
                                        <property 
name="org.apache.ws.security.crypto.merlin.keystore.alias.password">blahblah</property>
                                </crypto>
                        </signatureCrypto>

                </action>
                
        </parameter>

#4 - cert.properties file in the src folder (for simplicity again)
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=esign.jks
org.apache.ws.security.crypto.merlin.keystore.password=blahblah
org.apache.ws.security.crypto.merlin.keystore.alias=borozdin

RESULT: when I deploy the servlet on my Tomcat in Eclipse..
Caused by: java.io.IOException: Keystore was tampered with, or password was 
incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
        at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        at 
org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:168)
        ... 41 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
        ... 44 more


Couple of dumb mistakes I already double checked:
- everything works when I don't require x509 Signature
- this is not the server rejecting the self signed cert - this is the client 
that doesn't want to load the thing.

Any leads would be greatly appreciated.

Reply via email to