Hi,
Can you please try using the SHA1 digest of the certificate fingerprint.
This is available in the output of the "keytool -list -v" as I
mentioned in my previous mail.
For example, you should see something like this as the output:
Alias name: alice
Creation date: Jun 5, 2005
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Alice, OU=OASIS Interop Test Cert, O=OASIS
Issuer: CN=OASIS Interop Test CA, O=OASIS
Serial number: 33a6047fb155631fed6721178150a899
Valid from: Sat Mar 19 05:30:00 IST 2005 until: Tue Mar 20 05:29:59 IST 2018
Certificate fingerprints:
MD5: 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84
SHA1: 6E:0E:88:F3:6E:BB:87:44:D4:70:F6:2F:60:4D:03:EA:4E:BE:50:94
Now, notice the "Certificate fingerprints:" section of this output and
note that there's a "SHA1" value provided in that.
6E:0E:88:F3:6E:BB:87:44:D4:70:F6:2F:60:4D:03:EA:4E:BE:50:94
Get rid of the colons and convert this string to lower case as show below:
6e0e88f36ebb8744d470f62f604d03ea4eb45094
Now use this value as the value of the "user" parameter (replace value
"1" in your earlier configuration)
Thanks,
Ruchith
On 6/26/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi Ruchith,
thanks for your help
I open with keytool my pkcs12 ant it return:
Keystore type: pkcs12
Keystore provider: SunJSSE
Your keystore contains 1 entry
Alias name: 1
Creation date: Jun 26, 2006
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: SERIALNUMBER=11, CN=Francesco, OU=Internet, O=Sun, C=It
so my alias is "1",
I put in myengineconfiguration
w.setOption(WSHandlerConstants.USER, "1");
w.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,"PWCallback");
the class PwCallback I've set:
if ("1".equals(pc.getIdentifer())) {
pc.setPassword("1234567890");
}
}
but when I run main, I see the same error of first:
org.apache.ws.security.WSSecurityException: WSHandler:
Signature: error during message
procesingorg.apache.ws.security.WSSecurityException:
General security error (Unexpected number of X509Data: for Signature)
How It's possible? I think taht now It's all ok!
Thanks
-----Messaggio originale-----
Da: Ruchith Fernando [mailto:[EMAIL PROTECTED]
Inviato: lun 26/06/2006 10.57
A: [EMAIL PROTECTED]
Cc: wss4j-dev@ws.apache.org
Oggetto: Re: [WSS5J 1.5] Unexpected number of X509Data: for Signature
Hi Hermann,
The problem is that you have not set the *alias* of the private key as
the value of the "user" parameter. [1]
The value you have given now is "hermann".
> w.setOption(WSHandlerConstants.USER, "hermann");
You can find the alias of the private key using the keytool
$ keytool -list -v -keystore path/to/x509pri.p12 -storepass 1234567890
-storetype pkcs12
Take a look at the entries of type "KeyEntry" as shown below and use
the "Alias name" value of that particular key that you want to use.
Alias name: alice
Creation date: Jun 5, 2005
Entry type: keyEntry
If that fails I suggest you can give it another try by using the SHA1
certificate fingerprint (lowercase letters without colons) of the
public key cert of the particular key that you want to use. This is
also available in the output of "keytool -list -v"
HTH
Thanks,
Ruchith
[1] http://www.wso2.net/kb/116
On 6/26/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi All,
>
> I've create a client that send a certificate with the message, I've a
> problem with certificate.
>
> I've a keystore pcks12 given me by a CA now I've configured the client
in
> order to sign message , I ve created a class that set the option of
client
>
> package PerformWSSecurity;
>
> import java.util.Hashtable;
>
> import org.apache.axis.AxisEngine;
> import org.apache.axis.ConfigurationException;
> import org.apache.axis.SimpleTargetedChain;
> import org.apache.axis.configuration.SimpleProvider;
> import org.apache.ws.axis.security.WSDoAllSender;
> import
org.apache.ws.security.handler.WSHandlerConstants;
>
>
> public class MyEngineConfiguration extends SimpleProvider {
>
> public MyEngineConfiguration() {
> super();
>
> this.deployTransport("http", new SimpleTargetedChain(new
> org.apache.axis.transport.http.HTTPSender()));
> //parameters
> Hashtable<String, Object> opts = new Hashtable<String,
Object>();
> opts.put(AxisEngine.PROP_DISABLE_PRETTY_XML,
> Boolean.TRUE);
> this.setGlobalOptions(opts);
> //requestFlow
> org.apache.ws.axis.security.WSDoAllSender w =
new
> WSDoAllSender();
> w.setOption(WSHandlerConstants.SIG_PROP_FILE,
> "cryptoSender.properties");
> w.setOption(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
> w.setOption(WSHandlerConstants.USER, "hermann");
>
>
w.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,"PWCallback");
> w.setOption(WSHandlerConstants.ACTION,
> WSHandlerConstants.SIGNATURE);
> this.setGlobalResponse(w);
>
> }
>
> @Override
> public void configureEngine(AxisEngine engine) throws
> ConfigurationException {
> engine.refreshGlobalOptions();
> }
> }
>
> ant this is cryptoSender.properties
>
>
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.file=x509pri.p12
>
org.apache.ws.security.crypto.merlin.keystore.type=PKCS12
>
org.apache.ws.security.crypto.merlin.keystore.password=1234567890
>
> now the problem is that when I run my main class I return this exception
>
> org.apache.ws.security.WSSecurityException: WSHandler:
> Signature: error during message
> procesingorg.apache.ws.security.WSSecurityException:
> General security error (Unexpected number of X509Data: for Signature)
>
> I don't understand which kind of error is this I think that It doesn't
read
> the certificate in the keystore,
>
> How can I set the properties in order to read certificate?
>
> Thanks a lot
>
> Hermann
>
--
www.ruchith.org
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
