Hi Ed,
What is the alias of your private key. This should be available in the keystore.
you have to set the private key alias along with its password in the
WSSecSignature instance. as shown below:
wsSecSignature.setUserInfo("privateKeyAlias", "privateKeyPasswd");
BTW if you want to encrypt/sign POX then you can directly use the
XML-Sec library. Also you can find a detailed tutorial on setting up
keystores for a typical service and a client here [1]
Thanks,
Ruchith
[1] http://www.wso2.net/tutorials/wss4j/2006/06/15/setting-up-keystores
On 8/9/06, Ed Sweet <[EMAIL PROTECTED]> wrote:
Hi,
Sorry if this is the wrong place to post a newbie question regarding the
setup of WSS4J - please direct me to a users list rather than dev list if
one exists.
I'd like to use WSS4J to sign and encrypt POX messages, I'm not using Axis
or SOAP. So I'm just getting into WSS4J and am trying to setup a keystore as
required by crypto.properties. I've used the procedure at the end of the
email to create a jks keystore, as this is the procedure I use to create a
working keystore for Tomcat (I guess it's the same procedure...)
Then, I've written a simple app to sign a static xml string, that goes
something like this:
// setup
Crypto crypto = CryptoFactory.getInstance();
Document doc = ...
// sign document
WSSecSignature wsSecSignature = new WSSecSignature();
Document signed = wsSecSignature.build(doc, crypto, new WSSecHeader());
When I run this, I get the following exception:
Exception in thread "main" java.lang.NullPointerException
at
sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:40)
at
sun.security.provider.JavaKeyStore.engineGetCertificateChain(JavaKeyStore.java:135)
at
java.security.KeyStore.getCertificateChain(KeyStore.java:756)
at
org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates
(AbstractCrypto.java:407)
at
org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:272)
at
org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:643)
at test.Test.main (Test.java:xxx)
The NullPointerException when trying to 'convertAlias' seems to imply
there's something wrong with the keystore. The alias in the keystore and the
crypto.properties file match, so I'm stumped.
I'm very grateful of any help/advice you can offer. If this is a
stupid/basic question then I appologise in advance.
Thanks,
Ed.
====================
Keystore procedure:
1) From a .pem format key, cert and CA cert, create the keystore:
openssl pkcs12 -export -in cert.pem -inkey key.pem \\
-out store.p12 -name myAlias -CAfile cacrt.pem -caname root -chain
2) Convert the .p12 keystore to .jks format using:
org.mortbay.util.PKCS12Import store.p12 store.jks
3) Add the CA cert as a trusted CA cert.
keytool -import -trustcacerts -alias "CA Cert" -file cacrt.pem -keystore
store.jks
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
