Announcement Announcement Module
Collapse
No announcement yet.
Spring-WS security. Generating the certificates. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring-WS security. Generating the certificates.

    How to generate x509 certificate for keystore?
    I was tried keytool from sun:
    Code:
    keytool -selfcert -alias user -keypass password -dname "cn=asd, ou=Development, o=asdasdsa, c=AU"
    and this bean definition:
    Code:
     <bean id="secureClientHelper" class="XwssClientHelper">
     <constructor-arg value="securityPolicy.xml"/>
    <constructor-arg>
    <bean class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    <property name="trustStore">
    <bean class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    <property name="location" value="test-keystore.jks"/>
    <property name="password" value="password"/>
    </bean>
    </property>
    <property name="defaultAlias" value="user"/>
    <property name="privateKeyPassword" value="password"/>
    </bean>
    </constructor-arg>
    </bean>
    But compiler said that
    Code:
    29.10.2007 16:35:08 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getAliasPrivKeyCertRequest
    SEVERE: WSS0216: Callback Handler failed for SignatureKeyCallback.AliasPrivKeyCertRequest
    29.10.2007 16:35:08 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getAliasPrivKeyCertRequest
    SEVERE: WSS0217: Exception in Callback Handler handle()
    java.lang.NullPointerException
    	at org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler.getPrivateKey(KeyStoreCallbackHandler.java:440)
    	at org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler.handleAliasPrivKeyCertRequest(KeyStoreCallbackHandler.java:237)
    	at org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler.handlePrivKeyCertRequest(CryptographyCallbackHandler.java:364)

  • #2
    I think the problem is that you've only configured the trust store, not the key store property of the KeyStoreCallbackHandler.

    Comment


    • #3
      Oh, yeah, all right!
      I think that truststore is server certificate storage and ketystore is client's. That is wrong, of course.

      Comment


      • #4
        After your advice i am generate encrypted soap response successfully, but i could not decrypt my message:

        Code:
        org.springframework.ws.soap.client.SoapFaultClientException: com.sun.xml.wss.impl.WssSoapFaultException: 
        Could not retrieve private Key matching the given certificate;
        nested exception is com.sun.xml.wss.XWSSecurityException: 
        com.sun.xml.wss.impl.WssSoapFaultException: 
        Could not retrieve private Key matching the given 
        certificateworking: 4921
        	at org.springframework.ws.soap.client.core.SoapFaultMessageResolver.resolveFault(SoapFaultMessageResolver.java:37)
        	at org.springframework.ws.client.core.WebServiceTemplate.handleFault(WebServiceTemplate.java:521)
        	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:404)
        	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:256)
        	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:244)
        Server's security policy is
        Code:
        <xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
                <xwss:RequireEncryption>
                        <xwss:X509Token certificateAlias="certificate-authority"/>
                </xwss:RequireEncryption>
        </xwss:SecurityConfiguration>
        Client's:
        Code:
        <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
            <xwss:Encrypt>
            	<xwss:X509Token certificateAlias="certificate-authority"/>
        	</xwss:Encrypt>
        </xwss:SecurityConfiguration>
        What i'm loose?

        Comment

        Working...
        X