Hi, Please note that you will have to provide the configuration information according to set the new keystores. Simply replacing the keystores in the security sample will not help.
- You will have to set the <user> value in the outflowConfiguration parameter to the alias of the private key in the appropriate keystore. - You will have to provide a .properties file with the correct keystore information - You will have to make sure the PasswordCallbackhandler class (impl of java.auth.Callbackhandler) returns the proper passwords for the required identifiers. - You will have to make sure you have all the above available in the classpath of both service and client appropriately (The secUtil.jar in the security sample packages all of these). HTH Thanks, Ruchith On 4/6/06, Siamak Haschemi <[EMAIL PROTECTED]> wrote: > Hello Ruchith. > > I follow you instructions. I create a script for generating the > keystore. But now I got into trubble with a error: > > "WSHandler: Signature: error during message > procesingorg.apache.ws.security.WSSecurityException: General security > error (Unexpected number of X509Data: for Signature) ..." > > If I use the original "sec.jks" from the security sample (and changing > the axis2.xml user and encryptionUser param) it works. So I think > there's still something wrong with my Keystore. > > > Here is the script I use to generate the keystore. > ----------------------------- > > @echo off > set CLIENT_KEYPASS=keyPassClient > set CLIENT_STOREPASS=storePassClient > set SERVER_KEYPASS=keyPassServer > set SERVER_STOREPASS=storePassServer > > keytool -genkey -keyalg RSA -alias client -keystore client.jks -dname > "cn=Client" -keypass %CLIENT_KEYPASS% -storepass %CLIENT_STOREPASS% > keytool -genkey -keyalg RSA -alias server -keystore server.jks -dname > "cn=Server" -keypass %SERVER_KEYPASS% -storepass %SERVER_STOREPASS% > > keytool -selfcert -alias client -keystore client.jks -keypass > %CLIENT_KEYPASS% -storepass %CLIENT_STOREPASS% > keytool -selfcert -alias server -keystore server.jks -keypass > %SERVER_KEYPASS% -storepass %SERVER_STOREPASS% > > keytool -export -keystore client.jks -alias client -storepass > %CLIENT_STOREPASS% -file client.cert > keytool -export -keystore server.jks -alias server -storepass > %SERVER_STOREPASS% -file server.cert > > keytool -import -noprompt -alias server -file server.cert -keystore > client.jks -storepass %CLIENT_STOREPASS% > keytool -import -noprompt -alias client -file client.cert -keystore > server.jks -storepass %SERVER_STOREPASS% > > del client.cert > del server.cert > > > keytool -list -keystore client.jks -storepass %CLIENT_STOREPASS% > keytool -list -keystore server.jks -storepass %SERVER_STOREPASS% > > pause > > ----------------------------- > > The resulting keystores look now like this: > > ----------------------------- > > Keystore-Typ: jks > Keystore-Provider: SUN > > Ihr Keystore enthõlt 2 Eintrõge. > > client, 06.04.2006, keyEntry, > Zertifikatsfingerabdruck (MD5): > EA:30:9C:AF:FF:05:CE:91:10:6E:E8:C4:5F:B8:B5:7C > server, 06.04.2006, trustedCertEntry, > Zertifikatsfingerabdruck (MD5): > 77:D3:A0:AB:BF:70:05:6D:38:AD:E5:23:BB:8C:1E:04 > > ----------------------------- > > Keystore-Typ: jks > Keystore-Provider: SUN > > Ihr Keystore enthõlt 2 Eintrõge. > > client, 06.04.2006, trustedCertEntry, > Zertifikatsfingerabdruck (MD5): > EA:30:9C:AF:FF:05:CE:91:10:6E:E8:C4:5F:B8:B5:7C > server, 06.04.2006, keyEntry, > Zertifikatsfingerabdruck (MD5): > 77:D3:A0:AB:BF:70:05:6D:38:AD:E5:23:BB:8C:1E:04 > > ----------------------------- > > Thank you very much for your help! > > Siamak > > > Ruchith Fernando schrieb: > > Hi Siamak, > > > > Please see my inline comments: > > > > On 4/6/06, Siamak Haschemi <[EMAIL PROTECTED]> wrote: > > > >> Hello everybody. > >> > >> I successfully can use the security example. Within this example there > >> is the keystore which ist used. I start with the example and try to > >> generate my own keystore but I have no luck. Can somebody give me the > >> lines to write down the console to get a keystore simmilar to the > >> "sec.jks" in the "secUtil.jar" of the security example. > >> > > > > You can use openssl and the java keytool to do this. Please see the > > following shell scripts: > > https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genCAKey.sh > > https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genKeystore.sh > > https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genCertRequest.sh > > https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/signConvertImportCert.sh > > > > > >> By the way I got a question on the security example: > >> > >> The keystore listing shows that there are two private/public keys in the > >> keystore and two signed and accepted certificates. Am I right? > >> > > > > Yes > > > > > >> Keystore-Typ: jks > >> Keystore-Provider: SUN > >> > >> Ihr Keystore enthõlt 4 Eintrõge. > >> > >> alice, 04.06.2005, keyEntry, > >> Zertifikatsfingerabdruck (MD5): > >> 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84 > >> root, 04.06.2005, trustedCertEntry, > >> Zertifikatsfingerabdruck (MD5): > >> 0C:0D:00:27:BF:4B:32:63:40:A8:B2:03:96:4B:58:14 > >> ca, 04.06.2005, trustedCertEntry, > >> Zertifikatsfingerabdruck (MD5): > >> CA:0A:6D:E3:A4:9F:E8:55:98:0A:F8:10:66:35:40:C6 > >> bob, 04.06.2005, keyEntry, > >> Zertifikatsfingerabdruck (MD5): > >> 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC > >> > >> > >> The security example uses this keystore for both the client and the > >> server. My question now is how to produce two different keystores for > >> alice and bob each containing the private/public key and the certificate > >> (including the public key) of the other. something like this: > >> > > > > These are the steps to create the keystores you want: > > > > 1.) generate two separate keystores with self signed keys > > $ keytool -genkey ... > > > > 2.) Export the certs of both private keys in the two keystores > > $ keytool -export > > > > 3.) Import the cert of one private key to the other keystore > > $ keytool -import > > > > > >> Keystore for Alice: > >> - Private/Public Key of Alice > >> - Certificate of Bob > >> > >> Keystore for Bob: > >> - Private/Public Key of Bob > >> - Certificate of Alice > >> > >> > >> Does Axis2 works this such a scenario? > >> > > > > Yes !! > > > > Thanks, > > Ruchith > > > > > >
