Hello Ruchith,
I think that was a misunderstanding. I already made this changes.
I think that the problem lies in de keystore. Did you look at the script?
Is the generation of the Keystore correct?
Or am I missing some extra paramaters?
I would be very thankful If you could send me a litte projekt including
the generation of self-signing Certificates.
Thank you very much,
Siamak Haschemi
Ruchith Fernando schrieb:
Hi,
Please note that you will have to provide the configuration
information according to set the new keystores. Simply replacing the
keystores in the security sample will not help.
- You will have to set the <user> value in the outflowConfiguration
parameter to the alias of the private key in the appropriate keystore.
- You will have to provide a .properties file with the correct
keystore information
- You will have to make sure the PasswordCallbackhandler class (impl
of java.auth.Callbackhandler) returns the proper passwords for the
required identifiers.
- You will have to make sure you have all the above available in the
classpath of both service and client appropriately (The secUtil.jar in
the security sample packages all of these).
HTH
Thanks,
Ruchith
On 4/6/06, Siamak Haschemi <[EMAIL PROTECTED]> wrote:
Hello Ruchith.
I follow you instructions. I create a script for generating the
keystore. But now I got into trubble with a error:
"WSHandler: Signature: error during message
procesingorg.apache.ws.security.WSSecurityException: General security
error (Unexpected number of X509Data: for Signature) ..."
If I use the original "sec.jks" from the security sample (and changing
the axis2.xml user and encryptionUser param) it works. So I think
there's still something wrong with my Keystore.
Here is the script I use to generate the keystore.
-----------------------------
@echo off
set CLIENT_KEYPASS=keyPassClient
set CLIENT_STOREPASS=storePassClient
set SERVER_KEYPASS=keyPassServer
set SERVER_STOREPASS=storePassServer
keytool -genkey -keyalg RSA -alias client -keystore client.jks -dname
"cn=Client" -keypass %CLIENT_KEYPASS% -storepass %CLIENT_STOREPASS%
keytool -genkey -keyalg RSA -alias server -keystore server.jks -dname
"cn=Server" -keypass %SERVER_KEYPASS% -storepass %SERVER_STOREPASS%
keytool -selfcert -alias client -keystore client.jks -keypass
%CLIENT_KEYPASS% -storepass %CLIENT_STOREPASS%
keytool -selfcert -alias server -keystore server.jks -keypass
%SERVER_KEYPASS% -storepass %SERVER_STOREPASS%
keytool -export -keystore client.jks -alias client -storepass
%CLIENT_STOREPASS% -file client.cert
keytool -export -keystore server.jks -alias server -storepass
%SERVER_STOREPASS% -file server.cert
keytool -import -noprompt -alias server -file server.cert -keystore
client.jks -storepass %CLIENT_STOREPASS%
keytool -import -noprompt -alias client -file client.cert -keystore
server.jks -storepass %SERVER_STOREPASS%
del client.cert
del server.cert
keytool -list -keystore client.jks -storepass %CLIENT_STOREPASS%
keytool -list -keystore server.jks -storepass %SERVER_STOREPASS%
pause
-----------------------------
The resulting keystores look now like this:
-----------------------------
Keystore-Typ: jks
Keystore-Provider: SUN
Ihr Keystore enthõlt 2 Eintrõge.
client, 06.04.2006, keyEntry,
Zertifikatsfingerabdruck (MD5):
EA:30:9C:AF:FF:05:CE:91:10:6E:E8:C4:5F:B8:B5:7C
server, 06.04.2006, trustedCertEntry,
Zertifikatsfingerabdruck (MD5):
77:D3:A0:AB:BF:70:05:6D:38:AD:E5:23:BB:8C:1E:04
-----------------------------
Keystore-Typ: jks
Keystore-Provider: SUN
Ihr Keystore enthõlt 2 Eintrõge.
client, 06.04.2006, trustedCertEntry,
Zertifikatsfingerabdruck (MD5):
EA:30:9C:AF:FF:05:CE:91:10:6E:E8:C4:5F:B8:B5:7C
server, 06.04.2006, keyEntry,
Zertifikatsfingerabdruck (MD5):
77:D3:A0:AB:BF:70:05:6D:38:AD:E5:23:BB:8C:1E:04
-----------------------------
Thank you very much for your help!
Siamak
Ruchith Fernando schrieb:
Hi Siamak,
Please see my inline comments:
On 4/6/06, Siamak Haschemi <[EMAIL PROTECTED]> wrote:
Hello everybody.
I successfully can use the security example. Within this example there
is the keystore which ist used. I start with the example and try to
generate my own keystore but I have no luck. Can somebody give me the
lines to write down the console to get a keystore simmilar to the
"sec.jks" in the "secUtil.jar" of the security example.
You can use openssl and the java keytool to do this. Please see the
following shell scripts:
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genCAKey.sh
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genKeystore.sh
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genCertRequest.sh
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/signConvertImportCert.sh
By the way I got a question on the security example:
The keystore listing shows that there are two private/public keys in the
keystore and two signed and accepted certificates. Am I right?
Yes
Keystore-Typ: jks
Keystore-Provider: SUN
Ihr Keystore enthõlt 4 Eintrõge.
alice, 04.06.2005, keyEntry,
Zertifikatsfingerabdruck (MD5):
57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84
root, 04.06.2005, trustedCertEntry,
Zertifikatsfingerabdruck (MD5):
0C:0D:00:27:BF:4B:32:63:40:A8:B2:03:96:4B:58:14
ca, 04.06.2005, trustedCertEntry,
Zertifikatsfingerabdruck (MD5):
CA:0A:6D:E3:A4:9F:E8:55:98:0A:F8:10:66:35:40:C6
bob, 04.06.2005, keyEntry,
Zertifikatsfingerabdruck (MD5):
89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC
The security example uses this keystore for both the client and the
server. My question now is how to produce two different keystores for
alice and bob each containing the private/public key and the certificate
(including the public key) of the other. something like this:
These are the steps to create the keystores you want:
1.) generate two separate keystores with self signed keys
$ keytool -genkey ...
2.) Export the certs of both private keys in the two keystores
$ keytool -export
3.) Import the cert of one private key to the other keystore
$ keytool -import
Keystore for Alice:
- Private/Public Key of Alice
- Certificate of Bob
Keystore for Bob:
- Private/Public Key of Bob
- Certificate of Alice
Does Axis2 works this such a scenario?
Yes !!
Thanks,
Ruchith
