Hi Siamak, I will try to get you a step by step project over the week end :-)
But please note that the exception that you mentioned: "WSHandler: Signature: error during message procesingorg.apache.ws.security.WSSecurityException: General security error (Unexpected number of X509Data: for Signature) ..." occurs when you have NOT specified the correct alias of the private key in the keystore to use as the value of the <user> element in the outflowConfiguration, also the callback handler class must supply the correct password of the private key when asked for password of that particular alias. Thanks, Ruchith On 4/6/06, Siamak Haschemi <[EMAIL PROTECTED]> wrote: > Hello Ruchith, > > I think that was a misunderstanding. I already made this changes. > I think that the problem lies in de keystore. Did you look at the script? > Is the generation of the Keystore correct? > Or am I missing some extra paramaters? > > I would be very thankful If you could send me a litte projekt including > the generation of self-signing Certificates. > > > Thank you very much, > > Siamak Haschemi > > > Ruchith Fernando schrieb: > > Hi, > > > > Please note that you will have to provide the configuration > > information according to set the new keystores. Simply replacing the > > keystores in the security sample will not help. > > > > - You will have to set the <user> value in the outflowConfiguration > > parameter to the alias of the private key in the appropriate keystore. > > - You will have to provide a .properties file with the correct > > keystore information > > - You will have to make sure the PasswordCallbackhandler class (impl > > of java.auth.Callbackhandler) returns the proper passwords for the > > required identifiers. > > - You will have to make sure you have all the above available in the > > classpath of both service and client appropriately (The secUtil.jar in > > the security sample packages all of these). > > > > HTH > > > > Thanks, > > Ruchith > > > > > > On 4/6/06, Siamak Haschemi <[EMAIL PROTECTED]> wrote: > > > >> Hello Ruchith. > >> > >> I follow you instructions. I create a script for generating the > >> keystore. But now I got into trubble with a error: > >> > >> "WSHandler: Signature: error during message > >> procesingorg.apache.ws.security.WSSecurityException: General security > >> error (Unexpected number of X509Data: for Signature) ..." > >> > >> If I use the original "sec.jks" from the security sample (and changing > >> the axis2.xml user and encryptionUser param) it works. So I think > >> there's still something wrong with my Keystore. > >> > >> > >> Here is the script I use to generate the keystore. > >> ----------------------------- > >> > >> @echo off > >> set CLIENT_KEYPASS=keyPassClient > >> set CLIENT_STOREPASS=storePassClient > >> set SERVER_KEYPASS=keyPassServer > >> set SERVER_STOREPASS=storePassServer > >> > >> keytool -genkey -keyalg RSA -alias client -keystore client.jks -dname > >> "cn=Client" -keypass %CLIENT_KEYPASS% -storepass %CLIENT_STOREPASS% > >> keytool -genkey -keyalg RSA -alias server -keystore server.jks -dname > >> "cn=Server" -keypass %SERVER_KEYPASS% -storepass %SERVER_STOREPASS% > >> > >> keytool -selfcert -alias client -keystore client.jks -keypass > >> %CLIENT_KEYPASS% -storepass %CLIENT_STOREPASS% > >> keytool -selfcert -alias server -keystore server.jks -keypass > >> %SERVER_KEYPASS% -storepass %SERVER_STOREPASS% > >> > >> keytool -export -keystore client.jks -alias client -storepass > >> %CLIENT_STOREPASS% -file client.cert > >> keytool -export -keystore server.jks -alias server -storepass > >> %SERVER_STOREPASS% -file server.cert > >> > >> keytool -import -noprompt -alias server -file server.cert -keystore > >> client.jks -storepass %CLIENT_STOREPASS% > >> keytool -import -noprompt -alias client -file client.cert -keystore > >> server.jks -storepass %SERVER_STOREPASS% > >> > >> del client.cert > >> del server.cert > >> > >> > >> keytool -list -keystore client.jks -storepass %CLIENT_STOREPASS% > >> keytool -list -keystore server.jks -storepass %SERVER_STOREPASS% > >> > >> pause > >> > >> ----------------------------- > >> > >> The resulting keystores look now like this: > >> > >> ----------------------------- > >> > >> Keystore-Typ: jks > >> Keystore-Provider: SUN > >> > >> Ihr Keystore enthõlt 2 Eintrõge. > >> > >> client, 06.04.2006, keyEntry, > >> Zertifikatsfingerabdruck (MD5): > >> EA:30:9C:AF:FF:05:CE:91:10:6E:E8:C4:5F:B8:B5:7C > >> server, 06.04.2006, trustedCertEntry, > >> Zertifikatsfingerabdruck (MD5): > >> 77:D3:A0:AB:BF:70:05:6D:38:AD:E5:23:BB:8C:1E:04 > >> > >> ----------------------------- > >> > >> Keystore-Typ: jks > >> Keystore-Provider: SUN > >> > >> Ihr Keystore enthõlt 2 Eintrõge. > >> > >> client, 06.04.2006, trustedCertEntry, > >> Zertifikatsfingerabdruck (MD5): > >> EA:30:9C:AF:FF:05:CE:91:10:6E:E8:C4:5F:B8:B5:7C > >> server, 06.04.2006, keyEntry, > >> Zertifikatsfingerabdruck (MD5): > >> 77:D3:A0:AB:BF:70:05:6D:38:AD:E5:23:BB:8C:1E:04 > >> > >> ----------------------------- > >> > >> Thank you very much for your help! > >> > >> Siamak > >> > >> > >> Ruchith Fernando schrieb: > >> > >>> Hi Siamak, > >>> > >>> Please see my inline comments: > >>> > >>> On 4/6/06, Siamak Haschemi <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>>> Hello everybody. > >>>> > >>>> I successfully can use the security example. Within this example there > >>>> is the keystore which ist used. I start with the example and try to > >>>> generate my own keystore but I have no luck. Can somebody give me the > >>>> lines to write down the console to get a keystore simmilar to the > >>>> "sec.jks" in the "secUtil.jar" of the security example. > >>>> > >>>> > >>> You can use openssl and the java keytool to do this. Please see the > >>> following shell scripts: > >>> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genCAKey.sh > >>> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genKeystore.sh > >>> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/genCertRequest.sh > >>> https://svn.apache.org/repos/asf/webservices/wss4j/trunk/keys/signConvertImportCert.sh > >>> > >>> > >>> > >>>> By the way I got a question on the security example: > >>>> > >>>> The keystore listing shows that there are two private/public keys in the > >>>> keystore and two signed and accepted certificates. Am I right? > >>>> > >>>> > >>> Yes > >>> > >>> > >>> > >>>> Keystore-Typ: jks > >>>> Keystore-Provider: SUN > >>>> > >>>> Ihr Keystore enthõlt 4 Eintrõge. > >>>> > >>>> alice, 04.06.2005, keyEntry, > >>>> Zertifikatsfingerabdruck (MD5): > >>>> 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84 > >>>> root, 04.06.2005, trustedCertEntry, > >>>> Zertifikatsfingerabdruck (MD5): > >>>> 0C:0D:00:27:BF:4B:32:63:40:A8:B2:03:96:4B:58:14 > >>>> ca, 04.06.2005, trustedCertEntry, > >>>> Zertifikatsfingerabdruck (MD5): > >>>> CA:0A:6D:E3:A4:9F:E8:55:98:0A:F8:10:66:35:40:C6 > >>>> bob, 04.06.2005, keyEntry, > >>>> Zertifikatsfingerabdruck (MD5): > >>>> 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC > >>>> > >>>> > >>>> The security example uses this keystore for both the client and the > >>>> server. My question now is how to produce two different keystores for > >>>> alice and bob each containing the private/public key and the certificate > >>>> (including the public key) of the other. something like this: > >>>> > >>>> > >>> These are the steps to create the keystores you want: > >>> > >>> 1.) generate two separate keystores with self signed keys > >>> $ keytool -genkey ... > >>> > >>> 2.) Export the certs of both private keys in the two keystores > >>> $ keytool -export > >>> > >>> 3.) Import the cert of one private key to the other keystore > >>> $ keytool -import > >>> > >>> > >>> > >>>> Keystore for Alice: > >>>> - Private/Public Key of Alice > >>>> - Certificate of Bob > >>>> > >>>> Keystore for Bob: > >>>> - Private/Public Key of Bob > >>>> - Certificate of Alice > >>>> > >>>> > >>>> Does Axis2 works this such a scenario? > >>>> > >>>> > >>> Yes !! > >>> > >>> Thanks, > >>> Ruchith > >>> > >>> > >>> > >> > > > > > >
