Spring-WS security. Generating the certificates.

**13th** · Oct 29th, 2007, 08:59 AM

How to generate x509 certificate for keystore?
I was tried keytool from sun:

Code:

keytool -selfcert -alias user -keypass password -dname "cn=asd, ou=Development, o=asdasdsa, c=AU"

and this bean definition:

Code:

 <bean id="secureClientHelper" class="XwssClientHelper">
 <constructor-arg value="securityPolicy.xml"/>
<constructor-arg>
<bean class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
<property name="trustStore">
<bean class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="test-keystore.jks"/>
<property name="password" value="password"/>
</bean>
</property>
<property name="defaultAlias" value="user"/>
<property name="privateKeyPassword" value="password"/>
</bean>
</constructor-arg>
</bean>

But compiler said that

Code:

29.10.2007 16:35:08 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getAliasPrivKeyCertRequest
SEVERE: WSS0216: Callback Handler failed for SignatureKeyCallback.AliasPrivKeyCertRequest
29.10.2007 16:35:08 com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl getAliasPrivKeyCertRequest
SEVERE: WSS0217: Exception in Callback Handler handle()
java.lang.NullPointerException
	at org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler.getPrivateKey(KeyStoreCallbackHandler.java:440)
	at org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler.handleAliasPrivKeyCertRequest(KeyStoreCallbackHandler.java:237)
	at org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler.handlePrivKeyCertRequest(CryptographyCallbackHandler.java:364)

**Arjen Poutsma** · Oct 29th, 2007, 05:22 PM

I think the problem is that you've only configured the trust store, not the key store property of the KeyStoreCallbackHandler.

**13th** · Oct 30th, 2007, 09:18 AM

Oh, yeah, all right!
I think that truststore is server certificate storage and ketystore is client's. That is wrong, of course.

**13th** · Oct 30th, 2007, 11:01 AM

After your advice i am generate encrypted soap response successfully, but i could not decrypt my message:

Code:

org.springframework.ws.soap.client.SoapFaultClientException: com.sun.xml.wss.impl.WssSoapFaultException: 
Could not retrieve private Key matching the given certificate;
nested exception is com.sun.xml.wss.XWSSecurityException: 
com.sun.xml.wss.impl.WssSoapFaultException: 
Could not retrieve private Key matching the given 
certificateworking: 4921
	at org.springframework.ws.soap.client.core.SoapFaultMessageResolver.resolveFault(SoapFaultMessageResolver.java:37)
	at org.springframework.ws.client.core.WebServiceTemplate.handleFault(WebServiceTemplate.java:521)
	at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:404)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:256)
	at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:244)

Server's security policy is

Code:

<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
        <xwss:RequireEncryption>
                <xwss:X509Token certificateAlias="certificate-authority"/>
        </xwss:RequireEncryption>
</xwss:SecurityConfiguration>

Client's:

Code:

<xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    <xwss:Encrypt>
    	<xwss:X509Token certificateAlias="certificate-authority"/>
	</xwss:Encrypt>
</xwss:SecurityConfiguration>

What i'm loose?

Thread: Spring-WS security. Generating the certificates.

Thread Tools

Display

Spring-WS security. Generating the certificates.

Posting Permissions