ganesh jadhav [
https://community.jboss.org/people/seeaganesh] created the discussion
"Jboss 6.1.0 + Jboss native WS +Message Signing"
To view the discussion, visit:
https://community.jboss.org/message/727703#727703
--------------------------------------------------------------
Hi,
Configuration :
Jboss version : Jboss 6.1.0
Jboss WS native lib : jbossws-native-4.0.0.CR1
I have deployed a WS (EJB 3.0 exposed as WS).
EJB Code :
*@WebService (name="TestWSEJBRemote",serviceName =
"TestWSEJBService")*
*@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)*
*(a)Remote(TestWSEJBRemote.class)*
*@EndpointConfig(configName = "Standard WSSecurity Endpoint")*
*@SecurityDomain("JBossWS")*
*@Stateless (name = "TestWSEJBRemote")*
*public class TestWSEJB implements TestWSEJBRemote{*
*@WebMethod*
*public String ping (String name)*
*{*
*return "Hello : " + name;*
*}*
*}*
*Remote Interface :*
*@WebService*
*public interface TestWSEJBRemote {*
* public String ping (String name);*
*}*
----------------------------------------------------------
I created keystore, truststore and certificates like this.
*Create the server keystore*
*keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456
-keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE,
C=MY"*
*Create the server certificate*
*keytool -export -alias serverkeys -keystore server.keystore -storepass 123456 -file
server.cer*
*Create the client keystore*
*keytool -genkey -alias clientkeys -keyalg RSA -keystore client.keystore -storepass
123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, S=MYSTATE,
C=MY" *
*Create the client certificate*
*keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file
client.cer*
*Import server certificate into client truststore*
*keytool -import -v -keystore client.truststore -storepass 123456 -file server.cer*
*Import client certificate into server truststore*
*keytool -import -v -keystore server.truststore -storepass 123456 -file client.cer*
*----------------------------------------------------------------------------------------------------------------------------------------------*
Client Code :
*URL url = new URL(*
* "
http://XXX:8380/testmewsse/TestWSEJBService/TestWSEJBRemote?wsdl
http://XXX:8380/testmewsse/TestWSEJBService/TestWSEJBRemote?wsdl");*
* QName qn = new QName("
http://ejb.wsse.gj.com/
http://ejb.wsse.gj.com/", "TestWSEJBService");*
*
System.setProperty("org.jboss.ws.wsse.keyStore","./resources/client.keystore");*
*
System.setProperty("org.jboss.ws.wsse.keyStorePassword","123456");*
*
System.setProperty("org.jboss.ws.wsse.trustStore","./resources/client.truststore");*
*
System.setProperty("org.jboss.ws.wsse.trustStorePassword","123456");*
*
System.setProperty("org.jboss.ws.wsse.keyStoreType","jks");*
*
System.setProperty("org.jboss.ws.wsse.trustStoreType","jks");*
* Service s = Service.create(url, qn);*
* s.getPorts();*
* TestWSEJBRemote port = s.getPort(TestWSEJBRemote.class);*
* URL securityURL = new File(*
* "resources/jboss-wsse-client.xml").toURL();*
* ((StubExt) port).setSecurityConfig(securityURL.toExternalForm());*
* ((StubExt) port).setConfigName("Standard WSSecurity Client");*
* //((StubExt) port).("Standard WSSecurity Client");*
* ((BindingProvider) port).getRequestContext().put(*
* BindingProvider.USERNAME_PROPERTY, "kermit");*
* ;*
* ((BindingProvider) port).getRequestContext().put(*
* BindingProvider.PASSWORD_PROPERTY, "thefrog");*
* ;*
* System.out.println("Invoking the sayHello operation on the
port.");*
* String response = port.ping("ganesh");*
*------------------------------------*
All files keystore and truststore files are placed at right location. The server.log shows
the incoming signed message, and the dispatched signed outgoing messages to the above
client.
The client is not able to decode the return message. *(it says there is internal WS error
please see the log, no log is generated at client side).*
After debugging the native code source, i found it out that the *validateCertificate*
method of the *org.jboss.ws.extensions.security.SecurityStore* is getting falied while
calling
parameters = new PKIXParameters(trustStore);
I am getting *"the trustAnchors parameters must be non-null" * exception. I
inspected the trustStore, it does contain the certificate with proper alias name in my
case it is *"clientkeys".*
*Am i correctly creating all keystores and trustores?*
*Regards*
*Ganesh
*
*
*
*
*
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/727703#727703]
Start a new discussion in JBoss Web Services at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]