Error while signing the message in H2O
138 views
Skip to first unread message
PC
Jun 29, 2009, 7:47:25 AM6/29/09
to Hermes 2.0 Discussion List
Hi ,
We are doing a PoC using H2O for one of our clients and we have to
compete this by first week of July. So some one could kindly help us
to resolve the below issue ASAP?
Issue
------------
When we used the certficate which was there in default path(comes as
part Hermes2.0 installation) we were able to successfully send signed
messages to another H2O and got back the Ack also.The issue is when we
tried using our own certficate , below error is ocurring in the logs
while sending signed messages to other H2O. We were able to use the
same certifcate and able to exchange messages successfully with
Cyclone and Oracle B2B product.Can some one please help us to resolve
this issue?
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Outbound
payload received - cpaId: cpaid2, service: urn:bcRequestOrder,
serviceType:null, action: action, convId: convId1, fromPartyId:
fromPartyId, fromPartyType: fromPartyType, toPartyId: toPartyId,
toPartyType: toPartyType, refToMessageId: convIdcema>
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa>
<Genereating message id: 20090629-1...@10.23.100.25>
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Store
outgoing message: 20090629-1...@10.23.100.25>
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Outbound
payload processed - cpaId: cpaid2, service: urn:bcRequestOrder,
action: action, convId: convId1, fromPartyId: fromPartyId,
fromPartyType: fromPartyType, toPartyId: toPartyId, toPartyType:
toPartyType, refToMessageId: convIdcema>
2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Sign the
message: 20090629-1...@10.23.100.25>
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <ebms.pkg.PKISignatureImpl>
<[10200] Unknown error
Exception: java.lang.NullPointerException
Message: null>
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <cecid.ebms.spa> <Cannot
sign the ebxml message>
hk.hku.cecid.ebms.pkg.SignatureException: [10200] Unknown error
Exception: java.lang.NullPointerException
Message: null
at hk.hku.cecid.ebms.pkg.PKISignatureImpl.sign(PKISignatureImpl.java:
280)
at hk.hku.cecid.ebms.pkg.SignatureHandler.sign(SignatureHandler.java:
113)
at hk.hku.cecid.ebms.spa.task.OutboxTask.checkAndSignEbxmlMessage
(OutboxTask.java:545)
at hk.hku.cecid.ebms.spa.task.OutboxTask.execute(OutboxTask.java:356)
at hk.hku.cecid.piazza.commons.module.ActiveThread.run
(ActiveThread.java:90)
at java.lang.Thread.run(Unknown Source)
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <cecid.ebms.spa> <Cannot
get the sign the message: >
hk.hku.cecid.ebms.spa.task.MessageValidationException: Cannot sign the
ebxml message
by hk.hku.cecid.ebms.pkg.SignatureException: [10200] Unknown error
Exception: java.lang.NullPointerException
Message: null
at hk.hku.cecid.ebms.spa.task.OutboxTask.checkAndSignEbxmlMessage
(OutboxTask.java:552)
at hk.hku.cecid.ebms.spa.task.OutboxTask.execute(OutboxTask.java:356)
at hk.hku.cecid.piazza.commons.module.ActiveThread.run
(ActiveThread.java:90)
at java.lang.Thread.run(Unknown Source)
Caused by: hk.hku.cecid.ebms.pkg.SignatureException: [10200] Unknown
error
Exception: java.lang.NullPointerException
Message: null
at hk.hku.cecid.ebms.pkg.PKISignatureImpl.sign(PKISignatureImpl.java:
280)
at hk.hku.cecid.ebms.pkg.SignatureHandler.sign(SignatureHandler.java:
113)
at hk.hku.cecid.ebms.spa.task.OutboxTask.checkAndSignEbxmlMessage
(OutboxTask.java:545)
... 3 more
2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Mark as
failed (Message id: 20090629-1...@10.23.100.25)>
2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Generate
internal error message>
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <cecid.ebms.spa> <Error in
outbox task>
hk.hku.cecid.ebms.spa.task.DeliveryException: Cannot sign the ebxml
message
at hk.hku.cecid.ebms.spa.task.OutboxTask.execute(OutboxTask.java:374)
at hk.hku.cecid.piazza.commons.module.ActiveThread.run
(ActiveThread.java:90)
at java.lang.Thread.run(Unknown Source)
We are doing a PoC using H2O for one of our clients and we have to
compete this by first week of July. So some one could kindly help us
to resolve the below issue ASAP?
Issue
------------
When we used the certficate which was there in default path(comes as
part Hermes2.0 installation) we were able to successfully send signed
messages to another H2O and got back the Ack also.The issue is when we
tried using our own certficate , below error is ocurring in the logs
while sending signed messages to other H2O. We were able to use the
same certifcate and able to exchange messages successfully with
Cyclone and Oracle B2B product.Can some one please help us to resolve
this issue?
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Outbound
payload received - cpaId: cpaid2, service: urn:bcRequestOrder,
serviceType:null, action: action, convId: convId1, fromPartyId:
fromPartyId, fromPartyType: fromPartyType, toPartyId: toPartyId,
toPartyType: toPartyType, refToMessageId: convIdcema>
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa>
<Genereating message id: 20090629-1...@10.23.100.25>
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Store
outgoing message: 20090629-1...@10.23.100.25>
2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Outbound
payload processed - cpaId: cpaid2, service: urn:bcRequestOrder,
action: action, convId: convId1, fromPartyId: fromPartyId,
fromPartyType: fromPartyType, toPartyId: toPartyId, toPartyType:
toPartyType, refToMessageId: convIdcema>
2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Sign the
message: 20090629-1...@10.23.100.25>
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <ebms.pkg.PKISignatureImpl>
<[10200] Unknown error
Exception: java.lang.NullPointerException
Message: null>
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <cecid.ebms.spa> <Cannot
sign the ebxml message>
hk.hku.cecid.ebms.pkg.SignatureException: [10200] Unknown error
Exception: java.lang.NullPointerException
Message: null
at hk.hku.cecid.ebms.pkg.PKISignatureImpl.sign(PKISignatureImpl.java:
280)
at hk.hku.cecid.ebms.pkg.SignatureHandler.sign(SignatureHandler.java:
113)
at hk.hku.cecid.ebms.spa.task.OutboxTask.checkAndSignEbxmlMessage
(OutboxTask.java:545)
at hk.hku.cecid.ebms.spa.task.OutboxTask.execute(OutboxTask.java:356)
at hk.hku.cecid.piazza.commons.module.ActiveThread.run
(ActiveThread.java:90)
at java.lang.Thread.run(Unknown Source)
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <cecid.ebms.spa> <Cannot
get the sign the message: >
hk.hku.cecid.ebms.spa.task.MessageValidationException: Cannot sign the
ebxml message
by hk.hku.cecid.ebms.pkg.SignatureException: [10200] Unknown error
Exception: java.lang.NullPointerException
Message: null
at hk.hku.cecid.ebms.spa.task.OutboxTask.checkAndSignEbxmlMessage
(OutboxTask.java:552)
at hk.hku.cecid.ebms.spa.task.OutboxTask.execute(OutboxTask.java:356)
at hk.hku.cecid.piazza.commons.module.ActiveThread.run
(ActiveThread.java:90)
at java.lang.Thread.run(Unknown Source)
Caused by: hk.hku.cecid.ebms.pkg.SignatureException: [10200] Unknown
error
Exception: java.lang.NullPointerException
Message: null
at hk.hku.cecid.ebms.pkg.PKISignatureImpl.sign(PKISignatureImpl.java:
280)
at hk.hku.cecid.ebms.pkg.SignatureHandler.sign(SignatureHandler.java:
113)
at hk.hku.cecid.ebms.spa.task.OutboxTask.checkAndSignEbxmlMessage
(OutboxTask.java:545)
... 3 more
2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Mark as
failed (Message id: 20090629-1...@10.23.100.25)>
2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Generate
internal error message>
2009-06-29 16:27:59 [Thread-107 ] <ERROR> <cecid.ebms.spa> <Error in
outbox task>
hk.hku.cecid.ebms.spa.task.DeliveryException: Cannot sign the ebxml
message
at hk.hku.cecid.ebms.spa.task.OutboxTask.execute(OutboxTask.java:374)
at hk.hku.cecid.piazza.commons.module.ActiveThread.run
(ActiveThread.java:90)
at java.lang.Thread.run(Unknown Source)
Philip Wong
Jun 29, 2009, 9:57:51 PM6/29/09
to Hermes 2.0 Discussion List
Hi,
Do you have receiver's public cert. uploaded in sender's partnership
page?
Philip
On Jun 29, 7:47 pm, PC <b2btec...@gmail.com> wrote:
> Hi ,
>
> We are doing a PoC using H2O for one of our clients and we have to
> compete this by first week of July. So some one could kindly help us
> to resolve the below issue ASAP?
>
> Issue
> ------------
>
> When we used the certficate which was there in default path(comes as
> part Hermes2.0 installation) we were able to successfully send signed
> messages to another H2O and got back the Ack also.The issue is when we
> tried using our own certficate , below error is ocurring in the logs
> while sending signed messages to other H2O. We were able to use the
> same certifcate and able to exchange messages successfully with
> Cyclone and Oracle B2B product.Can some one please help us to resolve
> this issue?
>
> 2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Outbound
> payload received - cpaId: cpaid2, service: urn:bcRequestOrder,
> serviceType:null, action: action, convId: convId1, fromPartyId:
> fromPartyId, fromPartyType: fromPartyType, toPartyId: toPartyId,
> toPartyType: toPartyType, refToMessageId: convIdcema>
> 2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa>
> <Genereating message id: 20090629-162759-74...@10.23.100.25>
> failed (Message id: 20090629-162759-74...@10.23.100.25)>
Do you have receiver's public cert. uploaded in sender's partnership
page?
Philip
On Jun 29, 7:47 pm, PC <b2btec...@gmail.com> wrote:
> Hi ,
>
> We are doing a PoC using H2O for one of our clients and we have to
> compete this by first week of July. So some one could kindly help us
> to resolve the below issue ASAP?
>
> Issue
> ------------
>
> When we used the certficate which was there in default path(comes as
> part Hermes2.0 installation) we were able to successfully send signed
> messages to another H2O and got back the Ack also.The issue is when we
> tried using our own certficate , below error is ocurring in the logs
> while sending signed messages to other H2O. We were able to use the
> same certifcate and able to exchange messages successfully with
> Cyclone and Oracle B2B product.Can some one please help us to resolve
> this issue?
>
> 2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Outbound
> payload received - cpaId: cpaid2, service: urn:bcRequestOrder,
> serviceType:null, action: action, convId: convId1, fromPartyId:
> fromPartyId, fromPartyType: fromPartyType, toPartyId: toPartyId,
> toPartyType: toPartyType, refToMessageId: convIdcema>
> 2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa>
> 2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Store
> outgoing message: 20090629-162759-74...@10.23.100.25>
> 2009-06-29 16:27:59 [-Processor23] <INFO > <cecid.ebms.spa> <Outbound
> payload processed - cpaId: cpaid2, service: urn:bcRequestOrder,
> action: action, convId: convId1, fromPartyId: fromPartyId,
> fromPartyType: fromPartyType, toPartyId: toPartyId, toPartyType:
> toPartyType, refToMessageId: convIdcema>
> 2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Sign the
> message: 20090629-162759-74...@10.23.100.25>
> payload processed - cpaId: cpaid2, service: urn:bcRequestOrder,
> action: action, convId: convId1, fromPartyId: fromPartyId,
> fromPartyType: fromPartyType, toPartyId: toPartyId, toPartyType:
> toPartyType, refToMessageId: convIdcema>
> 2009-06-29 16:27:59 [Thread-107 ] <INFO > <cecid.ebms.spa> <Sign the
PC
Jun 30, 2009, 1:49:27 AM6/30/09
to Hermes 2.0 Discussion List
Hi Philip,
Thanks for your prompt reply.
Yes we have uploaded the reciever's public cert in sender partnership
page.
Also we have modified the password's for keystore-password and key-
password in ebms.module.xml.
Are there anymore modifications that needs to be done?
Regards,
PC
> > at java.lang.Thread.run(Unknown Source)- Hide quoted text -
>
> - Show quoted text -
Thanks for your prompt reply.
Yes we have uploaded the reciever's public cert in sender partnership
page.
Also we have modified the password's for keystore-password and key-
password in ebms.module.xml.
Are there anymore modifications that needs to be done?
Regards,
PC
>
> - Show quoted text -
PC
Jun 30, 2009, 1:56:08 AM6/30/09
to Hermes 2.0 Discussion List
Hi,
Should we also modify alias name or any other mandatory property?
Regards,
PC
> > - Show quoted text -- Hide quoted text -
Should we also modify alias name or any other mandatory property?
Regards,
PC
PC
Jul 2, 2009, 12:23:26 AM7/2/09
to Hermes 2.0 Discussion List
Hi All,
Can someone help us on this regard?
Thanks in advance.
Regards,
PC
Can someone help us on this regard?
Thanks in advance.
Regards,
PC
Kit
Jul 2, 2009, 2:50:56 AM7/2/09
to Hermes 2.0 Discussion List
Hi PC,
what changes did u made to the ebms.module.xml? are u using another
keystore instead of the default corvus.p12?
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
Email: kit....@apacus.com
Site: http://www.apacus.com
what changes did u made to the ebms.module.xml? are u using another
keystore instead of the default corvus.p12?
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
Email: kit....@apacus.com
Site: http://www.apacus.com
PC
Jul 2, 2009, 3:20:02 AM7/2/09
to Hermes 2.0 Discussion List
Hi Kit,
Yes we are using different certificate for Keystore.
Regards
PC
On Jul 2, 11:50 am, Kit <yingkity...@gmail.com> wrote:
> Hi PC,
>
> what changes did u made to the ebms.module.xml? are u using another
> keystore instead of the default corvus.p12?
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
> Email: kit.y...@apacus.com
Yes we are using different certificate for Keystore.
Regards
PC
On Jul 2, 11:50 am, Kit <yingkity...@gmail.com> wrote:
> Hi PC,
>
> what changes did u made to the ebms.module.xml? are u using another
> keystore instead of the default corvus.p12?
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
PC
Jul 2, 2009, 3:21:39 AM7/2/09
to Hermes 2.0 Discussion List
HI,
Here is our modfied ebms.module.xml
<component id="keystore-manager-for-signature" name="Key Store Manager
for Digital Signature">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias" value="corvus"/>
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="PKCS12"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
<component id="keystore-manager-for-decryption" name="Key Store
Manager for Decryption (ebMS over SMTP)">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias" value="corvus"/>
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="PKCS12"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
Here is our modfied ebms.module.xml
<component id="keystore-manager-for-signature" name="Key Store Manager
for Digital Signature">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias" value="corvus"/>
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="PKCS12"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
<component id="keystore-manager-for-decryption" name="Key Store
Manager for Decryption (ebMS over SMTP)">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias" value="corvus"/>
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="PKCS12"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
Kit
Jul 2, 2009, 3:35:16 AM7/2/09
to Hermes 2.0 Discussion List
Hi PC,
i can see the path of the keystore is the same as the hermes default.
so are u using the original corvus.p12 or u created a NEW corvus.p12
and replaced the original one?
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
Email: kit....@apacus.com
Site: http://www.apacus.com
i can see the path of the keystore is the same as the hermes default.
so are u using the original corvus.p12 or u created a NEW corvus.p12
and replaced the original one?
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
Site: http://www.apacus.com
PC
Jul 2, 2009, 5:30:39 AM7/2/09
to Hermes 2.0 Discussion List
Hi Kit,
We created new certifcate and changed the name to corvus.p12.. We
removed default corvus.p12
certificate and used this new one
We created new certifcate and changed the name to corvus.p12.. We
removed default corvus.p12
certificate and used this new one
> i can see the path of the keystore is the same as the hermes default.
> so are u using the original corvus.p12 or u created a NEW corvus.p12
> and replaced the original one?
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
> so are u using the original corvus.p12 or u created a NEW corvus.p12
> and replaced the original one?
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
Kit
Jul 2, 2009, 5:50:48 AM7/2/09
to Hermes 2.0 Discussion List
hi PC,
actually the corvus.p12 is not a certificate. it is a keystore which
can store the key and certifcates.
so how did u create the new corvus.p12?
kit
> ...
>
> read more »
actually the corvus.p12 is not a certificate. it is a keystore which
can store the key and certifcates.
so how did u create the new corvus.p12?
kit
>
> read more »
PC
Jul 3, 2009, 3:25:40 AM7/3/09
to Hermes 2.0 Discussion List
Hi Kit,
We have a certificate generated from VeriSign.We just renamed it to
Corvus.p12. Could you please let us know the steps that we need to do
to use this Cert?
Regards
PC
> ...
>
> read more »- Hide quoted text -
We have a certificate generated from VeriSign.We just renamed it to
Corvus.p12. Could you please let us know the steps that we need to do
to use this Cert?
Regards
PC
>
> read more »- Hide quoted text -
Kit
Jul 3, 2009, 3:34:23 AM7/3/09
to Hermes 2.0 Discussion List
Hi PC,
what is the original name if the file generated by VeriSign.
i would like to know its file extension.
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
> ...
>
> 閱讀更多 »
what is the original name if the file generated by VeriSign.
i would like to know its file extension.
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
>
> 閱讀更多 »
Torsten Kirschner
Jul 3, 2009, 4:08:11 AM7/3/09
to cecid-...@googlegroups.com
Hi,
I don't recall properly all the steps, but aren't there two other parameters which must be adjusted?
1. the keystore password, obviously. Verisign would have provided you with a password to their P12 file.
2. the certificate alias in the keystore.
Regarding number 2, I'd (as always) recommend OpenSSL (http://www.openssl.org/) to look at Verisign's P12 file.
openssl lists the aliases as well, and you have to use the proper one.
It could also be that Verisign doesn't provide an alias, in which case you could use openssl to generate a new P12 file, this time with a proper certificate alias.
Good luck,
T
PC
Jul 6, 2009, 12:57:53 AM7/6/09
to Hermes 2.0 Discussion List
Hi Kit,
The original file extension is ".pfx" . we remaned it to corvus.p12
Regards,
PC
The original file extension is ".pfx" . we remaned it to corvus.p12
Regards,
PC
> what is the original name if the file generated by VeriSign.
> i would like to know its file extension.
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
> i would like to know its file extension.
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
Kit
Jul 6, 2009, 3:10:40 AM7/6/09
to Hermes 2.0 Discussion List
Hi PC,
You can use the jetty library to convert the .pfx to .jks (another
keystore format)
after the conversion, then edit the ebms.module.xml
1. Download the Jetty tool from the following web site: http://jetty.mortbay.org/
2. Unzip it to your working folder.
3. Run "java -classpath lib/jetty-6.1.8.jar
org.mortbay.jetty.security.PKCS12Import MyCert.pfx MyCert.jks"
please make sure u know the keystore password, key-alias and key-
password for the msg signing. then edit the ebmx.module.xml. and also
change the keystore format to JKS too.
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
> ...
>
> 閱讀更多 »
You can use the jetty library to convert the .pfx to .jks (another
keystore format)
after the conversion, then edit the ebms.module.xml
1. Download the Jetty tool from the following web site: http://jetty.mortbay.org/
2. Unzip it to your working folder.
3. Run "java -classpath lib/jetty-6.1.8.jar
org.mortbay.jetty.security.PKCS12Import MyCert.pfx MyCert.jks"
please make sure u know the keystore password, key-alias and key-
password for the msg signing. then edit the ebmx.module.xml. and also
change the keystore format to JKS too.
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
>
> 閱讀更多 »
PC
Jul 6, 2009, 4:14:30 AM7/6/09
to Hermes 2.0 Discussion List
Hi Kit,
We have done the below steps
F:\Jetty\jetty-6.1.8>java -classpath lib/jetty-6.1.8.jar
org.mortbay.jetty.secur
ity.PKCS12Import newprivatekey.pfx MyCert.jks
Enter input keystore passphrase: welcome1
Enter output keystore passphrase: welcome1
Alias 0: {e20be697-1693-4184-9c03-73f0b8307cc1}
Adding key for alias {e20be697-1693-4184-9c03-73f0b8307cc1}
Also added the below details in ebms.module.xml but we are getting
error while starting Hermes 2.0 as " Unable to intialize the
keystore" and ebms_plugin not started..
<component id="keystore-manager-for-signature" name="Key Store Manager
for Digital Signature">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/MyCert.jks"/>
----------------------------
by hk.hku.cecid.piazza.commons.module.ModuleException: Unable to
initialize module group 'Ebms'
by hk.hku.cecid.piazza.commons.module.ModuleException: Unable to load
modules
by hk.hku.cecid.piazza.commons.module.ModuleException: Unable to
initialize component 'Key Store Manager for Digital Signature'
by hk.hku.cecid.piazza.commons.security.KeyStoreManagementException:
Unable to initialize the key store
by java.security.KeyStoreException: JKS not found
Regards
PC
We have done the below steps
F:\Jetty\jetty-6.1.8>java -classpath lib/jetty-6.1.8.jar
org.mortbay.jetty.secur
ity.PKCS12Import newprivatekey.pfx MyCert.jks
Enter input keystore passphrase: welcome1
Enter output keystore passphrase: welcome1
Alias 0: {e20be697-1693-4184-9c03-73f0b8307cc1}
Adding key for alias {e20be697-1693-4184-9c03-73f0b8307cc1}
Also added the below details in ebms.module.xml but we are getting
error while starting Hermes 2.0 as " Unable to intialize the
keystore" and ebms_plugin not started..
<component id="keystore-manager-for-signature" name="Key Store Manager
for Digital Signature">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias"
value="e20be697-1693-4184-9c03-73f0b8307cc1"/>
<parameter name="key-alias"
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="JKS"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
<component id="keystore-manager-for-decryption" name="Key Store
Manager for Decryption (ebMS over SMTP)">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/MyCert.jks"/>
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
<component id="keystore-manager-for-decryption" name="Key Store
Manager for Decryption (ebMS over SMTP)">
<class>hk.hku.cecid.piazza.commons.security.KeyStoreManager</
class>
<parameter name="keystore-location" value="C:/Program Files/
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias"
value="e20be697-1693-4184-9c03-73f0b8307cc1"/>
<parameter name="key-alias"
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="JKS"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
Errors in logs
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
</component>
----------------------------
by hk.hku.cecid.piazza.commons.module.ModuleException: Unable to
initialize module group 'Ebms'
by hk.hku.cecid.piazza.commons.module.ModuleException: Unable to load
modules
by hk.hku.cecid.piazza.commons.module.ModuleException: Unable to
initialize component 'Key Store Manager for Digital Signature'
by hk.hku.cecid.piazza.commons.security.KeyStoreManagementException:
Unable to initialize the key store
by java.security.KeyStoreException: JKS not found
Regards
PC
> You can use the jetty library to convert the .pfx to .jks (another
> keystore format)
> after the conversion, then edit the ebms.module.xml
>
> 1. Download the Jetty tool from the following web site:http://jetty.mortbay.org/
> 2. Unzip it to your working folder.
> 3. Run "java -classpath lib/jetty-6.1.8.jar
> org.mortbay.jetty.security.PKCS12Import MyCert.pfx MyCert.jks"
>
> please make sure u know the keystore password, key-alias and key-
> password for the msg signing. then edit the ebmx.module.xml. and also
> change the keystore format to JKS too.
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
> keystore format)
> after the conversion, then edit the ebms.module.xml
>
> 1. Download the Jetty tool from the following web site:http://jetty.mortbay.org/
> 2. Unzip it to your working folder.
> 3. Run "java -classpath lib/jetty-6.1.8.jar
> org.mortbay.jetty.security.PKCS12Import MyCert.pfx MyCert.jks"
>
> please make sure u know the keystore password, key-alias and key-
> password for the msg signing. then edit the ebmx.module.xml. and also
> change the keystore format to JKS too.
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
Ronnie Kwok
Jul 6, 2009, 5:07:56 AM7/6/09
to cecid-...@googlegroups.com
Hello,
I want to step back a bit. In your first post, you mentioned about failure to send signed message by using a PFX file you get from Verisign (which you rename to something.p12 and put it into H2O). At that time, are the alias and password changed accordingly, too?
I think it worth to double check the setting with the values you got from the keytool command.
keytool -list -keystore <your keystore>.p12 -storetype pkcs12
Regards,
ronnie
I want to step back a bit. In your first post, you mentioned about failure to send signed message by using a PFX file you get from Verisign (which you rename to something.p12 and put it into H2O). At that time, are the alias and password changed accordingly, too?
I think it worth to double check the setting with the values you got from the keytool command.
keytool -list -keystore <your keystore>.p12 -storetype pkcs12
Regards,
ronnie
PC
Jul 6, 2009, 5:21:02 AM7/6/09
to Hermes 2.0 Discussion List
Hi Ronnie,
Pleae find the output of PCKS12 file which we renamed to corvus.p12
F:\Jetty\jetty-6.1.8>keytool -list -keystore corvus.p12 -storetype
pkcs12
Enter keystore password: welcome1
Keystore type: pkcs12
Keystore provider: SunJSSE
Your keystore contains 1 entry
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}, Jul 6, 2009, keyEntry,
Certificate fingerprint (MD5): CC:62:7F:7A:C0:C3:C9:C3:11:3E:
54:0B:FF:FA:25:47
regards
PC
Pleae find the output of PCKS12 file which we renamed to corvus.p12
F:\Jetty\jetty-6.1.8>keytool -list -keystore corvus.p12 -storetype
pkcs12
Enter keystore password: welcome1
Keystore type: pkcs12
Keystore provider: SunJSSE
Your keystore contains 1 entry
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}, Jul 6, 2009, keyEntry,
Certificate fingerprint (MD5): CC:62:7F:7A:C0:C3:C9:C3:11:3E:
54:0B:FF:FA:25:47
regards
PC
Kit
Jul 7, 2009, 3:07:44 AM7/7/09
to Hermes 2.0 Discussion List
Hi PC,
could u try the following setting?
1. rename ur xxx.pfx file to xxx.p12
2. edit the following properties in the ebms.module.xml
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias"
Site: http://www.apacus.com
> ...
>
> 閱讀更多 »
could u try the following setting?
1. rename ur xxx.pfx file to xxx.p12
2. edit the following properties in the ebms.module.xml
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias"
value="e20be697-1693-4184-9c03-73f0b8307cc1"/>
<parameter name="key-password" value="welcome1"/>
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="PKCS12"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
Email: kit....@apacus.com
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
Site: http://www.apacus.com
>
> 閱讀更多 »
PC
Jul 7, 2009, 3:35:39 AM7/7/09
to Hermes 2.0 Discussion List
Hi Kit,
We tried the same setting which you mentioned but again getting the
same Null Pointer Exception
Regards
PC
We tried the same setting which you mentioned but again getting the
same Null Pointer Exception
Regards
PC
> could u try the following setting?
>
> 1. rename ur xxx.pfx file to xxx.p12
>
> 2. edit the following properties in the ebms.module.xml
>
> <parameter name="keystore-location" value="C:/Program Files/
> hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
> <parameter name="keystore-password" value="welcome1"/>
> <parameter name="key-alias"
> value="e20be697-1693-4184-9c03-73f0b8307cc1"/>
> <parameter name="key-password" value="welcome1"/>
> <parameter name="keystore-type" value="PKCS12"/>
> <parameter name="keystore-provider"
> value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
>
> 1. rename ur xxx.pfx file to xxx.p12
>
> 2. edit the following properties in the ebms.module.xml
>
> <parameter name="keystore-location" value="C:/Program Files/
> hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
> <parameter name="keystore-password" value="welcome1"/>
> <parameter name="key-alias"
> value="e20be697-1693-4184-9c03-73f0b8307cc1"/>
> <parameter name="key-password" value="welcome1"/>
> <parameter name="keystore-type" value="PKCS12"/>
> <parameter name="keystore-provider"
> value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
Kit
Jul 7, 2009, 4:06:42 AM7/7/09
to Hermes 2.0 Discussion List
Hi PC.
could u please check the key alias in the renamed .p12?
keytool -list -storetype PKCS12 -keystore xxx.p12
is it the same as e20be697-1693-4184-9c03-73f0b8307cc1? or it got
another name?
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
> ...
>
> 閱讀更多 »
could u please check the key alias in the renamed .p12?
keytool -list -storetype PKCS12 -keystore xxx.p12
is it the same as e20be697-1693-4184-9c03-73f0b8307cc1? or it got
another name?
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
>
> 閱讀更多 »
PC
Jul 7, 2009, 5:08:49 AM7/7/09
to Hermes 2.0 Discussion List
Hi Kit,
After conveting pkcs12 to jks format the alias is same as you have
mentioned .We are trying with the both the option
1) directly using pkcs12 as keystore
2) Converting pcks12 into JKS
In option 1 ebms plugin was intialized but after sending a message it
was failing with NULL pointer exception. We did some debug and came to
know that it was failing during the execution of below code in
PKISignatureImpl.java
String keyAlgo = key.getAlgorithm().toLowerCase();
In Option 2 ebms plugin was not intialized and getting error keystore
not intialized
Regards
PC
On Jul 7, 1:06 pm, Kit <yingkity...@gmail.com> wrote:
> Hi PC.
>
> could u please check the key alias in the renamed .p12?
> keytool -list -storetype PKCS12 -keystore xxx.p12
>
> is it the same as e20be697-1693-4184-9c03-73f0b8307cc1? or it got
> another name?
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
After conveting pkcs12 to jks format the alias is same as you have
mentioned .We are trying with the both the option
1) directly using pkcs12 as keystore
2) Converting pcks12 into JKS
In option 1 ebms plugin was intialized but after sending a message it
was failing with NULL pointer exception. We did some debug and came to
know that it was failing during the execution of below code in
PKISignatureImpl.java
String keyAlgo = key.getAlgorithm().toLowerCase();
In Option 2 ebms plugin was not intialized and getting error keystore
not intialized
Regards
PC
On Jul 7, 1:06 pm, Kit <yingkity...@gmail.com> wrote:
> Hi PC.
>
> could u please check the key alias in the renamed .p12?
> keytool -list -storetype PKCS12 -keystore xxx.p12
>
> is it the same as e20be697-1693-4184-9c03-73f0b8307cc1? or it got
> another name?
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
PC
Jul 7, 2009, 12:53:43 PM7/7/09
to Hermes 2.0 Discussion List
Hi Kit,
Please help us . I did some research and came to know that there is
some issue in CompositeKeyStore.java
ks = KeyStore.getInstance("PKCS12",BC);
After removing BC as shown below i can see that messages are sigining
properly but Acks are failing. I am not sure what this BC does? i
beleve its a name of provider.
ks = KeyStore.getInstance("PKCS12");
i was just trying with below sample program and it is perfectly
working fine with our certificate....I am not sure whether it is a bug
or am i using older version of Hermes 2.0??
import java.util.List;
import java.security.Provider;
import java.security.Security;
import java.lang.reflect.Constructor;
public class MainClass {
public static void main(String args[]) throws Exception {
String storename = args[0];
char[] storepass = args[1].toCharArray();
String alias = args[2];
Class clsProv = Class.forName
("org.bouncycastle.jce.provider.BouncyCastleProvider");
Constructor c = clsProv.getConstructor();
Provider provider = (Provider) c.newInstance();
if (Security.getProvider(provider.getName()) == null)
{
Security.addProvider(provider);
}
KeyStore ks = KeyStore.getInstance("PKCS12");
Provider pp=ks.getProvider();
System.out.println(pp.getInfo()+","+pp.getName());
ks.load(new FileInputStream(storename), storepass);
java.security.cert.Certificate[] cchain = ks.getCertificateChain
(alias);
List mylist = new ArrayList();
for (int i = 0; i < cchain.length; i++) {
mylist.add(cchain[i]);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath cp = cf.generateCertPath(mylist);
System.out.println(cp);
}
}
Regards
PC
Please help us . I did some research and came to know that there is
some issue in CompositeKeyStore.java
ks = KeyStore.getInstance("PKCS12",BC);
After removing BC as shown below i can see that messages are sigining
properly but Acks are failing. I am not sure what this BC does? i
beleve its a name of provider.
ks = KeyStore.getInstance("PKCS12");
i was just trying with below sample program and it is perfectly
working fine with our certificate....I am not sure whether it is a bug
or am i using older version of Hermes 2.0??
import java.util.List;
import java.security.Provider;
import java.security.Security;
import java.lang.reflect.Constructor;
public class MainClass {
public static void main(String args[]) throws Exception {
String storename = args[0];
char[] storepass = args[1].toCharArray();
String alias = args[2];
Class clsProv = Class.forName
("org.bouncycastle.jce.provider.BouncyCastleProvider");
Constructor c = clsProv.getConstructor();
Provider provider = (Provider) c.newInstance();
if (Security.getProvider(provider.getName()) == null)
{
Security.addProvider(provider);
}
KeyStore ks = KeyStore.getInstance("PKCS12");
Provider pp=ks.getProvider();
System.out.println(pp.getInfo()+","+pp.getName());
ks.load(new FileInputStream(storename), storepass);
java.security.cert.Certificate[] cchain = ks.getCertificateChain
(alias);
List mylist = new ArrayList();
for (int i = 0; i < cchain.length; i++) {
mylist.add(cchain[i]);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
CertPath cp = cf.generateCertPath(mylist);
System.out.println(cp);
}
}
Regards
PC
Torsten Kirschner
Jul 7, 2009, 4:51:13 PM7/7/09
to cecid-...@googlegroups.com
Depending on your JRE's lib/security/java.security file's contents, your Provider might end up being SunJSSE instead of BC and this may or may not be sufficient for H2O.
1. You can try to install the BC provider programatically and see where that leaves you:
package test;
import java.security.Provider;
import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class CheckForBC {
public static void main(String[] args) {
System.out.print(new BouncyCastleProvider().getName());
if (Security.addProvider(new BouncyCastleProvider()) == -1) {
System.out.print(" already ");
}
System.out.print("installed at preference position ");
Provider[] providers = Security.getProviders();
for (int i = 0; i != providers.length; i++) {
if (new BouncyCastleProvider().getName().equals(providers[i].getName())) {
System.out.println((i + 1));
}
}
}
}
On my laptop, for instance, this results in
run:
BC already installed at preference position 10
BUILD SUCCESSFUL (total time: 0 seconds)
2. You can find out which Implementation of a PKCS12 KeyStore you end up with by calling KeyStore.getInstance("PKCS12"):
package test;
import java.security.Provider;
import java.security.Security;
import java.util.Iterator;
public class ListPKCS12Implementations {
public static void main(String[] args) {
Provider[] providers = Security.getProviders();
for (int i = 0; i != providers.length; i++) {
Provider provider = providers[i];
Iterator it = provider.keySet().iterator();
while (it.hasNext()) {
String entry = (String) it.next();
if (entry.startsWith("Alg.Alias.")) {
entry = entry.substring("Alg.Alias.".length());
}
String factoryClass = entry.substring(0, entry.indexOf('.'));
String name = entry.substring(factoryClass.length() + 1);
if (factoryClass.startsWith("KeyStore") && name.startsWith("PKCS12")) {
System.out.println("Preference position: " + makeBlankString(2-String.valueOf(i+1).length()) + (i + 1)
+ " Provider: " + provider.getName() + " " + makeBlankString(15-provider.getName().length())
+ factoryClass + ": " + name);
}
}
}
}
public static String makeBlankString(int len) {
char[] buf = new char[len];
for (int i = 0; i != buf.length; i++) {
buf[i] = ' ';
}
return new String(buf);
}
}
Again, on my laptop, for instance, this results in
run:
Preference position: 3 Provider: SunJSSE KeyStore: PKCS12
Preference position: 10 Provider: BC KeyStore: PKCS12-3DES-40RC2
Preference position: 10 Provider: BC KeyStore: PKCS12-3DES-3DES
Preference position: 10 Provider: BC KeyStore: PKCS12-DEF-3DES-40RC2
Preference position: 10 Provider: BC KeyStore: PKCS12
Preference position: 10 Provider: BC KeyStore: PKCS12-DEF
Preference position: 10 Provider: BC KeyStore: PKCS12-DEF-3DES-3DES
BUILD SUCCESSFUL (total time: 1 second)
Your milage may vary. If you are running on Windows, you might want to update relevant parts of your JRE's lib/security/java.security to look something like this:
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=sun.security.mscapi.SunMSCAPI
security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
and maybe even put a sufficiently current version of BC in your JRE's lib/ext.
By the way, remember that Windows Vista will need you to first change the access rights to those folders.
Regards
T
Kit
Jul 7, 2009, 10:22:35 PM7/7/09
to Hermes 2.0 Discussion List
Hi PC,
i made a mistake previously,
the keyalias for the renamed p12 is
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}
while that of the jks is e20be697-1693-4184-9c03-73f0b8307cc1, rite?
so pls try the following.
1. rename ur xxx.pfx file to xxx.p12
2. edit the following properties in the ebms.module.xml
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias"
value="{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}"/>
wrote:
i made a mistake previously,
the keyalias for the renamed p12 is
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}
while that of the jks is e20be697-1693-4184-9c03-73f0b8307cc1, rite?
so pls try the following.
1. rename ur xxx.pfx file to xxx.p12
2. edit the following properties in the ebms.module.xml
<parameter name="keystore-location" value="C:/Program Files/
hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
<parameter name="keystore-password" value="welcome1"/>
<parameter name="key-alias"
<parameter name="key-password" value="welcome1"/>
<parameter name="keystore-type" value="PKCS12"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
On 7月8日, 上午4時51分, Torsten Kirschner <torsten.kirsch...@gmail.com>
<parameter name="keystore-type" value="PKCS12"/>
<parameter name="keystore-provider"
value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
Regards,
Kit Yuen, Software Engineer
Apacus Software - Innovate, Simplify
wrote:
PC
Jul 8, 2009, 3:43:00 AM7/8/09
to Hermes 2.0 Discussion List
Hi T,
we ran the classes and here is the output
BC already installed at preference position 7
second output
------------------------------------
Preference position: 3 Provider: SunJSSE KeyStore: PKCS12
Preference position: 7 Provider: BC KeyStore: PKCS12
Preference position: 7 Provider: BC KeyStore: PKCS12-DEF
but still i am getting the same problem and other intersting thing is
i am using the above code which i pasted previously to list all the
alias in the keystore.
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189} ...this is the output if dont
use BC and if i use BC then aliases are comming as below
{11C0C3B4-4A1B-4CF7-86A3-3D637A992189}
Cema N BT Group Plc ID
in case of using BC , code is failing while getting certificate chain
from keystore
On Jul 8, 1:51 am, Torsten Kirschner <torsten.kirsch...@gmail.com>
wrote:
we ran the classes and here is the output
BC already installed at preference position 7
second output
------------------------------------
Preference position: 3 Provider: SunJSSE KeyStore: PKCS12
Preference position: 7 Provider: BC KeyStore: PKCS12-DEF
but still i am getting the same problem and other intersting thing is
i am using the above code which i pasted previously to list all the
alias in the keystore.
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189} ...this is the output if dont
use BC and if i use BC then aliases are comming as below
{11C0C3B4-4A1B-4CF7-86A3-3D637A992189}
Cema N BT Group Plc ID
in case of using BC , code is failing while getting certificate chain
from keystore
On Jul 8, 1:51 am, Torsten Kirschner <torsten.kirsch...@gmail.com>
wrote:
PC
Jul 8, 2009, 3:47:16 AM7/8/09
to Hermes 2.0 Discussion List
Hi Kit,
We tried this but it looks like the issue with
org.bouncycastle.jce.provider.BouncyCastleProvider. Using keytool it
list the alias as {11c0c3b4-4a1b-4cf7-86a3-3d637a992189} but when i
use with BC then it is changing to
{11C0C3B4-4A1B-4CF7-86A3-3D637A992189} but after that it is failing in
getting certificate chain
Regards
PC
On Jul 8, 7:22 am, Kit <yingkity...@gmail.com> wrote:
> Hi PC,
>
> i made a mistake previously,
> the keyalias for the renamed p12 is
> {11c0c3b4-4a1b-4cf7-86a3-3d637a992189}
> while that of the jks is e20be697-1693-4184-9c03-73f0b8307cc1, rite?
>
> so pls try the following.
>
> 1. rename ur xxx.pfx file to xxx.p12
>
> 2. edit the following properties in the ebms.module.xml
>
> <parameter name="keystore-location" value="C:/Program Files/
> hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
> <parameter name="keystore-password" value="welcome1"/>
> <parameter name="key-alias"
> value="{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}"/>
> <parameter name="key-password" value="welcome1"/>
> <parameter name="keystore-type" value="PKCS12"/>
> <parameter name="keystore-provider"
> value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
> Email: kit.y...@apacus.com
> > T- Hide quoted text -
We tried this but it looks like the issue with
org.bouncycastle.jce.provider.BouncyCastleProvider. Using keytool it
list the alias as {11c0c3b4-4a1b-4cf7-86a3-3d637a992189} but when i
use with BC then it is changing to
{11C0C3B4-4A1B-4CF7-86A3-3D637A992189} but after that it is failing in
getting certificate chain
Regards
PC
On Jul 8, 7:22 am, Kit <yingkity...@gmail.com> wrote:
> Hi PC,
>
> i made a mistake previously,
> the keyalias for the renamed p12 is
> {11c0c3b4-4a1b-4cf7-86a3-3d637a992189}
> while that of the jks is e20be697-1693-4184-9c03-73f0b8307cc1, rite?
>
> so pls try the following.
>
> 1. rename ur xxx.pfx file to xxx.p12
>
> 2. edit the following properties in the ebms.module.xml
>
> <parameter name="keystore-location" value="C:/Program Files/
> hermes2/plugins/hk.hku.cecid.ebms/security/corvus.p12"/>
> <parameter name="keystore-password" value="welcome1"/>
> <parameter name="key-alias"
> value="{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}"/>
> <parameter name="key-password" value="welcome1"/>
> <parameter name="keystore-type" value="PKCS12"/>
> <parameter name="keystore-provider"
> value="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
>
> Regards,
> Kit Yuen, Software Engineer
> Apacus Software - Innovate, Simplify
>
Torsten Kirschner
Jul 8, 2009, 6:12:20 AM7/8/09
to cecid-...@googlegroups.com
It may be that your Verisign / Microsoft PFX file is an a little strange version of a PKCS12 store.
I am pretty sure it's not BouncyCastle's fault, cause I can run your code without problems on a P12 file from our favorite CA. Here's what the (correct but abbreviated) result looks like, no matter which implementations of KeyStore (SunJSSE or BC) and CertificateFactory (SUN or BC) I chose, including mix and match:
run:
Java version is 1.6.0_13
KeyStore provider: BouncyCastle Security Provider v1.43,BC
CertificateFactory provider: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration),SUN
X.509 Cert Path: length = 2.
[
=========================================================Certificate 1 start.
[0] Version: 3
SerialNumber: 370002
IssuerDN: C=NO,O=Buypass AS-983163327,CN=Buypass Class 3 CA 1
...
=========================================================Certificate 1 end.
=========================================================Certificate 2 start.
[0] Version: 3
SerialNumber: 2
IssuerDN: C=NO,O=Buypass AS-983163327,CN=Buypass Class 3 CA 1
...
=========================================================Certificate 2 end.
]
BUILD SUCCESSFUL (total time: 1 second)
Are you sure your installation of JCE and BC are correct? Did you install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy correctly?
Good luck,
T
p.s. obviously I added this code at the appropiate places:
System.out.println("Java version is " + System.getProperty("java.version"));
and
cf.getProvider();
System.out.println("CertificateFactory provider: " + pp.getInfo() + "," + pp.getName());
PC
Jul 8, 2009, 6:26:01 AM7/8/09
to Hermes 2.0 Discussion List
Hi T,
We have sorted this out finally :) . The issue is that we are running
in jre1.5.0_18 but the class which we were using is bcprov-
jdk14-125.jar . We replaced this jar file with bcprov-jdk15-143.jar
under java-home/jre1.5.0_18\lib\ext. Also added security.provider.
7=org.bouncycastle.jce.provider.BouncyCastleProvider in
java.security . Niow i could see the messages are sigining properly.
The only thing which i dont understand is alias name has to be given
in caps for BC
{11C0C3B4-4A1B-4CF7-86A3-3D637A992189}
When i checked the alias using keystore it is as below
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}
regards
PC
On Jul 8, 3:12 pm, Torsten Kirschner <torsten.kirsch...@gmail.com>
wrote:
> > > T- Hide quoted text -
We have sorted this out finally :) . The issue is that we are running
in jre1.5.0_18 but the class which we were using is bcprov-
jdk14-125.jar . We replaced this jar file with bcprov-jdk15-143.jar
under java-home/jre1.5.0_18\lib\ext. Also added security.provider.
7=org.bouncycastle.jce.provider.BouncyCastleProvider in
java.security . Niow i could see the messages are sigining properly.
The only thing which i dont understand is alias name has to be given
in caps for BC
{11C0C3B4-4A1B-4CF7-86A3-3D637A992189}
When i checked the alias using keystore it is as below
{11c0c3b4-4a1b-4cf7-86a3-3d637a992189}
regards
PC
On Jul 8, 3:12 pm, Torsten Kirschner <torsten.kirsch...@gmail.com>
wrote:
Torsten Kirschner
Jul 8, 2009, 7:37:05 AM7/8/09
to cecid-...@googlegroups.com
Hi,
been there, done that. ;-)
Regarding the UPPERCASE/lowercase issue of the alias. I find the same thing, BC presents the alias in UPPERCASE.
However, it seems the providers don't case about the case, so it probably doesn't matter.
Congratulations on working out the provider!
Regards
T
ronnie
Jul 8, 2009, 9:22:12 PM7/8/09
to Hermes 2.0 Discussion List
Hello,
PC, congrat that you have sorted this out finally. BTW, you get the
PFX file from Verisign, am I correct? Just wondering if this issue
applies to other user who get their key and cert from them.
Torsten,
Thanks a lot for your input, I learnt a lot personally from what you
have shared.
We will mark this down and hopefully put this up in the article
section later.
Regards,
ronnie
On Jul 8, 7:37 pm, Torsten Kirschner <torsten.kirsch...@gmail.com>
wrote:
PC, congrat that you have sorted this out finally. BTW, you get the
PFX file from Verisign, am I correct? Just wondering if this issue
applies to other user who get their key and cert from them.
Torsten,
Thanks a lot for your input, I learnt a lot personally from what you
have shared.
We will mark this down and hopefully put this up in the article
section later.
Regards,
ronnie
On Jul 8, 7:37 pm, Torsten Kirschner <torsten.kirsch...@gmail.com>
wrote:
> Hi,
> been there, done that. ;-)
>
> Regarding the UPPERCASE/lowercase issue of the alias. I find the same thing,
> BC presents the alias in UPPERCASE.
> However, it seems the providers don't case about the case, so it probably
> doesn't matter.
>
> Congratulations on working out the provider!
>
> Regards
> T
>
> been there, done that. ;-)
>
> Regarding the UPPERCASE/lowercase issue of the alias. I find the same thing,
> BC presents the alias in UPPERCASE.
> However, it seems the providers don't case about the case, so it probably
> doesn't matter.
>
> Congratulations on working out the provider!
>
> Regards
> T
>
Reply all
Reply to author
Forward
0 new messages