Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Signing a XML request

Posted on 2011-03-15
2
558 Views
Last Modified: 2012-05-11
Hi, I want to sign a XMl request using Axis WSS4J framework, and I had a question related to this. Before that, here is what I have got:

A JKS keystore:
*******************
Keystore type: jks
Keystore provider: SUN

Alias name: business
Creation date: 7/03/2011
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Test Test, OU=Test, O=Test, L=Test, ST=Test, C=IN
Issuer: CN=Test Test, OU=Test, O=Test, L=Test, ST=Test, C=IN
Serial number: 4d74a0ac
Valid from: Mon Mar 07 20:09:00 EST 2011 until: Sun Jun 05 19:09:00 EST 2011
Certificate fingerprints:
         MD5:  09:55:E3:C2:A8:60:D6:4E:E2:56:6A:07:0D:57:4A:66
         SHA1: 30:9B:7C:CC:E2:D0:89:1A:43:34:E8:33:C7:8D:AD:FA:A6:CB:81:30
**************

a WSDD file with following entries (along with others)
**************
<requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
    <parameter name="action" value="Signature"/>
    <parameter name="signatureKeyIdentifier" value="DirectReference"/>
    <parameter name="user" value="business"/>
    <parameter name="SIG_PROP_FILE" value="crypto.properties"/>  
     </handler>
   </requestFlow >
*****************

crypto.properties
*********************

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=mykeystore
org.apache.ws.security.crypto.merlin.keystore.alias=business
org.apache.ws.security.crypto.merlin.file=<dir-name>/mykeystore
**********************

My keystore contains both the public key (embedded in the certificate) and the private key which is not visible (but it is there since I used -genkey option that creates the pair. I also verified by extracting the private key through java code).

My first question is whether <parameter name="user" value="business"/> property in the WSDD file enable handler to pick the private key for signing? I am asking because both the public and the private key are there and they are being referenced by the single alias i.e. "business". So, how would handler know which key to use to sign the XML request.

any help please?

Thanks a lot.
Leo

0
Comment
Question by:LeoKris
2 Comments
 
LVL 92

Accepted Solution

by:
objects earned 500 total points
ID: 35144975
> So, how would handler know which key to use to sign the XML request.

private keys are used for signing, not public keys
0
 

Author Closing Comment

by:LeoKris
ID: 35145056
Thanks objects.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question