Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Signing a XML request

Posted on 2011-03-15
2
Medium Priority
?
581 Views
Last Modified: 2012-05-11
Hi, I want to sign a XMl request using Axis WSS4J framework, and I had a question related to this. Before that, here is what I have got:

A JKS keystore:
*******************
Keystore type: jks
Keystore provider: SUN

Alias name: business
Creation date: 7/03/2011
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Test Test, OU=Test, O=Test, L=Test, ST=Test, C=IN
Issuer: CN=Test Test, OU=Test, O=Test, L=Test, ST=Test, C=IN
Serial number: 4d74a0ac
Valid from: Mon Mar 07 20:09:00 EST 2011 until: Sun Jun 05 19:09:00 EST 2011
Certificate fingerprints:
         MD5:  09:55:E3:C2:A8:60:D6:4E:E2:56:6A:07:0D:57:4A:66
         SHA1: 30:9B:7C:CC:E2:D0:89:1A:43:34:E8:33:C7:8D:AD:FA:A6:CB:81:30
**************

a WSDD file with following entries (along with others)
**************
<requestFlow >
    <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
    <parameter name="action" value="Signature"/>
    <parameter name="signatureKeyIdentifier" value="DirectReference"/>
    <parameter name="user" value="business"/>
    <parameter name="SIG_PROP_FILE" value="crypto.properties"/>  
     </handler>
   </requestFlow >
*****************

crypto.properties
*********************

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=mykeystore
org.apache.ws.security.crypto.merlin.keystore.alias=business
org.apache.ws.security.crypto.merlin.file=<dir-name>/mykeystore
**********************

My keystore contains both the public key (embedded in the certificate) and the private key which is not visible (but it is there since I used -genkey option that creates the pair. I also verified by extracting the private key through java code).

My first question is whether <parameter name="user" value="business"/> property in the WSDD file enable handler to pick the private key for signing? I am asking because both the public and the private key are there and they are being referenced by the single alias i.e. "business". So, how would handler know which key to use to sign the XML request.

any help please?

Thanks a lot.
Leo

0
Comment
Question by:LeoKris
2 Comments
 
LVL 92

Accepted Solution

by:
objects earned 2000 total points
ID: 35144975
> So, how would handler know which key to use to sign the XML request.

private keys are used for signing, not public keys
0
 

Author Closing Comment

by:LeoKris
ID: 35145056
Thanks objects.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Suggested Courses
Course of the Month11 days, 12 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question