You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (Closed) (JIRA)" <ji...@apache.org> on 2011/10/21 14:26:32 UTC
[jira] [Closed] (SANTUARIO-102) Private keys must be instance of
RSAPrivate or have PKCS#8 encoding
[ https://issues.apache.org/jira/browse/SANTUARIO-102?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed SANTUARIO-102.
-----------------------------------------
> Private keys must be instance of RSAPrivate or have PKCS#8 encoding
> -------------------------------------------------------------------
>
> Key: SANTUARIO-102
> URL: https://issues.apache.org/jira/browse/SANTUARIO-102
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Environment: Operating System: other
> Platform: Other
> Reporter: Fillipe Lima
> Assignee: Colm O hEigeartaigh
> Fix For: Java 1.4.6
>
>
> Hello
> I am having a problem. My application is an applet that generate a xml and sign
> it with PrivateKey from SmartCard.
> The first time, it works fine! however when i try to sign again (second time), i
> get this exception:
> java.security.InvalidKeyException: Private keys must be instance of
> RSAPrivate(Crt)Key or have PKCS#8 encoding
> The exception occurs when calling the method: DOMSignContext dsc = new
> DOMSignContext(pk, doc.getDocumentElement()); This method is part of the
> following code:
> Does any body know what could i do to solve this problem ?
> ======= code that generates the xml signature
> String providerName = System.getProperty("jsr105Provider",
> "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
> XMLSignatureFactory fac = XMLSignatureFactory.getInstance(
> "DOM",
> (Provider) Class.forName(providerName).newInstance());
> Reference ref = fac.newReference(
> "",
> fac.newDigestMethod(DigestMethod.SHA1, null),
> Collections.singletonList(fac.newTransform(
> Transform.ENVELOPED,
> (TransformParameterSpec) null)),
> null,
> null);
> SignedInfo si = fac.newSignedInfo(
> fac.newCanonicalizationMethod(
> CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
> (C14NMethodParameterSpec) null),
> fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
> Collections.singletonList(ref));
> KeyInfoFactory kif = fac.getKeyInfoFactory();
> X509Data x509 = kif.newX509Data(Collections.singletonList(cert));
> KeyInfo ki = kif.newKeyInfo(Collections.singletonList(x509));
> DOMSignContext dsc = new DOMSignContext(pk, doc.getDocumentElement());
> XMLSignature signature = fac.newXMLSignature(si, ki);
> signature.sign(dsc);
> return doc;
> }
> ======= code that get de PrivateKey and Certificate from Smart Card:
> String configuracao = "name = SmartCard\n" +
> "library = c:\\windows\\system32\\aetpkss1.dll";
> byte[] configuracaoBytes = configuracao.getBytes();
> ByteArrayInputStream configuracaoStream = new
> ByteArrayInputStream(configuracaoBytes);
> sun.security.pkcs11.SunPKCS11 provider = new
> sun.security.pkcs11.SunPKCS11(configuracaoStream);
> Security.addProvider(provider);
> this.nomeProvider = provider.getName();
> this.repositorio = KeyStore.getInstance("PKCS11", provider);
> repositorio.load(null, pin.toCharArray());
> this.inicializarDados(pin);
> String keyEntry = null;
> boolean ok = false;
> Enumeration en = repositorio.aliases();
> while(en.hasMoreElements()) {
> keyEntry = (String)en.nextElement();
> if(repositorio.isKeyEntry(keyEntry)){
> ok = true;
> break;
> }
> }
> if(ok){
> certificado = (X509Certificate) repositorio.getCertificate(keyEntry);
> chavePrivada = (PrivateKey) repositorio.getKey(keyEntry, pin.toCharArray());
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira