You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Cristian Opincaru <cr...@gmail.com> on 2006/10/20 18:16:16 UTC
Signature with PKCS11 (smartcards)
Hi,
I'm trying to sign some parts of a SOAP message using a Smartcard. My code
looks something like this:
// Load the keystore
KeyStore ks = KeyStore.getInstance("PKCS11");
String pin = "1234";
ks.load(null, pin.toCharArray());
Merlin crypto = (Merlin) CryptoFactory.getInstance("
org.apache.ws.security.components.crypto.Merlin",(Properties) null);
crypto.setKeyStore(ks);
// Sign the body & insert the signature
org.apache.ws.security.SOAPConstants soapConstants =
org.apache.ws.security.SOAPConstants.SOAP11_CONSTANTS;
WSSecSignature signer = new WSSecSignature();
signer.setUserInfo(username, password);
signer.setUseSingleCertificate(true);
Vector parts = new Vector();
WSEncryptionPart part = new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),
soapConstants.getEnvelopeURI(),
"Content");
parts.add(part);
signer.setParts(parts); // this is optional since the body is
signed by default
envelope = signer.build(envelope, crypto, hSec);
Now, when I try to sign, I get the following exception:
org.apache.ws.security.WSSecurityException: Signature creation failed;
nested exception is:
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:603)
at org.apache.ws.security.message.WSSecSignature.build(
WSSecSignature.java:668)
at de.unibw.s3f.client.authentication.TestX509AndLicenseToken.main(
TestX509AndLicenseToken.java:167)
Caused by: org.apache.xml.security.signature.XMLSignatureException: Supplied
key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey
instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:599)
... 2 more
Any ideas? It might be, that the private key (which is stored on the
smartcard) is unextractable ...
Any help is welcomed!
Cheers,
Cristian
--
Cristian OPINCARU
University of the Federal Armed Forces Munich
http://www.unibw.de/cristian.opincaru