0 Replies Latest reply: Apr 2, 2012 6:44 AM by ganesh jadhav RSS

Jboss 6.1.0 + Jboss native WS +Message Signing

ganesh jadhav Newbie

Hi,

Configuration :

 

Jboss version : Jboss 6.1.0

Jboss WS native lib : jbossws-native-4.0.0.CR1

 

I have deployed a WS (EJB 3.0 exposed as WS).

 

EJB Code :

 

 

@WebService (name="TestWSEJBRemote",serviceName = "TestWSEJBService")

@SOAPBinding(style = SOAPBinding.Style.DOCUMENT)

@Remote(TestWSEJBRemote.class)

@EndpointConfig(configName = "Standard WSSecurity Endpoint")

@SecurityDomain("JBossWS")

@Stateless (name = "TestWSEJBRemote")

public class TestWSEJB implements TestWSEJBRemote{

@WebMethod

public String ping (String name)

{

return "Hello : " + name;

}

}

 

Remote Interface :

 

@WebService

public interface TestWSEJBRemote {

    public String ping (String name);

}

 

 

----------------------------------------------------------

I created keystore, truststore and certificates like this.

 

Create the server keystore

keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"

 

Create the server certificate

 

keytool -export -alias serverkeys -keystore server.keystore -storepass 123456 -file server.cer

 

Create the client keystore

 

keytool -genkey -alias clientkeys  -keyalg RSA -keystore client.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost, OU=MYOU, O=MYORG, L=MYCITY, S=MYSTATE, C=MY" 

 

Create the client certificate

 

keytool -export -alias clientkeys -keystore client.keystore -storepass 123456 -file client.cer

 

Import server certificate into client truststore

 

keytool -import -v -keystore client.truststore  -storepass 123456 -file server.cer

 

Import client certificate into server truststore

 

keytool -import -v -keystore server.truststore  -storepass 123456 -file client.cer

----------------------------------------------------------------------------------------------------------------------------------------------

 

 

Client Code :

 

URL url = new URL(

                    "http://XXX:8380/testmewsse/TestWSEJBService/TestWSEJBRemote?wsdl");

            QName qn = new QName("http://ejb.wsse.gj.com/", "TestWSEJBService");

            System.setProperty("org.jboss.ws.wsse.keyStore","./resources/client.keystore");

            System.setProperty("org.jboss.ws.wsse.keyStorePassword","123456");

            System.setProperty("org.jboss.ws.wsse.trustStore","./resources/client.truststore");

            System.setProperty("org.jboss.ws.wsse.trustStorePassword","123456");

            System.setProperty("org.jboss.ws.wsse.keyStoreType","jks");

            System.setProperty("org.jboss.ws.wsse.trustStoreType","jks");

            Service s = Service.create(url, qn);

            s.getPorts();

            TestWSEJBRemote port = s.getPort(TestWSEJBRemote.class);

           

            URL securityURL = new File(

                    "resources/jboss-wsse-client.xml").toURL();

            ((StubExt) port).setSecurityConfig(securityURL.toExternalForm());

            ((StubExt) port).setConfigName("Standard WSSecurity Client");

            //((StubExt) port).("Standard WSSecurity Client");

            ((BindingProvider) port).getRequestContext().put(

                    BindingProvider.USERNAME_PROPERTY, "kermit");

            ;

            ((BindingProvider) port).getRequestContext().put(

                    BindingProvider.PASSWORD_PROPERTY, "thefrog");

            ;

            System.out.println("Invoking the sayHello operation on the port.");

            String response = port.ping("ganesh");

 

------------------------------------

 

All files keystore and truststore files are placed at right location. The server.log shows the incoming signed message, and the dispatched signed outgoing messages to the above client.

 

The client is not able to decode the return message. (it says there is internal WS error please see the log, no log is generated at client side).

 

After debugging the native code source, i found it out that the validateCertificate method of the org.jboss.ws.extensions.security.SecurityStore is getting falied while calling

parameters = new PKIXParameters(trustStore);

I am getting  "the trustAnchors parameters must  be non-null"  exception. I inspected the trustStore, it does contain the certificate with proper alias name in my case it is  "clientkeys".

 

Am i correctly creating all keystores and trustores?

 

Regards

Ganesh