I have soap webservice. To validate messages we use signature with certificate.
When I get message and validate it with client certificate it pass. Then I sign data by our private key certificate with this code
signature = Signature.getInstance("SHA1withRSA", "SunRsaSign");
byte[] dataToSign = someXMLNodeString.getBytes();
PrivateKey privateKey = SignatureUtil.getPrivateKeyForCertificate(
"JKS", "keystorefile", "keystorepass".toCharArray(),
"keydomain", "keydomainpass".toCharArray());
signatureValue = SignatureUtil.sign(dataToSign, signature, privateKey);
public static PrivateKey getPrivateKeyForCertificate(
String keyStoreAlgorithm, String keyStoreName, char[] keystorePass,
String alias, char[] keyPassword) {
KeyStore ks = null;
try {
ks = KeyStore.getInstance(keyStoreAlgorithm);
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
}
FileInputStream ksfis = null;
try {
ksfis = new FileInputStream(keyStoreName);
} catch (FileNotFoundException e) {
e.printStackTrace();
return null;
}
BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
try {
ks.load(ksbufin, keystorePass);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
} catch (CertificateException e) {
e.printStackTrace();
return null;
} catch (IOException e) {
e.printStackTrace();
return null;
} finally {
if(null != ksbufin) {
try {
ksbufin.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
PrivateKey priv = null;
try {
priv = (PrivateKey) ks.getKey(alias, keyPassword);
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
return null;
} catch (KeyStoreException e) {
e.printStackTrace();
return null;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
return priv;
}
public static byte[] sign(byte[] data, Signature signature, PrivateKey privateKey) throws InvalidKeyException, SignatureException {
//Create a Signature object and initialize it with the private key
signature.initSign(privateKey);
// Update and sign the data
signature.update(data);
//Now that all the data to be signed has been read in,
//generate a signature for it
return signature.sign();
}
But when client validate my signature by my given certificate, it fails. I generated my certificate with these commands
keytool -genkey -alias keydomain -keysize 1024 -keyalg RSA -keystore keystorefile
keytool -export -alias keydomain -sigalg SHA1withRSA -keystore .keystorefile -file keydomain.cer -rfc
Try this one. I had similar problem with Java 1.6 and I solved it this way.
If you are using standard JDK 1.6 you must download the unrestricted policy files for the Sun JCE if you want the provider to work properly.
The policy files can be found at the same place as the JDK download.
OR
You can simply copy (overwrite) these two files 1: local_policy.jar 2: US_export_policy.jar
into directory:--> JAVA_HOME\\jre\\lib\\security\\
Found problem; it was this line
byte[] dataToSign = someXMLNodeString.getBytes();
This was wrong method to get byte[] from string object. You need to stream this string and get bytes from it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.