Identity & Access Management

Securing web services with Metro – com.sun.xml.wss.impl.XWSSecurityRuntimeException: PrivateKey returned by PrivateKeyCallback was Null

Typical exception: PrivateKey returned by PrivateKeyCallback was Null SEVERE: WSS1417: Error while processing signature java.lang.RuntimeException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: PrivateKey returned by PrivateKeyCallback was Null 09-Apr-2010 10:27:09 com.sun.xml.wss.jaxws.impl.SecurityTubeBase secureOutboundMessage SEVERE: WSSTUBE0024: Error in Securing Outbound Message. com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: PrivateKey returned by PrivateKeyCallback was Null at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:241) at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:93) at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:268) at com.sun.xml.wss.impl.SecurityAnnotator.processMessagePolicy(SecurityAnnotator.java:186) at com.sun.xml.wss.impl.SecurityAnnotator.secureMessage(SecurityAnnotator.java:147) at com.sun.xml.wss.jaxws.impl.SecurityTubeBase.secureOutboundMessage(SecurityTubeBase.java:346) at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processClientRequestPacket(SecurityClientTube.java:236) at com.sun.xml.wss.jaxws.impl.SecurityClientTube.processRequest(SecurityClientTube.java:167) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:598) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:557) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:542) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:439) at com.sun.xml.ws.client.Stub.process(Stub.java:222) at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:135) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:109) at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89) at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:118) at $Proxy48.instanceAccessQuery3(Unknown Source) at eu.webfarmr.servlet.ws.WSConnection.evaluate(WSConnection.java:156) at eu.webfarmr.servlet.ServletEnforcer.enforce(ServletEnforcer.java:150) at eu.webfarmr.servlet.AuthFilter.doFilter(AuthFilter.java:133) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:558) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:619) Caused by: com.sun.xml.wss.XWSSecurityException: java.lang.RuntimeException: com.sun.xml.wss.impl.XWSSecurityRuntimeException: PrivateKey returned by […]

Identity & Access Management

Import PKCS12 private keys into JKS keystores using Java Keytool

This is very simple yet when I googled around I saw erratic answers such as ‘it is not possible’ or ‘you have to write java code’. As a matter of fact, keytool (a key management utility shipped in Sun’s JDK) lets you do it simply. What do you want to do? Convert alice.p12 to alice.jks Why do you want to do that? In Metro, a WS stack, it is common to use JKS as a format for storing private keys How do you convert then? See below Keytool’s documentation refers to the following option -importkeystore [-v] [-srckeystore ] [-destkeystore ] [-srcstoretype ] [-deststoretype ] [-srcstorepass ] [-deststorepass ] [-srcprotected] [-destprotected] [-srcprovidername ] [-destprovidername ] [-srcalias [-destalias ] [-srckeypass ] [-destkeypass […]

Sample code screenshot - XML manipulation with XSLT
Identity & Access Management

Replace an XML element value using XSLT

The aim is to take a document, look for a specific element (by local name and URI rather than name including prefix) and replace its value. Let’s have a look at how we can achieve XML manipulation with XSLT. Where is this useful? Imagine a gateway protecting an internal web service. If that web service is WS-A enabled, it therefore has a wsa:From field that contains its internal URI. Obviously the gateway abstracts the internal service from what is seen outside as a ‘virtual’ or ‘logical’ service. One, therefore, needs to update the wsa:From field to reflect an external URI. Sample XML The XSL Other uses for XML manipulation with XSLT XSLT and XML can be be used to translate […]