cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem getting private key

Former Member

on ‎01-08-2008 3:51 PM

0 Kudos

Hi all,

I have a problem in loading the private key of my J2EE Engine into an EJB for generation of signatures.

Code snipet:

InitialContext context = new InitialContext();

KeyStoreManager manager = (KeystoreManager) context.lookup("keystore");

KeyStore keyStore = manager.getKeystore(keyStoreView);

SsfProfileKeyStore profile = new SsfProfileKeyStore(keyStore, alias, null);

PrivateKey key = profile.getPrivateKey();

java.security.Signature sig = Signature.getInstance("SHA1withRSA");

sig.initSign(key);

So as I said, I have to do this within an EJB for security reasons. My problem is at the point where the private key is derived from the profile. the getPrivateKey method always returns null.

But if I add a main method to the EJB (senceless I know) and derive the InitialContext remote, it returns the private key and the signature is created.

I also tested to do this with: SsfDataXML and its sign method. If I do this remote, the signature is created. But deploayed as EJB, I get the message:

Private key of signer not available

I checked the permissions within the Security Provider --> XiRuntimePermission and within the Key Storage --> tab Security and gave my deployed EJB the permissions.

Any Ideas?

Thanks

Olli

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-08-2008 4:08 PM
0 Kudos

Permission Problem

For those it might help:

You need Permission GET_VIEW for the key store view and "READ_ENTRY" for reading the private key in this case.

If you don't have the second it will NOT come to an Exception "NoPermission" or something else.

Edited by: Oliver Huppert on Jan 8, 2008 11:08 AM

Show replies
Show replies
henrique_pinto
Active Contributor
‎01-08-2008 6:46 PM
0 Kudos

Hi Oliver,

great info.

These permissions are code-based or set within Visual Admin?

If the later, where is this configuration done?

Thank you and best regards,

Henrique.

Former Member
‎01-09-2008 8:31 AM
0 Kudos

Hello Henrique,

the permissions are set within the "Key Storage" Service. This can be done via the visual admin. There is a tab on the bottom "Security". Than you have to choose the action "GET_VIEW", the view you want to access and add your domain (~software component) with "GRANT". After that you have to add the permission "READ_ENTRY", choose the view and the entry below and grant it also to your domain.

Hope this helps....

Regards

Olli

henrique_pinto
Active Contributor
‎01-10-2008 3:41 PM
0 Kudos

Hi Oliver,

thank you for your update.

I've done it but my EJB stops abruptely. I've got no idea what's going on.

I'll try it a little more and let you know.

Best regards,

Henrique.

Ask a Question