on 01-08-2008 3:51 PM
Hi all,
I have a problem in loading the private key of my J2EE Engine into an EJB for generation of signatures.
Code snipet:
InitialContext context = new InitialContext();
KeyStoreManager manager = (KeystoreManager) context.lookup("keystore");
KeyStore keyStore = manager.getKeystore(keyStoreView);
SsfProfileKeyStore profile = new SsfProfileKeyStore(keyStore, alias, null);
PrivateKey key = profile.getPrivateKey();
java.security.Signature sig = Signature.getInstance("SHA1withRSA");
sig.initSign(key);
So as I said, I have to do this within an EJB for security reasons. My problem is at the point where the private key is derived from the profile. the getPrivateKey method always returns null.
But if I add a main method to the EJB (senceless I know) and derive the InitialContext remote, it returns the private key and the signature is created.
I also tested to do this with: SsfDataXML and its sign method. If I do this remote, the signature is created. But deploayed as EJB, I get the message:
Private key of signer not available
I checked the permissions within the Security Provider --> XiRuntimePermission and within the Key Storage --> tab Security and gave my deployed EJB the permissions.
Any Ideas?
Thanks
Olli
Permission Problem
For those it might help:
You need Permission GET_VIEW for the key store view and "READ_ENTRY" for reading the private key in this case.
If you don't have the second it will NOT come to an Exception "NoPermission" or something else.
Edited by: Oliver Huppert on Jan 8, 2008 11:08 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Henrique,
the permissions are set within the "Key Storage" Service. This can be done via the visual admin. There is a tab on the bottom "Security". Than you have to choose the action "GET_VIEW", the view you want to access and add your domain (~software component) with "GRANT". After that you have to add the permission "READ_ENTRY", choose the view and the entry below and grant it also to your domain.
Hope this helps....
Regards
Olli
User | Count |
---|---|
77 | |
9 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.