Re: [Fwd: The simple sample - Tomcat]

From: <>
Date: Thu, 7 Oct 2004 15:00:56 +0200

Thanks for the reply kumar.

No luck by restarting tomcat one more time, and the jks-files seem fine
when inspected whith keytool.
I promise that the keystore and truststore files are located in the
directory "/opt/jwsdp-1.4/xws-security/etc/" as specified in the
I've also tried as sugested by Vishal to change the path to
"/usr/local/tomcat-jwsdp-1.4/xws-security/etc/" where the files are also
One more funny thing is that when i write "https://localhost:8443" i am
asked to accept a certificate with the name xws-security-server. So it seems
tomcat can find the server-keystore at least.
Here comes the full StackTrace from tomcats logfile launcher.server.log:

Oct 7, 2004 2:01:08 PM com.sun.xml.wss.filter.ImportCertificateTokenFilter
SEVERE: WSS0156: Exception [ java.lang.NullPointerException: the keystore
parameter must be non-null ] while validating certificate
Oct 7, 2004 2:01:09 PM com.sun.xml.rpc.server.StreamingHandler handle
SEVERE: JAXRPCTIE01: caught exception while handling request: com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException
        at com.sun.xml.wss.impl.DefaultSecurityEnvironmentImpl.getCertificate(
        at com.sun.xml.wss.keyinfo.DirectReferenceStrategy.findCertificate(
        at com.sun.xml.wss.keyinfo.DirectReferenceStrategy.getAssociatedCertificate(
        at com.sun.xml.wss.filter.ExportEncryptedKeyFilter.process(
        at com.sun.xml.wss.SecureCorrespondent.filterMessage(
        at com.sun.xml.wss.SecureCorrespondent.filterMessageInContext(
        at com.sun.xml.wss.SecurityAnnotator.annotateHeader(
        at simple.PingPort_Tie.postResponseWritingHook(
        at com.sun.xml.rpc.server.StreamingHandler.handle(
        at com.sun.xml.rpc.server.http.JAXRPCServletDelegate.doPost(
        at com.sun.xml.rpc.server.http.JAXRPCServlet.doPost(
        at javax.servlet.http.HttpServlet.service(
        at javax.servlet.http.HttpServlet.service(
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(
        at org.apache.catalina.core.StandardWrapperValve.invoke(
        at org.apache.catalina.core.StandardValveContext.invokeNext(
        at org.apache.catalina.core.StandardPipeline.invoke(
        at org.apache.catalina.core.StandardContextValve.invokeInternal(
        at org.apache.catalina.core.StandardContextValve.invoke(
        at org.apache.catalina.core.StandardValveContext.invokeNext(
        at org.apache.catalina.core.StandardPipeline.invoke(
        at org.apache.catalina.core.StandardHostValve.invoke(
        at org.apache.catalina.core.StandardValveContext.invokeNext(
        at org.apache.catalina.valves.ErrorReportValve.invoke(
        at org.apache.catalina.core.StandardValveContext.invokeNext(
        at org.apache.catalina.core.StandardPipeline.invoke(
        at org.apache.catalina.core.StandardEngineValve.invoke(
        at org.apache.catalina.core.StandardValveContext.invokeNext(
        at org.apache.catalina.valves.AccessLogValve.invoke(
        at org.apache.catalina.core.StandardValveContext.invokeNext(
        at org.apache.catalina.core.StandardPipeline.invoke(
        at org.apache.catalina.core.ContainerBase.invoke(
        at org.apache.coyote.tomcat5.CoyoteAdapter.service(
        at org.apache.coyote.http11.Http11Processor.process(
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(
        at org.apache.tomcat.util.threads.ThreadPool$
Caused by: java.lang.NullPointerException
        at com.sun.xml.wss.impl.DefaultSecurityEnvironmentImpl.getCertificate(
        ... 39 more


>Hi anders,
> See my comments inline.
>> I have copy-pasted the connector from the README file so i now have the
>> following connectors:
>> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
>> acceptCount="100" connectionTimeout="20000"
>> disableUploadTimeout="true"
>> port="8080" redirectPort="8443">
>> </Connector>
>> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
>> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
>> port="8443" minProcessors="5" maxProcessors="75"
>> enableLookups="true" disableUploadTimeout="true"
>> acceptCount="100" debug="0" scheme="https" secure="true"
>> keystoreFile=
>> "/opt/jwsdp-1.4/xws-security/etc/server-keystore.jks"
>> truststoreFile=
>> "/opt/jwsdp-1.4/xws-security/etc/server-truststore.jks">
>> </Connector>
>> When i try to run the sample with the encrypt-client/encrypt-server setup
>> and
>> endpoint.port=8443 i get the following exception:
>> deploy-tomcat:
>> [echo] Deploying war for simple to tomcat
>> file:/usr/local/tomcat-jwsdp-1.4/xws-security/samples/simple/build.xml:209:

>> Error writing to server
>> Then i try the same setup with endpoint.port=8080.
>> Everything seems to work - the client sends the encrypted message but

>> then
>> i get an exception in the serverlog:
>> Oct 5, 2004 4:14:09 PM
>> com.sun.xml.wss.filter.ImportCertificateTokenFilter
>> process
>> SEVERE: WSS0156: Exception [ java.lang.NullPointerException: the keystore
>> parameter must be non-null ] while validating certificate
> The fact that keystore parameter is being obtained as NULL seems to
>indicate that the following things might be the problem.
>1. After you copy paste the connector element, Tomcat needs to shutdown

>and restarted again and then the client program should be run. (See if

>this helps).
>2. If (1) is not helping, then see if the keystores and truststores
>are indeed located at the places specified.
>> /opt/jwsdp-1.4/xws-security/etc/server-keystore.jks>
>> /opt/jwsdp-1.4/xws-security/etc/server-truststore.jks
>3. If the keystore and truststore are indeed located at the path, then
>3rd thing (which is most likely not the case, given the Exception string

>) is to check if the keystore and truststore files are not corrupted for

>some reason.
>run the following command
>> keytool -list -storepass changeit -keystore server-keystore.jks
>and you should something like following
>> Keystore type: jks
>> Keystore provider: SUN
>> Your keystore contains 1 entr
>> s1as, Apr 11, 2004, keyEntry,
>> Certificate fingerprint (MD5):
>> E0:34:4B:2C:87:1C:20:B2:1A:89:F6:E2:18:25:C9:58

>repeat the same for the truststore. If you get some other
>message/exception then it could be that your keystores are corrupted.
>Which platform are you running on is it WIN2K ?.
>4. If 1,2,3 are of no help, then i presume there would have been a
>larger StackTrace in your Server Log. Can you send us the whole
>StackTrace (if any). Then we will be able to help you.

To unsubscribe, e-mail:
For additional commands, e-mail: