Looks to me a case of server-truststore.jks being absent/corrupted at
the specified location. Can you please double check.
Vishal
arehfeld_at_tiscali.dk wrote:
>Thanks for the reply kumar.
>
>No luck by restarting tomcat one more time, and the jks-files seem fine
>when inspected whith keytool.
>I promise that the keystore and truststore files are located in the
>directory "/opt/jwsdp-1.4/xws-security/etc/" as specified in the
>connector.
>I've also tried as sugested by Vishal to change the path to
>"/usr/local/tomcat-jwsdp-1.4/xws-security/etc/" where the files are also
>located.
>One more funny thing is that when i write "https://localhost:8443" i am
>asked to accept a certificate with the name xws-security-server. So it seems
>tomcat can find the server-keystore at least.
>Here comes the full StackTrace from tomcats logfile launcher.server.log:
>
>Oct 7, 2004 2:01:08 PM com.sun.xml.wss.filter.ImportCertificateTokenFilter
>process
>SEVERE: WSS0156: Exception [ java.lang.NullPointerException: the keystore
>parameter must be non-null ] while validating certificate
>Oct 7, 2004 2:01:09 PM com.sun.xml.rpc.server.StreamingHandler handle
>SEVERE: JAXRPCTIE01: caught exception while handling request: com.sun.xml.wss.XWSSecurityException:
>java.lang.NullPointerException
>com.sun.xml.wss.XWSSecurityException: java.lang.NullPointerException
> at com.sun.xml.wss.impl.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:454)
> at com.sun.xml.wss.keyinfo.DirectReferenceStrategy.findCertificate(DirectReferenceStrategy.java:126)
> at com.sun.xml.wss.keyinfo.DirectReferenceStrategy.getAssociatedCertificate(DirectReferenceStrategy.java:100)
> at com.sun.xml.wss.filter.ExportEncryptedKeyFilter.process(ExportEncryptedKeyFilter.java:175)
> at com.sun.xml.wss.SecureCorrespondent.filterMessage(SecureCorrespondent.java:30)
> at com.sun.xml.wss.SecureCorrespondent.filterMessageInContext(SecureCorrespondent.java:42)
> at com.sun.xml.wss.SecurityAnnotator.annotateHeader(SecurityAnnotator.java:36)
> at com.sun.xml.rpc.security.SecurityPluginUtil.postResponseWritingHook(SecurityPluginUtil.java:195)
> at simple.PingPort_Tie.postResponseWritingHook(PingPort_Tie.java:254)
> at com.sun.xml.rpc.server.StreamingHandler.handle(StreamingHandler.java:412)
> at com.sun.xml.rpc.server.http.JAXRPCServletDelegate.doPost(JAXRPCServletDelegate.java:443)
> at com.sun.xml.rpc.server.http.JAXRPCServlet.doPost(JAXRPCServlet.java:86)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
> at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
> at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
> at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
> at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
> at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
> at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
> at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
> at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
> at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:790)
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:709)
> at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:572)
> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:644)
> at java.lang.Thread.run(Thread.java:534)
>Caused by: java.lang.NullPointerException
> at com.sun.xml.wss.impl.DefaultSecurityEnvironmentImpl.getCertificate(DefaultSecurityEnvironmentImpl.java:438)
> ... 39 more
>
>
>
>
>
>
>>Hi anders,
>>
>> See my comments inline.
>>
>>
>>
>>>I have copy-pasted the connector from the README file so i now have the
>>>following connectors:
>>>
>>><Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
>>>acceptCount="100" connectionTimeout="20000"
>>>disableUploadTimeout="true"
>>>port="8080" redirectPort="8443">
>>></Connector>
>>>
>>><!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
>>><Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
>>>port="8443" minProcessors="5" maxProcessors="75"
>>>enableLookups="true" disableUploadTimeout="true"
>>>acceptCount="100" debug="0" scheme="https" secure="true"
>>>keystoreFile=
>>>"/opt/jwsdp-1.4/xws-security/etc/server-keystore.jks"
>>>truststoreFile=
>>>"/opt/jwsdp-1.4/xws-security/etc/server-truststore.jks">
>>></Connector>
>>>
>>>When i try to run the sample with the encrypt-client/encrypt-server setup
>>>and
>>>endpoint.port=8443 i get the following exception:
>>>
>>>
>>>deploy-tomcat:
>>>[echo] Deploying war for simple to tomcat
>>>
>>>BUILD FAILED
>>>file:/usr/local/tomcat-jwsdp-1.4/xws-security/samples/simple/build.xml:209:
>>>
>>>
>
>
>
>>>java.io.IOException: Error writing to server
>>>
>>>
>>>Then i try the same setup with endpoint.port=8080.
>>>Everything seems to work - the client sends the encrypted message but
>>>
>>>
>
>
>
>>>then
>>>
>>>i get an exception in the serverlog:
>>>
>>>Oct 5, 2004 4:14:09 PM
>>>com.sun.xml.wss.filter.ImportCertificateTokenFilter
>>>process
>>>SEVERE: WSS0156: Exception [ java.lang.NullPointerException: the keystore
>>>parameter must be non-null ] while validating certificate
>>>
>>>
>>>
>>The fact that keystore parameter is being obtained as NULL seems to
>>indicate that the following things might be the problem.
>>
>>1. After you copy paste the connector element, Tomcat needs to shutdown
>>
>>
>
>
>
>>and restarted again and then the client program should be run. (See if
>>
>>
>
>
>
>>this helps).
>>
>>2. If (1) is not helping, then see if the keystores and truststores
>>are indeed located at the places specified.
>>
>>
>>
>>>/opt/jwsdp-1.4/xws-security/etc/server-keystore.jks>
>>>/opt/jwsdp-1.4/xws-security/etc/server-truststore.jks
>>>
>>>
>>3. If the keystore and truststore are indeed located at the path, then
>>
>>
>a
>
>
>>3rd thing (which is most likely not the case, given the Exception string
>>
>>
>
>
>
>>) is to check if the keystore and truststore files are not corrupted for
>>
>>
>
>
>
>>some reason.
>>
>>run the following command
>>
>>
>>
>>>keytool -list -storepass changeit -keystore server-keystore.jks
>>>
>>>
>>and you should something like following
>>
>>
>>
>>>Keystore type: jks
>>>Keystore provider: SUN
>>>Your keystore contains 1 entr
>>>s1as, Apr 11, 2004, keyEntry,
>>>Certificate fingerprint (MD5):
>>>E0:34:4B:2C:87:1C:20:B2:1A:89:F6:E2:18:25:C9:58
>>>
>>>
>
>
>
>>repeat the same for the truststore. If you get some other
>>message/exception then it could be that your keystores are corrupted.
>>Which platform are you running on is it WIN2K ?.
>>
>>
>>4. If 1,2,3 are of no help, then i presume there would have been a
>>larger StackTrace in your Server Log. Can you send us the whole
>>StackTrace (if any). Then we will be able to help you.
>>
>>regards,
>>kumar
>>
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_jax-rpc.dev.java.net
>For additional commands, e-mail: users-help_at_jax-rpc.dev.java.net
>
>
>