I need to execute tok:sign request of DSS with a given certificate instead of an alias.
<alias>certificate</alias>
I tried to replace below one with a base64 string, but got following error in log.
INFO | http-nio-8080-exec-3 | o.a.cxf.services.SoapSignatureTokenConnection.FAULT_OUT | FAULT_OUT
Sample, original SOAP request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tok="http://token.dss.esig.europa.eu/">
<soapenv:Header/>
<soapenv:Body>
<tok:sign>
<toBeSigned>
<bytes>wFNeS+K3n/2TKRMFQ2v4iTFOSj+uwF7P/Lt98xrZ5Ro=</bytes>
</toBeSigned>
<digestAlgorithm>SHA256</digestAlgorithm>
<alias>certificate</alias>
</tok:sign>
</soapenv:Body>
</soapenv:Envelope>
I already added certificate to cacerts file, but unable to retrieve with getKeys SOAP request. Or on the other way, how could I add a new p12 to server-side to make it available by an alias?
p12 file is configurable in dss.properties file, base64 directly in request isn't supported:
Server signing token
dss.server.signing.keystore.type = PKCS12
dss.server.signing.keystore.filename = user_a_rsa.p12
dss.server.signing.keystore.password = password
In case of demo-webapp root of dss-demonstrations repository has to be rebuilt(mvn clean install) to put a new signing certificate to webapp.