restdigital-signatureelectronic-signaturep12

Call server-signing service with Base64 encoded certificate in DSS


I need to execute tok:sign request of DSS with a given certificate instead of an alias.

<alias>certificate</alias>

I tried to replace below one with a base64 string, but got following error in log.

INFO | http-nio-8080-exec-3 | o.a.cxf.services.SoapSignatureTokenConnection.FAULT_OUT | FAULT_OUT

Sample, original SOAP request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tok="http://token.dss.esig.europa.eu/">
   <soapenv:Header/>
   <soapenv:Body>
      <tok:sign>
         <toBeSigned>
            <bytes>wFNeS+K3n/2TKRMFQ2v4iTFOSj+uwF7P/Lt98xrZ5Ro=</bytes>
         </toBeSigned>
         <digestAlgorithm>SHA256</digestAlgorithm>
         <alias>certificate</alias>
      </tok:sign>
   </soapenv:Body>
</soapenv:Envelope>

I already added certificate to cacerts file, but unable to retrieve with getKeys SOAP request. Or on the other way, how could I add a new p12 to server-side to make it available by an alias?


Solution

  • p12 file is configurable in dss.properties file, base64 directly in request isn't supported:

    Server signing token
    dss.server.signing.keystore.type = PKCS12
    dss.server.signing.keystore.filename = user_a_rsa.p12
    dss.server.signing.keystore.password = password
    

    In case of demo-webapp root of dss-demonstrations repository has to be rebuilt(mvn clean install) to put a new signing certificate to webapp.