Menu
▾
▴
signserver-develop
|
From: Markus K. <ma...@pr...> - 2014-01-10 14:45:15
|
Dear Cristian, (Please, use a new subject for posts concerning a new topic) See answers below. On 2014-01-09 00:31, Cristian Altamirano wrote: > Dears. > I am testing utimaco Simulation with Signserver. > But I cannot understand where is the property defaultkey. > ¿Where is defaultkey in the image? > Atach a image with the configuration Utimaco Simulation. > The SignServer worker property DEFAULTKEY should contain the key alias (label) of the key _in_ the HSM slot. In your configuration below you have indicated that there should be a key named "tres" in the slot. On the picture it looks like you have a _slot_ labeled tres however the certificate is what is pointing out which key to use and it is labeled (CKA_LABEL) "X509 Certifificate" (!). Either you should use that as value for DEFAULTKEY or change that to be "tres". > > Then I made this configuration file. > > ## Global properties > > GLOB.WORKERGENID1.CLASSPATH = org.signserver.module. > xmlsigner.XMLSigner > GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = > org.signserver.server.cryptotokens.PKCS11CryptoToken > > > ## General properties > > WORKERGENID1.NAME <http://WORKERGENID1.NAME>=XMLSignerTest > WORKERGENID1.AUTHTYPE=NOAUTH > > ## PKCS11CryptoToken properties > > WORKERGENID1.sharedLibrary=/home/cristian/utimaco/Software/PKCS11/lib/Linux-x86-32/libcs2_pkcs11.so > WORKERGENID1.slot=3 > WORKERGENID1.defaultKey=tres > WORKERGENID1.pin tres > > > The administrator of signserver say: > > Status of Signer with Id 1 is : > Worker status : Offline > Token status : Active > Signings: 0 (counter disabled) > Errors: > No signer certificate available > Certificate chain not available > > Why? Most likely offline because of the wrong name of the key as well as because the certificate and certificate chain needs to be uploaded to SignServer explicitly. See the quick install guide: http://www.signserver.org/manual/installguide.html#Production%20configuration%20with%20HSM Also note that SignServer (Java) has some requirements on the key representation in the slot. It is normally best to use a Java tool when creating or importing the key to the HSM to be sure it will be readable by Java. > > If I add certificate PKCS12 at slot 3 using p11tool. > > Can I work with a certified pre-loaded on hsm? SignServer does not use the certificate in the slot more than to point out which key-pair to use. The certificate currently has to be uploaded to SignServer explicitly as described in the quick install guide above. Best regards, Markus PrimeKey Solutions > > Regards. > > > > > > > > > > > > -- > Cristian Altamirano > > |
|
From: Markus K. <ma...@pr...> - 2014-01-11 11:36:04
|
That's great Cristian!
Cheers,
Markus
On 2014-01-10 16:22, Cristian Altamirano wrote:
> Markus.
> Thank by answer.
> I tell you resolved my problem adding my certificate To HSM using java.
> The Java Class for add certificate to Utimaco HSM:
>
> import java.io.File;
> import java.io.FileInputStream;
> import java.io.FileNotFoundException;
> import java.io.IOException;
> import java.security.KeyStore;
> import java.security.KeyStoreException;
> import java.security.NoSuchAlgorithmException;
> import java.security.PrivateKey;
> import java.security.Provider;
> import java.security.Security;
> import java.security.UnrecoverableKeyException;
> import java.security.cert.CertificateException;
> import java.util.Enumeration;
>
> /**
> * @author Cristian Altamirano <cal...@gm...
> <mailto:cal...@gm...>>
> * @version 1.6
> (jdk-6u25-linux-i586.rpm)
> * @since 09/01/2014
> */
> public class AdderHSM {
> /*
> * pkcs11.cfg :
> * name=HSMToken
>
> library=/home/cristian/utimaco/Software/PKCS11/lib/Linux-x86-32/libcs2_pkcs11.so
> description=SafeGuard CryptoServer PKCS11 provider
> slot=8
> */
> /*
> * lib used: sunpkcs11.jar
> */
> private static final String UTIMACO_CONFIG =
> "/home/cristian/utimaco/SUNProvider/pkcs11.cfg";
> private static final String KEY_PIN = "ocho";
> public void pkcs12ToPckcs11() throws KeyStoreException,
> NoSuchAlgorithmException, CertificateException, FileNotFoundException,
> IOException, UnrecoverableKeyException{
>
> //Read certificate from file System
> String certificateKey="****";
> KeyStore keyStore = KeyStore.getInstance("pkcs12");
> //Load the keystore
> keyStore.load(new
> FileInputStream("/home/cristian/caltamirano.p12"),
> certificateKey.toCharArray());
> String alias = "";
> Enumeration<String> e = keyStore.aliases();
> //Get the alias from certificate
> while (e.hasMoreElements()) {
> alias = (String) e.nextElement();
> }
>
> //Load the HSM configuration
> FileInputStream fis = new FileInputStream(new
> File(UTIMACO_CONFIG));
> Provider provider = new sun.security.pkcs11.SunPKCS11(fis);
> Security.addProvider(provider);
> KeyStore p11 = KeyStore.getInstance("PKCS11", provider);
> p11.load(null, KEY_PIN.toCharArray());
>
> //Add the keystore to Utimaco HSM
> KeyStore.PrivateKeyEntry priEntry = new
> KeyStore.PrivateKeyEntry((PrivateKey) keyStore.getKey(alias,
> certificateKey.toCharArray()), keyStore.getCertificateChain(alias));
> KeyStore.PasswordProtection passwordProtection = new
> KeyStore.PasswordProtection(certificateKey.toCharArray());
> //Now add the key Alias = defaulKey in signserver file
> configuration ( qs_xmlsigner_configuration.properties)
> p11.setEntry("caltamiranoKeyAlias", priEntry,
> passwordProtection);
>
>
> System.out.println("Certified add to HSM utimaco");
> }
> }
>
>
> Then qs_xmlsigner_configuration.properties
>
>
> # $Id: qs_xmlsigner_configuration.properties 1729 2011-06-17 11:58:25Z
> netmackan $
> #
> # Example SignServer configuration property file
> #
> # Used to quick install a XMLSigner
> #
> # Install with the command:
> # bin/signserver.sh setproperties
> sample-configs/qs_xmlsigner_configuration.properties
> #
>
> ## Global properties
>
> GLOB.WORKERGENID1.CLASSPATH = org.signserver.module.xmlsigner.XMLSigner
> #GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.SoftCryptoToken
> #GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.P12CryptoToken
> GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> org.signserver.server.cryptotokens.PKCS11CryptoToken
>
>
> ## General properties
>
> WORKERGENID1.NAME <http://WORKERGENID1.NAME>=XMLSigner
> WORKERGENID1.AUTHTYPE=NOAUTH
>
> ## P12CryptoToken properties
>
> #WORKERGENID1.KEYSTOREPATH=/home/cristian/certificados/esign/caltamirano.p12
> #WORKERGENID1.KEYSTOREPASSWORD=1947
>
>
> ## PKCS11CryptoToken properties
>
> WORKERGENID1.sharedLibrary=/home/cristian/utimaco/Software/PKCS11/lib/Linux-x86-32/libcs2_pkcs11.so
> WORKERGENID1.slot=8
> WORKERGENID1.defaultKey=caltamiranoKeyAlias
> WORKERGENID1.pin ocho
>
>
> Then add config and certificate using CLI signserver.
>
> ./signserver setproperties qs_xmlsigner_configuration.properties
> ./signserver uploadsignercertificate /home/cristian/caltamirano.pem
> ./signserver uploadsignercertificatechain chain.pem
>
> Now reload config and works.
>
> ./signserver reload all.
>
>
> Regards.
>
>
>
>
>
>
>
> On Fri, Jan 10, 2014 at 11:45 AM, Markus Kilås <ma...@pr...
> <mailto:ma...@pr...>> wrote:
>
> Dear Cristian,
>
> (Please, use a new subject for posts concerning a new topic)
>
> See answers below.
>
> On 2014-01-09 00:31, Cristian Altamirano wrote:
> > Dears.
> > I am testing utimaco Simulation with Signserver.
> > But I cannot understand where is the property defaultkey.
> > ¿Where is defaultkey in the image?
> > Atach a image with the configuration Utimaco Simulation.
> >
>
> The SignServer worker property DEFAULTKEY should contain the key alias
> (label) of the key _in_ the HSM slot. In your configuration below you
> have indicated that there should be a key named "tres" in the slot.
>
> On the picture it looks like you have a _slot_ labeled tres however the
> certificate is what is pointing out which key to use and it is labeled
> (CKA_LABEL) "X509 Certifificate" (!).
>
> Either you should use that as value for DEFAULTKEY or change that to be
> "tres".
>
> >
> > Then I made this configuration file.
> >
> > ## Global properties
> >
> > GLOB.WORKERGENID1.CLASSPATH = org.signserver.module.
> > xmlsigner.XMLSigner
> > GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH =
> > org.signserver.server.cryptotokens.PKCS11CryptoToken
> >
> >
> > ## General properties
> >
> > WORKERGENID1.NAME <http://WORKERGENID1.NAME>
> <http://WORKERGENID1.NAME>=XMLSignerTest
> > WORKERGENID1.AUTHTYPE=NOAUTH
> >
> > ## PKCS11CryptoToken properties
> >
> >
> WORKERGENID1.sharedLibrary=/home/cristian/utimaco/Software/PKCS11/lib/Linux-x86-32/libcs2_pkcs11.so
> > WORKERGENID1.slot=3
> > WORKERGENID1.defaultKey=tres
> > WORKERGENID1.pin tres
> >
> >
> > The administrator of signserver say:
> >
> > Status of Signer with Id 1 is :
> > Worker status : Offline
> > Token status : Active
> > Signings: 0 (counter disabled)
> > Errors:
> > No signer certificate available
> > Certificate chain not available
> >
> > Why?
>
> Most likely offline because of the wrong name of the key as well as
> because the certificate and certificate chain needs to be uploaded to
> SignServer explicitly. See the quick install guide:
> http://www.signserver.org/manual/installguide.html#Production%20configuration%20with%20HSM
>
> Also note that SignServer (Java) has some requirements on the key
> representation in the slot. It is normally best to use a Java tool when
> creating or importing the key to the HSM to be sure it will be readable
> by Java.
>
> >
> > If I add certificate PKCS12 at slot 3 using p11tool.
> >
> > Can I work with a certified pre-loaded on hsm?
>
> SignServer does not use the certificate in the slot more than to point
> out which key-pair to use. The certificate currently has to be uploaded
> to SignServer explicitly as described in the quick install guide above.
>
>
> Best regards,
> Markus
> PrimeKey Solutions
>
> >
> > Regards.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > Cristian Altamirano
> >
> >
>
>
>
>
> --
> Saluda.
> Cristian Altamirano
>
>
--
Kind regards,
Markus Kilås
PKI Specialist
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
|
From: <ant...@yo...> - 2014-02-02 00:57:13
|
Hi everyone,
I try to access to a Remote EJB from an instance of glassfish 3.
Signserver is running on another server on glassfish 2.
I can not access to the remote ejb. The jndi name is not recognized.
Here is my code :
Properties props = new Properties();
props.setProperty("org.omg.CORBA.ORBInitialHost", "signserverpki");
props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
InitialContext ic = null;
try {
ic = new InitialContext(props);
} catch (NamingException ex) {
java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
null, ex);
}
IRemote worker = null;
try {
worker = (IRemote)
ic.lookup("org.signserver.ejb.interfaces.IWorkerSession$IRemote");
} catch (NamingException ex) {
java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
null, ex);
}
The exception thrown is :
javax.naming.NamingException: Lookup failed for
'org.signserver.ejb.interfaces.IWorkerSession$IRemote' in
SerialContext[myEnv={org.omg.CORBA.ORBInitialPort=3700,
java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,
org.omg.CORBA.ORBInitialHost=signserverpki,
java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,
java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root exception
is javax.naming.NameNotFoundException:
org.signserver.ejb.interfaces.IWorkerSession$IRemote not found]
I am working with signserver 3.2.3
Thanks a lot for your help.
Antoine
|
|
From: Markus K. <ma...@pr...> - 2014-02-03 08:24:00
|
On 2014-02-02 01:43, ant...@yo... wrote:
> Hi everyone,
>
> I try to access to a Remote EJB from an instance of glassfish 3.
>
> Signserver is running on another server on glassfish 2.
>
> I can not access to the remote ejb. The jndi name is not recognized.
>
> Here is my code :
>
> Properties props = new Properties();
> props.setProperty("org.omg.CORBA.ORBInitialHost", "signserverpki");
> props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
> InitialContext ic = null;
> try {
> ic = new InitialContext(props);
> } catch (NamingException ex) {
> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
> null, ex);
> }
>
> IRemote worker = null;
> try {
> worker = (IRemote)
> ic.lookup("org.signserver.ejb.interfaces.IWorkerSession$IRemote");
> } catch (NamingException ex) {
> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
> null, ex);
> }
>
> The exception thrown is :
> javax.naming.NamingException: Lookup failed for
> 'org.signserver.ejb.interfaces.IWorkerSession$IRemote' in
> SerialContext[myEnv={org.omg.CORBA.ORBInitialPort=3700,
> java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,
> org.omg.CORBA.ORBInitialHost=signserverpki,
> java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,
> java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root exception
> is javax.naming.NameNotFoundException:
> org.signserver.ejb.interfaces.IWorkerSession$IRemote not found]
>
>
> I am working with signserver 3.2.3
>
> Thanks a lot for your help.
>
>
> Antoine
>
> ------------------------------------------------------------------------------
> WatchGuard Dimension instantly turns raw network data into actionable
> security intelligence. It gives you real-time visual feedback on key
> security issues and trends. Skip the complicated setup - simply import
> a virtual appliance and go from zero to informed in seconds.
> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
Hi Antoine,
I don't think I tried EJB lookups between different application servers
and especially not between two different versions, but at least the code
looks correct if it were used to lookup from a client application.
Maybe there could be an issue with the two different versions, have you
tried if the code works between two GlassFish V2 ?
Regards,
Markus
|
|
From: <ant...@yo...> - 2014-02-03 13:02:12
|
Thanks Markus for your answer.
Unfortunately, I can not test with 2 glassfish v2.
In SigningAndValidationEJB constructor comment, we can see that :
/**
* Creates an instance of SigningAndValidationEJB with default
initial context:
* <pre>
* INITIAL_CONTEXT_FACTORY =
"org.jnp.interfaces.NamingContextFactory"
* URL_PKG_PREFIXES = "org.jboss.naming:org.jnp.interfaces"
* PROVIDER_URL = "jnp://localhost:1099"
* </pre>
*
* @throws NamingException If an naming exception is encountered.
*/
Is it the correct configuration to connect with an EJB ?
Thanks,
Antoine
Le 03.02.2014 09:23, Markus Kilås a écrit :
> On 2014-02-02 01:43, ant...@yo... wrote:
>> Hi everyone,
>>
>> I try to access to a Remote EJB from an instance of glassfish 3.
>>
>> Signserver is running on another server on glassfish 2.
>>
>> I can not access to the remote ejb. The jndi name is not recognized.
>>
>> Here is my code :
>>
>> Properties props = new Properties();
>> props.setProperty("org.omg.CORBA.ORBInitialHost", "signserverpki");
>> props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
>> InitialContext ic = null;
>> try {
>> ic = new InitialContext(props);
>> } catch (NamingException ex) {
>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>> null, ex);
>> }
>>
>> IRemote worker = null;
>> try {
>> worker = (IRemote)
>> ic.lookup("org.signserver.ejb.interfaces.IWorkerSession$IRemote");
>> } catch (NamingException ex) {
>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>> null, ex);
>> }
>>
>> The exception thrown is :
>> javax.naming.NamingException: Lookup failed for
>> 'org.signserver.ejb.interfaces.IWorkerSession$IRemote' in
>> SerialContext[myEnv={org.omg.CORBA.ORBInitialPort=3700,
>> java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,
>> org.omg.CORBA.ORBInitialHost=signserverpki,
>> java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,
>> java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root
>> exception
>> is javax.naming.NameNotFoundException:
>> org.signserver.ejb.interfaces.IWorkerSession$IRemote not found]
>>
>>
>> I am working with signserver 3.2.3
>>
>> Thanks a lot for your help.
>>
>>
>> Antoine
>>
>> ------------------------------------------------------------------------------
>> WatchGuard Dimension instantly turns raw network data into actionable
>> security intelligence. It gives you real-time visual feedback on key
>> security issues and trends. Skip the complicated setup - simply
>> import
>> a virtual appliance and go from zero to informed in seconds.
>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
> Hi Antoine,
>
> I don't think I tried EJB lookups between different application servers
> and especially not between two different versions, but at least the
> code
> looks correct if it were used to lookup from a client application.
>
> Maybe there could be an issue with the two different versions, have you
> tried if the code works between two GlassFish V2 ?
>
>
> Regards,
> Markus
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
|
|
From: Markus K. <ma...@pr...> - 2014-02-03 14:29:51
|
No the JavaDoc comment is out-dated.
The class will use the ServiceLocator for lookups which uses an empty
initial context. Typically you will have to have a jndi.properties on
the classpath with the CORBA properties (for GlassFish).
I will remove this comment to not cause confusions.
Regards,
Markus
On 2014-02-03 09:49, ant...@yo... wrote:
> Thanks Markus for your answer.
>
> Unfortunately, I can not test with 2 glassfish v2.
>
> In SigningAndValidationEJB constructor comment, we can see that :
> /**
> * Creates an instance of SigningAndValidationEJB with default
> initial context:
> * <pre>
> * INITIAL_CONTEXT_FACTORY =
> "org.jnp.interfaces.NamingContextFactory"
> * URL_PKG_PREFIXES = "org.jboss.naming:org.jnp.interfaces"
> * PROVIDER_URL = "jnp://localhost:1099"
> * </pre>
> *
> * @throws NamingException If an naming exception is encountered.
> */
>
> Is it the correct configuration to connect with an EJB ?
>
> Thanks,
>
>
>
> Antoine
>
>
>
> Le 03.02.2014 09:23, Markus Kilås a écrit :
>> On 2014-02-02 01:43, ant...@yo... wrote:
>>> Hi everyone,
>>>
>>> I try to access to a Remote EJB from an instance of glassfish 3.
>>>
>>> Signserver is running on another server on glassfish 2.
>>>
>>> I can not access to the remote ejb. The jndi name is not recognized.
>>>
>>> Here is my code :
>>>
>>> Properties props = new Properties();
>>> props.setProperty("org.omg.CORBA.ORBInitialHost", "signserverpki");
>>> props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
>>> InitialContext ic = null;
>>> try {
>>> ic = new InitialContext(props);
>>> } catch (NamingException ex) {
>>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>>> null, ex);
>>> }
>>>
>>> IRemote worker = null;
>>> try {
>>> worker = (IRemote)
>>> ic.lookup("org.signserver.ejb.interfaces.IWorkerSession$IRemote");
>>> } catch (NamingException ex) {
>>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>>> null, ex);
>>> }
>>>
>>> The exception thrown is :
>>> javax.naming.NamingException: Lookup failed for
>>> 'org.signserver.ejb.interfaces.IWorkerSession$IRemote' in
>>> SerialContext[myEnv={org.omg.CORBA.ORBInitialPort=3700,
>>> java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,
>>> org.omg.CORBA.ORBInitialHost=signserverpki,
>>> java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,
>>> java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root
>>> exception
>>> is javax.naming.NameNotFoundException:
>>> org.signserver.ejb.interfaces.IWorkerSession$IRemote not found]
>>>
>>>
>>> I am working with signserver 3.2.3
>>>
>>> Thanks a lot for your help.
>>>
>>>
>>> Antoine
>>>
>>> ------------------------------------------------------------------------------
>>> WatchGuard Dimension instantly turns raw network data into actionable
>>> security intelligence. It gives you real-time visual feedback on key
>>> security issues and trends. Skip the complicated setup - simply
>>> import
>>> a virtual appliance and go from zero to informed in seconds.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> SignServer-develop mailing list
>>> Sig...@li...
>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>
>>
>> Hi Antoine,
>>
>> I don't think I tried EJB lookups between different application servers
>> and especially not between two different versions, but at least the
>> code
>> looks correct if it were used to lookup from a client application.
>>
>> Maybe there could be an issue with the two different versions, have you
>> tried if the code works between two GlassFish V2 ?
>>
>>
>> Regards,
>> Markus
>>
>>
>> ------------------------------------------------------------------------------
>> Managing the Performance of Cloud-Based Applications
>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> Read the Whitepaper.
>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
PKI Specialist
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
|
From: <ant...@yo...> - 2014-02-03 17:07:11
|
Do you know which informations do you have to put in the jndi.properties
file ?
Have a nice day !
Le 03.02.2014 15:29, Markus Kilås a écrit :
> No the JavaDoc comment is out-dated.
>
> The class will use the ServiceLocator for lookups which uses an empty
> initial context. Typically you will have to have a jndi.properties on
> the classpath with the CORBA properties (for GlassFish).
>
> I will remove this comment to not cause confusions.
>
> Regards,
> Markus
>
> On 2014-02-03 09:49, ant...@yo... wrote:
>> Thanks Markus for your answer.
>>
>> Unfortunately, I can not test with 2 glassfish v2.
>>
>> In SigningAndValidationEJB constructor comment, we can see that :
>> /**
>> * Creates an instance of SigningAndValidationEJB with default
>> initial context:
>> * <pre>
>> * INITIAL_CONTEXT_FACTORY =
>> "org.jnp.interfaces.NamingContextFactory"
>> * URL_PKG_PREFIXES = "org.jboss.naming:org.jnp.interfaces"
>> * PROVIDER_URL = "jnp://localhost:1099"
>> * </pre>
>> *
>> * @throws NamingException If an naming exception is encountered.
>> */
>>
>> Is it the correct configuration to connect with an EJB ?
>>
>> Thanks,
>>
>>
>>
>> Antoine
>>
>>
>>
>> Le 03.02.2014 09:23, Markus Kilås a écrit :
>>> On 2014-02-02 01:43, ant...@yo... wrote:
>>>> Hi everyone,
>>>>
>>>> I try to access to a Remote EJB from an instance of glassfish 3.
>>>>
>>>> Signserver is running on another server on glassfish 2.
>>>>
>>>> I can not access to the remote ejb. The jndi name is not recognized.
>>>>
>>>> Here is my code :
>>>>
>>>> Properties props = new Properties();
>>>> props.setProperty("org.omg.CORBA.ORBInitialHost", "signserverpki");
>>>> props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
>>>> InitialContext ic = null;
>>>> try {
>>>> ic = new InitialContext(props);
>>>> } catch (NamingException ex) {
>>>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>>>> null, ex);
>>>> }
>>>>
>>>> IRemote worker = null;
>>>> try {
>>>> worker = (IRemote)
>>>> ic.lookup("org.signserver.ejb.interfaces.IWorkerSession$IRemote");
>>>> } catch (NamingException ex) {
>>>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>>>> null, ex);
>>>> }
>>>>
>>>> The exception thrown is :
>>>> javax.naming.NamingException: Lookup failed for
>>>> 'org.signserver.ejb.interfaces.IWorkerSession$IRemote' in
>>>> SerialContext[myEnv={org.omg.CORBA.ORBInitialPort=3700,
>>>> java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,
>>>> org.omg.CORBA.ORBInitialHost=signserverpki,
>>>> java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,
>>>> java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root
>>>> exception
>>>> is javax.naming.NameNotFoundException:
>>>> org.signserver.ejb.interfaces.IWorkerSession$IRemote not found]
>>>>
>>>>
>>>> I am working with signserver 3.2.3
>>>>
>>>> Thanks a lot for your help.
>>>>
>>>>
>>>> Antoine
>>>>
>>>> ------------------------------------------------------------------------------
>>>> WatchGuard Dimension instantly turns raw network data into
>>>> actionable
>>>> security intelligence. It gives you real-time visual feedback on key
>>>> security issues and trends. Skip the complicated setup - simply
>>>> import
>>>> a virtual appliance and go from zero to informed in seconds.
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> SignServer-develop mailing list
>>>> Sig...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>>
>>>
>>> Hi Antoine,
>>>
>>> I don't think I tried EJB lookups between different application
>>> servers
>>> and especially not between two different versions, but at least the
>>> code
>>> looks correct if it were used to lookup from a client application.
>>>
>>> Maybe there could be an issue with the two different versions, have
>>> you
>>> tried if the code works between two GlassFish V2 ?
>>>
>>>
>>> Regards,
>>> Markus
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Managing the Performance of Cloud-Based Applications
>>> Take advantage of what the Cloud has to offer - Avoid Common
>>> Pitfalls.
>>> Read the Whitepaper.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> SignServer-develop mailing list
>>> Sig...@li...
>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>> ------------------------------------------------------------------------------
>> Managing the Performance of Cloud-Based Applications
>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> Read the Whitepaper.
>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
>
>
> --
> Kind regards,
> Markus Kilås
> PKI Specialist
>
> PrimeKey Solutions AB
>
> Anderstorpsv. 16
> 171 54 Solna
> Sweden
>
> Phone: +46 70 424 94 85
> Skype: markusatskype
> Email: mar...@pr...
>
> www.primekey.se
>
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
|
|
From: Markus K. <ma...@pr...> - 2014-02-04 08:30:02
|
It's the same properties as you used in you code.
The actual file used by the SignServer CLIs is:
conf/glassfish/jndi.properties
Regards,
Markus
On 2014-02-03 15:40, ant...@yo... wrote:
> Do you know which informations do you have to put in the jndi.properties
> file ?
>
> Have a nice day !
>
> Le 03.02.2014 15:29, Markus Kilås a écrit :
>> No the JavaDoc comment is out-dated.
>>
>> The class will use the ServiceLocator for lookups which uses an empty
>> initial context. Typically you will have to have a jndi.properties on
>> the classpath with the CORBA properties (for GlassFish).
>>
>> I will remove this comment to not cause confusions.
>>
>> Regards,
>> Markus
>>
>> On 2014-02-03 09:49, ant...@yo... wrote:
>>> Thanks Markus for your answer.
>>>
>>> Unfortunately, I can not test with 2 glassfish v2.
>>>
>>> In SigningAndValidationEJB constructor comment, we can see that :
>>> /**
>>> * Creates an instance of SigningAndValidationEJB with default
>>> initial context:
>>> * <pre>
>>> * INITIAL_CONTEXT_FACTORY =
>>> "org.jnp.interfaces.NamingContextFactory"
>>> * URL_PKG_PREFIXES = "org.jboss.naming:org.jnp.interfaces"
>>> * PROVIDER_URL = "jnp://localhost:1099"
>>> * </pre>
>>> *
>>> * @throws NamingException If an naming exception is encountered.
>>> */
>>>
>>> Is it the correct configuration to connect with an EJB ?
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Antoine
>>>
>>>
>>>
>>> Le 03.02.2014 09:23, Markus Kilås a écrit :
>>>> On 2014-02-02 01:43, ant...@yo... wrote:
>>>>> Hi everyone,
>>>>>
>>>>> I try to access to a Remote EJB from an instance of glassfish 3.
>>>>>
>>>>> Signserver is running on another server on glassfish 2.
>>>>>
>>>>> I can not access to the remote ejb. The jndi name is not recognized.
>>>>>
>>>>> Here is my code :
>>>>>
>>>>> Properties props = new Properties();
>>>>> props.setProperty("org.omg.CORBA.ORBInitialHost", "signserverpki");
>>>>> props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
>>>>> InitialContext ic = null;
>>>>> try {
>>>>> ic = new InitialContext(props);
>>>>> } catch (NamingException ex) {
>>>>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>>>>> null, ex);
>>>>> }
>>>>>
>>>>> IRemote worker = null;
>>>>> try {
>>>>> worker = (IRemote)
>>>>> ic.lookup("org.signserver.ejb.interfaces.IWorkerSession$IRemote");
>>>>> } catch (NamingException ex) {
>>>>> java.util.logging.Logger.getLogger(SignatureWS.class.getName()).log(Level.SEVERE,
>>>>> null, ex);
>>>>> }
>>>>>
>>>>> The exception thrown is :
>>>>> javax.naming.NamingException: Lookup failed for
>>>>> 'org.signserver.ejb.interfaces.IWorkerSession$IRemote' in
>>>>> SerialContext[myEnv={org.omg.CORBA.ORBInitialPort=3700,
>>>>> java.naming.factory.initial=com.sun.enterprise.naming.impl.SerialInitContextFactory,
>>>>> org.omg.CORBA.ORBInitialHost=signserverpki,
>>>>> java.naming.factory.state=com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl,
>>>>> java.naming.factory.url.pkgs=com.sun.enterprise.naming} [Root
>>>>> exception
>>>>> is javax.naming.NameNotFoundException:
>>>>> org.signserver.ejb.interfaces.IWorkerSession$IRemote not found]
>>>>>
>>>>>
>>>>> I am working with signserver 3.2.3
>>>>>
>>>>> Thanks a lot for your help.
>>>>>
>>>>>
>>>>> Antoine
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> WatchGuard Dimension instantly turns raw network data into
>>>>> actionable
>>>>> security intelligence. It gives you real-time visual feedback on key
>>>>> security issues and trends. Skip the complicated setup - simply
>>>>> import
>>>>> a virtual appliance and go from zero to informed in seconds.
>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
>>>>> _______________________________________________
>>>>> SignServer-develop mailing list
>>>>> Sig...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>>>
>>>>
>>>> Hi Antoine,
>>>>
>>>> I don't think I tried EJB lookups between different application
>>>> servers
>>>> and especially not between two different versions, but at least the
>>>> code
>>>> looks correct if it were used to lookup from a client application.
>>>>
>>>> Maybe there could be an issue with the two different versions, have
>>>> you
>>>> tried if the code works between two GlassFish V2 ?
>>>>
>>>>
>>>> Regards,
>>>> Markus
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Managing the Performance of Cloud-Based Applications
>>>> Take advantage of what the Cloud has to offer - Avoid Common
>>>> Pitfalls.
>>>> Read the Whitepaper.
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> SignServer-develop mailing list
>>>> Sig...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>
>>> ------------------------------------------------------------------------------
>>> Managing the Performance of Cloud-Based Applications
>>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>>> Read the Whitepaper.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> SignServer-develop mailing list
>>> Sig...@li...
>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>
>>
>>
>>
>> --
>> Kind regards,
>> Markus Kilås
>> PKI Specialist
>>
>> PrimeKey Solutions AB
>>
>> Anderstorpsv. 16
>> 171 54 Solna
>> Sweden
>>
>> Phone: +46 70 424 94 85
>> Skype: markusatskype
>> Email: mar...@pr...
>>
>> www.primekey.se
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Managing the Performance of Cloud-Based Applications
>> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
>> Read the Whitepaper.
>> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
PKI Specialist
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
Thanks for helping keep SourceForge clean.
X