I got this error while trying to sign a invoice using the sdk version 3.3.3.
org.bouncycastle.openssl.PEMException: unable to convert key pair: Cannot invoke “org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getEncoded()” because the return value of “org.bouncycastle.openssl.PEMKeyPair.getPublicKeyInfo()” is null
at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)
at com.zatca.sdk.util.ECDSAUtil.loadPrivateKey(ECDSAUtil.java:117)
at com.zatca.sdk.service.InvoiceSigningService.validatePrivateKey(InvoiceSigningService.java:143)
at com.zatca.sdk.service.InvoiceSigningService.validateInputFiles(InvoiceSigningService.java:70)
at com.zatca.sdk.service.InvoiceSigningService.validateInput(InvoiceSigningService.java:176)
at com.zatca.sdk.service.GeneratorTemplate.generate(GeneratorTemplate.java:32)
at com.zatca.sdk.MainApp.execute(MainApp.java:65)
at com.zatca.sdk.MainApp.main(MainApp.java:121)
Caused by: java.lang.NullPointerException: Cannot invoke “org.bouncycastle.asn1.x509.SubjectPublicKeyInfo.getEncoded()” because the return value of “org.bouncycastle.openssl.PEMKeyPair.getPublicKeyInfo()” is null
To sign simplified tax invoices using ZATCA’s JAVA SDK, follow the below steps:
1- After sending the CSR in the Compliance request CSID API, a Binarytoken & secret will be returned
2- Take the Binarytoken output, and decode it using base64 decoder, the decoded value is the x.509 certificate
3- Go to the SDK file to the following path: SDK/Data/Certificates/Cert.pem
4- Replace the value with your obtained x.509 certificate
5- Insert the new generated private key in the “ec-secp256k1-priv-key.pem” file
5- Go to the JAVA SDK and use the command: fatoora -sign -invoice “invoice.xml”
6- Now the invoice will be signed & can be submitted successfully in the compliance checks phase (Compliance invoice API)
7- Redo the same steps above with the returned PCSID from the third API in the onboarding process and sign your simplified tax invoices with before sending to Reporting API
If you require any additional support other than the mentioned steps above, please do not hesitate to reach out.
Hi @Aturkistani
I have another issue regarding the sdk.
We are generating CSID for multiple suppliers. These suppliers have their own invoices which are validated from a centralized server .So, for each supplier, taking the binarySecurityToken, decoding and replacing in the Cert.pem is not ideal. How should I address this issue?
Are the suppliers part of a VAT group or individual VAT members?
If they are under a VAT group, they can use a shared device, allowing all suppliers to submit their e-invoices to ZATCA from a centralized point.
However, if they are individual VAT members, you can specify each supplier’s certificate (cert.pem) and private key (privatekey.pem) files to sign their e-invoices. This can be done using the following flags:
These flags will ensure that the correct certificate and private key are used for each supplier’s e-invoice submission without the need to replace it in the cert.pem in SDK folder for each time, This functionality is available in our .NET SDK.
Hi @Saud
As per my observation, the Java SDK cannot accept certificate and private key passed in the SDK command.
It accesses certificate and private Key from the folders located inside the SDK folder even if we explicitly pass certificate and private key as arguments.
Correct, looks like Java developers are left to deal with it.
As I’ve read your discussions you also had this same issue of managing multiple CSR and private keys, if I am right. Can I know how did you manage to solve it?