Error when try to sign invoice

Signing process
1

I encountered the next error when tryed to sign invoice

fatoora -sign -invoice /path/to/file -signedInvoice /path/to/file_signed.xml

********** Welcome to ZATCA E-Invoice Java SDK 3.3.9 *********************
This SDK uses Java to call the SDK (jar) passing it an invoice XML file.
It can take a Standard or Simplified XML, Credit Note, or Debit Note.
It returns if the validation is successful or shows errors where the XML validation fails.
It checks for syntax and content as well.
You can use the command (fatoora -help) for more information.

****************************************************************
2025-01-23 10:58:55,434 [ERROR] InvoiceSigningService - failed to sign invoice [please provide a valid private key] 
org.bouncycastle.openssl.PEMException: unable to convert key pair: null
	at org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter.getKeyPair(Unknown Source)
	at com.zatca.sdk.util.ECDSAUtil.loadPrivateKey(ECDSAUtil.java:117)
	at com.zatca.sdk.service.InvoiceSigningService.validatePrivateKey(InvoiceSigningService.java:143)
	at com.zatca.sdk.service.InvoiceSigningService.validateInputFiles(InvoiceSigningService.java:70)
	at com.zatca.sdk.service.InvoiceSigningService.validateInput(InvoiceSigningService.java:176)
	at com.zatca.sdk.service.GeneratorTemplate.generate(GeneratorTemplate.java:32)
	at com.zatca.sdk.MainApp.execute(MainApp.java:65)
	at com.zatca.sdk.MainApp.main(MainApp.java:121)
Caused by: java.lang.NullPointerException
	... 8 more

fatoora path: /opt/zatca_einvoicing_sdk/Apps/fatoora

config path: /opt/zatca_einvoicing_sdk/Configuration/config.json

cat /opt/zatca_einvoicing_sdk/Configuration/config.json
{
  "xsdPath": "/opt/zatca_einvoicing_sdk/Data/Schemas/xsds/UBL2.1/xsd/maindoc/UBL-Invoice-2.1.xsd",
  "enSchematron": "/opt/zatca_einvoicing_sdk/Data/Rules/schematrons/CEN-EN16931-UBL.xsl",
  "zatcaSchematron": "/opt/zatca_einvoicing_sdk/Data/Rules/schematrons/20210819_ZATCA_E-invoice_Validation_Rules.xsl",
  "inputPath": "/opt/zatca_einvoicing_sdk/Data/Input",
  "usagePathFile": "/opt/zatca_einvoicing_sdk/Configuration/usage.txt",
  "certPath": "/mnt/zatca-e-inv-data/Certificates/cert.pem",
  "privateKeyPath": "/mnt/zatca-e-inv-data/Certificates/private.key",
  "pihPath": "/opt/zatca_einvoicing_sdk/Data/PIH/pih.txt"
}
2

Dear @Konstantin

Thanks for reaching out,

To provide comprehensive support as usual, can I kindly ask you to share a screen shot of the directory that contains the invoice you want to sign?
mentioning the exact followed steps.

Thanks,
Ibrahem Daoud.

3

image
image1845×645 117 KB

4

Dear @Konstantin

Thanks for reaching out,

Can I kindly ask you to provide the steps that you followed after generating you PCSID?

Thanks,
Ibrahem Daoud.

5

We requested /production/csids and store the response to files:

  • binarySecurityToken to /Certificates/cert.pem
  • secret to /Certificates/private.key
6

Dear @Konstantin

Thanks for reaching out,

Kindly note that you need to replace the private key with the one generated along with your CSR, not with the secret.

Thanks,
Ibrahem Daoud.

7

Ibrahem,
Thanks for your support.
I apologize for misleading you. I checked again, we use binarySecurityToken as cert.pem, and private key from CSR as private.key

Does SDK use something like system footprint? Perhaps the problem is due to the fact that we are using a docker container?
If we rebuild it by just copying the files containing the private keys, will that be a problem?

8

Dear @Konstantin

Thanks for reaching out,

Kindly note that if you are 100% sure that you replaced the private key generated along with the CSR, reach out to your RM to reach out to our support team via below mail clarifying all concerns:

SP mail: sp_support@zatca.gov.sa

Thanks,
Ibrahem Daoud.