Menu
I am really struggling with this . I have a webservice to call which is secured by certificate and digital signature . All this needs to be passed as a part of SOAP request which I am creating via Java code , but even after spending days on it the digital signature part which I am trying to create is not getting formed properly .
The code creates the request properly till BinaryToken and breaks from "Name signatureToken". Looking for guidance as to what is not right in the code
This is the sample XML :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1313056420712-845854837">MIIDVjCCAj6gAwIBAgIEThbQLTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJnYjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEUMBIGA1UEChMLaGVhbHRoc29sdmUxFDASBgNVBAsTC2hlYWx0aHNvbHZlMQ4wDAYDVQQDEwVzaW1vbjAeFw0xMTA3MDgwOTM4NTNaFw0xMjA3MDIwOTM4NTNaMG0x</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-13130564207092015610708">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#XWSSGID-1313056421405-433059543">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>3wCcYA8m7LN0TLchG80s6zUaTJE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>ZkPCKEGpOmkhJA5Kq6oqUYU3OWQYyca676UhL
lOyRj7HQD7g0vS+wp70gY7Hos/2G7UpjmYDLPA==</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1313056421331317573418">
<wsse:Reference URI="#XWSSGID-1313056420712-845854837" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1313056421405-433059543">
</ns2:GetEhaStatusRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
and the code which I have written to form the above XML via code is as :
protected void setSecuritySection(SOAPFactory soapFactory, SOAPEnvelope envelope, SOAPPart soapPart) throws SOAPException, ECException {
String METHODNAME = "setSecuritySection";
KeyPairGenerator kpg;
boolean mustUnderstand = true;
SOAPHeader soapHeader = envelope.getHeader();
try {
Name securityName = soapFactory.createName("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd");
SOAPElement securityElement = soapHeader.addHeaderElement(securityName);
// SOAPHeaderElement securityElement =
// soapHeader.addHeaderElement(securityName);
// securityElement.setMustUnderstand(mustUnderstand);
Name binarySecurityToken = soapFactory.createName("BinarySecurityToken", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd");
SOAPElement binarySecurityTokenElement = securityElement.addChildElement(binarySecurityToken);
Certificate cert;
String trustStoreLocation = ServerInformation.getValueForWebsphereVariable("EHA_TRUSTSTORE");
String trustStorePwd = ServerInformation.getValueForWebsphereVariable("EHA_TRUSTSTORE_PWD");
InputStream path = new FileInputStream(trustStoreLocation);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(path, new String(new BASE64Decoder().decodeBuffer(trustStorePwd)).toCharArray());
cert = ks.getCertificate("test");
binarySecurityTokenElement.addTextNode(new BASE64Encoder().encode(cert.getEncoded()));
kpg = KeyPairGenerator.getInstance("DSA");
Name idToken = soapFactory.createName("Id", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd");
SOAPElement idElement = binarySecurityTokenElement.addChildElement(idToken);
idElement.addTextNode("test");
Name valueTypeToken = soapFactory.createName("ValueType", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
SOAPElement valueTypeElement = binarySecurityTokenElement.addChildElement(valueTypeToken);
valueTypeElement.addTextNode("X509v3");
Name encodingTypeToken = soapFactory.createName("EncodingType", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
SOAPElement encodingTypeElement = binarySecurityTokenElement.addChildElement(encodingTypeToken);
encodingTypeElement.addTextNode("Base64Binary");
Name signatureToken = soapFactory.createName("Signature", "ds", "http://www.w3.org/2000/09/xmldsig#");
SOAPHeaderElement signElement = soapHeader.addHeaderElement(signatureToken);
Name id1 = soapFactory.createName("Id");
signElement.addAttribute(id1,"XWSSGID-13130564207092015610708");
Name signedInfo = soapFactory.createName("SignedInfo");
SOAPElement signInfoElement = signElement.addChildElement(signedInfo);
//SOAPHeaderElement signInfoElement = soapHeader.addHeaderElement(signedInfo);
Name canonicalToken = soapFactory.createName("CanonicalizationMethod");
SOAPElement canonicalTokenTokenElement = signInfoElement.addChildElement(canonicalToken);
Name alg = soapFactory.createName("Algorithm");
canonicalTokenTokenElement.addAttribute(alg,"http://www.w3.org/2001/10/xml-exc-c14n#");
Name InclusiveNamespaceToken = soapFactory.createName("InclusiveNamespaces", "wsse", "http://www.w3.org/2001/10/xml-exc-c14n#");
SOAPElement element = canonicalTokenTokenElement.addChildElement(InclusiveNamespaceToken);
Name prefixList = soapFactory.createName("PrefixList");
element.addAttribute(prefixList,"wsse SOAP-ENV");
Name signatureMethodToken = soapFactory.createName("SignatureMethod","ds", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
SOAPElement signatureMethodTokenElement = signInfoElement.addChildElement(signatureMethodToken);
Name alg2 = soapFactory.createName("Algorithm");
signatureMethodTokenElement.addAttribute(alg2,"http://www.w3.org/2000/09/xmldsig#rsa-sha1");
Name referenceToken = soapFactory.createName("Reference", "ds", "#XWSSGID-1313056421405-433059543");
SOAPElement referenceTokenElement = signatureMethodTokenElement.addChildElement(referenceToken);
Name uri = soapFactory.createName("URI");
referenceTokenElement.addAttribute(uri,"#XWSSGID-1313056421405-433059543");
Name digestMethodAlgToken = soapFactory.createName("DigestMethod");
SOAPElement digestMethodAlgTokenElement = referenceTokenElement.addChildElement(digestMethodAlgToken);
Name alg3 = soapFactory.createName("Algorithm");
digestMethodAlgTokenElement.addAttribute(alg3,"http://www.w3.org/2000/09/xmldsig#sha1");
Name digestValueToken = soapFactory.createName("DigestValue" ,"ds" , "3wCcYA8m7LN0TLchG80s6zUaTJE=");
SOAPElement digestValueTokenElement = referenceTokenElement.addChildElement(digestValueToken);
digestValueTokenElement.addTextNode("3wCcYA8m7LN0TLchG80s6zUaTJE=");
Name signValueToken = soapFactory.createName("SignatureValue");
SOAPElement signValueElement = signElement.addChildElement(signValueToken);
signValueElement.addTextNode("QlYfURFjcYPu41G31bXgP4JbFdg6kWH+8ofrY+oc22FvLqVMUW3zdtvZN==");
Name keyInfoToken = soapFactory.createName("KeyInfo") ;
SOAPElement keyInfoElement = signElement.addChildElement(keyInfoToken);
Name securityRefToken = soapFactory.createName("SecurityTokenReference" ,"wsse" , "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
SOAPElement securityRefElement = keyInfoElement.addChildElement(securityRefToken);
Name id2 = soapFactory.createName("Id","wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
securityRefElement.addAttribute(id2,"XWSSGID-1313056421331317573418");
Name referenceURIToken = soapFactory.createName("Reference", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tokenprofile1.0#X509v3");
SOAPElement refElement = securityRefElement.addChildElement(referenceURIToken);
Name uri1 = soapFactory.createName("URI");
refElement.addAttribute(uri1,"#XWSSGID-1313056420712-845854837");
Name valType = soapFactory.createName("ValueType");
refElement.addAttribute(valType,"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
} catch (Exception ex) {
throw new SOAPException(ex);
}
329
To make SOAP requests to the SOAP API endpoint, use the "Content-Type: application/soap+xml" request header, which tells the server that the request body contains a SOAP envelope. The server informs the client that it has returned a SOAP envelope with a "Content-Type: application/soap+xml" response header.
Create a SOAP message to define the remote endpoint, WSDL, and authentication settings. Navigate to System Web Services > SOAP Message. Click New. Enter a Name to identify the SOAP message.
SOAPEnvelope envelope = soapPart. getEnvelope(); You can now use the getHeader and getBody methods of envelope to retrieve its empty SOAPHeader and SOAPBody objects. SOAPHeader header = envelope.
why don't you use spring web services security?
http://static.springsource.org/spring-ws/site/reference/html/security.html
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
