Hi, i have created this sample class (copied by the examples) to verify
the signature created.
package testSignature;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.client.AxisClient;
import org.apache.axis.configuration.NullProvider;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSignEnvelope;
import org.apache.xml.security.c14n.Canonicalizer;
import org.w3c.dom.Document;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPMessage;
public class TestWSSecurity {
static final String soapMsg = "<?xml version=\"1.0\"
encoding=\"UTF-8\"?>" + "<SOAP-ENV:Envelope
xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\";
xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\";
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>" +
"<SOAP-ENV:Body>" + "<add
xmlns=\"http://ws.apache.org/counter/counter_port_type\";>" + "<value
xmlns=\"\">15</value>" + "</add>" + "</SOAP-ENV:Body>\r\n \r\n" +
"</SOAP-ENV:Envelope>";
static final WSSecurityEngine secEngine = new WSSecurityEngine();
static final Crypto crypto = CryptoFactory.getInstance();
MessageContext msgContext;
SOAPEnvelope unsignedEnvelope;
public static void main (String[] args) {
try {
TestWSSecurity prova= new TestWSSecurity();
String ritorno = prova.testX509SignatureIS();
System.out.println(ritorno);
}catch (Exception e) {System.out.println(e.toString());}
}
protected SOAPEnvelope getSOAPEnvelope() throws Exception {
InputStream in = new ByteArrayInputStream(soapMsg.getBytes());
Message msg = new Message(in);
msg.setMessageContext(msgContext);
return msg.getSOAPEnvelope();
}
public String testX509SignatureIS() throws Exception {
AxisClient tmpEngine = new AxisClient(new NullProvider());
msgContext = new MessageContext(tmpEngine);
try {
unsignedEnvelope = getSOAPEnvelope();
} catch (Exception e)
{System.out.println("Error");}
WSSignEnvelope builder = new WSSignEnvelope();
builder.setUserInfo("client", "security");
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
Document doc = unsignedEnvelope.getAsDocument();
Document signedDoc = builder.build(doc, crypto);
Message signedMsg = (Message) toSOAPMessage(signedDoc);
signedDoc = signedMsg.getSOAPEnvelope().getAsDocument();
try {
verify(signedDoc);
}catch (Exception e) {return e.toString();}
return "Signature Verified";
}
public static SOAPMessage toSOAPMessage(Document doc) throws Exception {
Canonicalizer c14n =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
ByteArrayInputStream in = new
ByteArrayInputStream(canonicalMessage);
MessageFactory factory = MessageFactory.newInstance();
return factory.createMessage(null, in);
}
private void verify(Document doc) throws Exception {
secEngine.processSecurityHeader(doc, null, null, crypto);
}
}
When i execute it the verification fails.
if i comment out the two rows :
Message signedMsg = (Message) toSOAPMessage(signedDoc);
signedDoc = signedMsg.getSOAPEnvelope().getAsDocument();
then the verification works fine.
Please help me....
best regards.
Alessandro
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
