Hi All,
I've created a soap message then I've signed it with this method:
/*************************************
public class signer2 {
public static void main(String arg[]){
try{
KeyStore ks = KeyStore.getInstance("PKCS12");
InputStream in = new FileInputStream("e://x509pri.p12");
ks.load(in, "1234567890".toCharArray());
Enumeration aliases = ks.aliases();
String alias=null;
while(aliases.hasMoreElements())
{
alias = (String)aliases.nextElement();
System.out.println(alias);
}
SOAPMessage signedSOAPMsg=null;
//Crea message factory
MessageFactory messageFactory = MessageFactory.newInstance();
// Creazione di un messaggio
//Il metodo createMessage() si occupa di definire un nuovo messaggio
//vuoto costituito da un blocco principale (la "part") a cui
//opzionalmente sarà possibile aggiungere una o più attachments.
//Per valorizzare correttamente il messaggio, é necessario accedere
//all'envelope, passando dalla "part":
SOAPMessage message = messageFactory.createMessage();
SOAPEnvelope env= new SOAPEnvelope();
SOAPHeader hdr = env.getHeader();
SOAPBody bdy = env.getBody();
Message axisMessage = new Message(env,null);
SOAPEnvelope unsignedEnvelope = axisMessage.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();
System.out.println(message);
//System.out.println(message);
// WSSignEnvelope firma un SOAP envelope in accordo con
// WS Specification (X509 profile) e agginge il dato
// all'envelope.
WSSecSignature signer = new WSSecSignature();
String password = "1234567890";
signer.setUserInfo(alias, password);
// create a vector of WSEncryptPart parts to sign, both the soap body
//and the attachments
SOAPConstants soapConstants =WSSecurityUtil.getSOAPConstants(unsignedEnvelope);
Vector parts = new Vector();
// add the body part
String localPart = soapConstants.getBodyQName().getLocalPart();
String envelopeURI = soapConstants.getEnvelopeURI();
WSEncryptionPart body = new WSEncryptionPart(localPart, envelopeURI, "Content");
parts.add(body);
System.out.println(body);
// how to add the attachment part?????
signer.setParts(parts);
// The "build" method, creates the signed SOAP envelope.
// It takes a SOAP Envelope as a W3C Document and adds
// a WSS Signature header to it. The signed elements
// depend on the signature parts that are specified by
// the WSBaseMessage.setParts(java.util.Vector parts)
// method. By default, SOAP Body is signed.
// The "crypto" parameter is the object that implements
// access to the keystore and handling of certificates.
// A default implementation is included:
// org.apache.ws.security.components.crypto.Merlin
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = signer.build(doc, CryptoFactory.getInstance(),secHeader);
System.out.println("il messaggio è stato creato e firmato correttamente");
verify(signedDoc);
// Convert the signed document into a SOAP message.
signedSOAPMsg = toSOAPMessage(signedDoc);
System.out.println(signedSOAPMsg);
} catch (Exception e) {
e.printStackTrace();
}
}
public static SOAPMessage toSOAPMessage(Document doc) throws Exception {
Canonicalizer c14n =Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage);
MessageFactory factory = MessageFactory.newInstance();
return factory.createMessage(null, in);
}
}
***************************************************/
Now I've created a method that check sign of my soap messagge, this is the code:
/***********************************
static final WSSecurityEngine secEngine = new WSSecurityEngine();
private static void verify(Document doc) throws Exception {
secEngine.processSecurityHeader(doc, null, null,CryptoFactory.getInstance() );
System.out.println("La firma del messaggio è valida");
}
*******************************/
But with this method I verify if the signature of the client is valid,
I've on my application server the x509 certificate of a CA and I want that when arrive the signedDoc message my app. server verify the signature of client and the signature of the CA that is in the x509 certificate, Is it possible with wss4j??
or I need to send with the signed soap message the certificate x509 of the client as attachement??
Thanks all for help.
Hermann
Title: [WSS4J 1.5] Verify signature of Certificate Authority in a x509 certificate inserted as security token
- [WSS4J 1.5] Verify signature of Certificate Authority in a x5... hescot
