You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Lule Chen <ll...@nortel.com> on 2007/03/08 14:57:01 UTC
RE: abt X.509 token profile
Hi, amit :
Finally, I got it working. The sample code is as the following:
static final WSSecurityEngine secEngine = new WSSecurityEngine();
static final Crypto crypto =
CryptoFactory.getInstance("cryptoSKI.properties");
Options opts = new Options(args);
String address = args[0];
String method = args[1];
opts.setDefaultURL(address = args[0]);
// Service service = new Service();
Call soapCall = new Call();
SOAPEndpoint endpoint = new SOAPEndpoint( method, address,
method, "http://schemas.xmlsoap.org/soap/encoding/", address);
soapCall.setTimeout(10000);
soapCall.setTargetObjectURI(endpoint.getNamespace());
soapCall.setEncodingStyleURI(endpoint.getEncodingStyle());
soapCall.setMethodName(endpoint.getSoapAction());
// setup a "soapenc" type mapping, so that the Apache toolkit
// knows which deserializer to use if the xsi:type is
"soapenc:string"
// on the response carrying the artifact
SOAPMappingRegistry smr = new SOAPMappingRegistry();
Vector params = new Vector();
params.addElement( new Parameter("userID", Integer.class,
"8001", Constants.NS_URI_SOAP_ENC));
params.addElement( new Parameter("siteID", Integer.class,
"100", Constants.NS_URI_SOAP_ENC));
soapCall.setParams( params );
org.apache.soap.util.xml.Deserializer sdl =
(org.apache.soap.util.xml.Deserializer) new ArraySerializer();
smr.mapTypes (Constants.NS_URI_SOAP_ENC,
new QName(Constants.NS_URI_SOAP_ENC, "array"),
Vector.class,
new
org.apache.soap.encoding.soapenc.HashtableSerializer(),
sdl);
StringWriter stringWriter = new StringWriter();
Envelope envelope = soapCall.buildEnvelope();
byte[] byteBuf;
try{
envelope.marshall(stringWriter, smr);
System.out.println(" - envelope as string (before adding
" +
"security header): " + stringWriter);
// convert our SOAP envelope encapsulating object into an
XML
// Document, so we can add the security header
DocumentBuilder docBuilder =
XMLParserUtils.getXMLDocBuilder();
Document document = docBuilder.parse(new InputSource(
new StringReader(stringWriter.toString())));
byteBuf = stringWriter.toString().getBytes();
}catch(SAXException e){
System.out.println("ERROR: - XML parsing exception: " +
e.getLocalizedMessage());
throw new Exception("error parsing XML");
} catch (IOException e) {
System.out.println( " - I/O exception: " +
e.getLocalizedMessage());
throw new Exception(": I/O error");
}
AxisClient tmpEngine = new AxisClient(new NullProvider());
MessageContext msgContext = new MessageContext(tmpEngine);
Message message = new Message(new
ByteArrayInputStream(byteBuf));
message.setMessageContext( msgContext );
SOAPEnvelope env = new SOAPEnvelope(new
ByteArrayInputStream(byteBuf));
WSSecEncrypt encrypt = new WSSecEncrypt();
WSSecSignature sign = new WSSecSignature();
encrypt.setUserInfo("wss4jcert", "security");
sign.setUserInfo("wss4jcert", "security");
encrypt.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
encrypt.setSymmetricEncAlgorithm(org.apache.ws.security.WSConstants.TRIP
LE_DES);
System.out.println("Before Encryption....");
Document doc = env.getAsDocument();
WSSecHeader secHeader = new WSSecHeader();
secHeader.setMustUnderstand(false);
secHeader.insertSecurityHeader(doc);
Document encryptedDoc = encrypt.build(doc, crypto, secHeader);
Document encryptedSignedDoc = sign.build(encryptedDoc, crypto,
secHeader);
//
// convert the resulting document into a message first. The
// toSOAPMessage() mehtod performs the necessary c14n call to
properly
// set up the signed document and convert it into a SOAP
message. After
// that we extract it as a document again for further
processing.
//
Message encryptedMsg = (Message) SOAPUtil
.toSOAPMessage(encryptedSignedDoc);
String s = encryptedMsg.getSOAPPartAsString();
((SOAPPart) message.getSOAPPart()).setCurrentMessage(s,
SOAPPart.FORM_STRING);
Document encryptedSingedDoc1 = encryptedMsg.getSOAPEnvelope()
.getAsDocument();
System.out.println("\n============= Request ==============");
System.out.println(XMLUtils.DocumentToString(encryptedSingedDoc1));
System.out.println("\n======================================");
org.apache.axis.client.Call axisCall = new
org.apache.axis.client.Call(address);
org.apache.ws.axis.security.WSDoAllReceiver rsHandler = new
org.apache.ws.axis.security.WSDoAllReceiver();
encryptedMsg.setMessageContext( msgContext );
rsHandler.setOption(WSHandlerConstants.USER, "wss4jcert");
rsHandler.setOption(WSHandlerConstants.MUST_UNDERSTAND,
"false");
rsHandler.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,
"com.nortel.cdma.axis.Client.ClientPWCallback");
rsHandler.setOption(WSHandlerConstants.ACTION, "Encrypt
Signature");
rsHandler.setOption(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
"false");
rsHandler.setOption(WSHandlerConstants.DEC_PROP_FILE,
"cryptoSKI.properties");
rsHandler.setOption(WSHandlerConstants.SIG_PROP_FILE,
"cryptoSKI.properties");
rsHandler.setOption(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
rsHandler.setOption(WSHandlerConstants.ENC_KEY_ID,
"DirectReference");
rsHandler.setOption(WSHandlerConstants.ENC_SYM_ALGO,
"TRIPLE_DES");
rsHandler.setOption(WSHandlerConstants.ENC_KEY_TRANSPORT,
"KEYTRANSPORT_RSA15");
axisCall.setClientHandlers(null, rsHandler);
SOAPEnvelope response = axisCall.invoke(encryptedMsg);
System.out.println("\n============= Response ==============");
XMLUtils.PrettyElementToStream(response.getAsDOM(), System.out);
...
The server side deploy.wsdd looks like the following:
<service>
...
<requestFlow>
<handler type="soapmonitor"/>
<handler name="DoSecurityReceiver"
type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="user" value="wss4jcert"/>
<parameter name="mustUnderstand" value="false"/>
<parameter name="timestampStrict" value="false"/>
<parameter name="passwordCallbackClass"
value="com.nortel.ca.wcars2g7.axis.services.NEService.PWCallback"/>
<parameter name="action" value="Encrypt Signature"/>
<parameter name="enableSignatureConfirmation" value="false" />
<parameter name="decryptionPropFile" value="cryptoSKI.properties"
/>
<parameter name="signaturePropFile" value="cryptoSKI.properties"
/>
<parameter name="decryptionKeyIdentifier" value="X509KeyIdentifier"
/>
<parameter name="encryptionSymAlgorithm"
value="org.apache.ws.security.WSConstants.TRIPLE_DES" />
</handler>
</requestFlow>
<responseFlow>
<handler type="soapmonitor"/>
<handler name="DoSecuritySender"
type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="wss4jcert"/>
<parameter name="timestampStrict" value="false"/>
<parameter name="mustUnderstand" value="false"/>
<parameter name="passwordCallbackClass"
value="com.nortel.ca.wcars2g7.axis.services.NEService.PWCallback"/>
<parameter name="action" value="Encrypt Signature"/>
<parameter name="enableSignatureConfirmation" value="false" />
<parameter name="precisionInMilliseconds" value="false" />
<parameter name="encryptionPropFile" value="cryptoSKI.properties" />
<parameter name="encryptionUser" value="useReqSigCert" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="signaturePropFile" value="cryptoSKI.properties" />
<parameter name="encryptionKeyIdentifier" value="DirectReference" />
<parameter name="encryptionKeyIdentifier" value="DirectReference" />
<parameter name="encryptionSymAlgorithm"
value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</handler>
<handler type="soapmonitor"/>
</responseFlow>
</service>
Lule
-----Original Message-----
From: amit vyas [mailto:amit_vyas_1981@yahoo.co.in]
Sent: Tuesday, February 20, 2007 12:39 AM
To: Chen, Lule (CAR:2Y83)
Subject: abt X.509 token profile
hi ,
i have seen your mail in which you are seeking
solution to attach X.509 token profile with SOAP
message.
i have also the same problem, if you get any
satisfactory solution then please send me sample
code for that .
i am presently using apache wss4j and apache axis1.2
thanks in advance
regards
amit vyas
__________________________________________________________
Yahoo! India Answers: Share what you know. Learn something new
http://in.answers.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org