You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ws.apache.org by Devon Miller <aa...@gmail.com> on 2017/01/19 21:04:48 UTC

help composing security header without using a cxf/axis2 framework

I am trying to create a SOAP security header but am having difficulty
understanding how to create the proper crypto and other configs. I have
attached the WSDL policy (not the entire WSDL) as well as the token request
and response from the server and a whoami request that shows a example of
the security header that I need to generate. The server is a WCF endpoint
e.g. CRM system. All of the attachments are to a small virtual machine demo
system I setup to test security processing in java. I am using wss4j 2.1.8

I've gone through the wss4j tests trying to stitch together just the right
parts as I don't need to have anything robust, just a security header that
meets this one target. When trying to use axis2 to generate the stubs, it
did not seem to generate the security part and I just need some code for
the client side in a non-servlet scenario. I tried to look at rampart to
understand it may create the config but reading that code did not help. I
have also read through the standards but that's not helped me map it to the
code I need.

Thoughts on which wss4j tests might hold critical code for me to look at
and cut and paste  from? For example, I've yet to figure out how to create
the proper crypto to use with the signature, it seems all the choices use
disk-based keystores.

Thoughts?


   val secHeader = new WSSecHeader(doc)
    secHeader.insertSecurityHeader()
    val timestamp = new WSSecTimestamp()
    timestamp.setTimeToLive(3600 * 2)
    timestamp.build(doc, secHeader)
    val x509Data = new DOMX509Data(doc,
      new DOMX509IssuerSerial(doc, "CN=DemoCrmServer, DC=Demo, DC=Local",
        new
java.math.BigInteger("825127572376036501802804159644169187033612293")))
    // This gives me an error because I do not have a crypto.properties,
but I just need a memory based version
    val crypto = CryptoFactory.getInstance()
    val signer = new WSSecSignature()
    signer.setSigCanonicalization(WSS4JConstants.C14N_EXCL_OMIT_COMMENTS)
    signer.setKeyIdentifierType(WSConstants.ISSUER_SERIAL)
    // What's the right crypto?
    val signedDoc = signer.build(doc, crypto, secHeader)
    ...