You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sandra Kosmalla <ko...@cs.uni-bonn.de> on 2008/01/25 13:02:24 UTC

Problems with tomcat and wss4j

Hi,

I have some problems with tomcat and wss4j. I programmed a servlet that 
recieves Soap-messages with signatures. The servlet checks the 
signature. In case of a valid signature the servlet removes it.
The removeSignature gives me the error message "Signature is unvalid" 
even with valid signatures.

The code of my servlet:

public class TestServlet extends HttpServlet
{
     private SecurityHandler signer = new SecurityHandler();

     public void doPost(HttpServletRequest request, HttpServletResponse
response)
     throws IOException
     {
         InputStream input = request.getInputStream();

         Document soapRequest = null;

         try
         {
             soapRequest = XmlUtils.createDocument(input);
         }

         catch (SAXException error)
         {
             throw new IOException(error.getMessage());
         }

         try {
             soapRequest = this.signer.removeSignature(soapRequest);
//auth failed!!

         } catch (SignatureNotFoundException e) {
             e.printStackTrace();
         }



     }
}

My client is a jUnit-Test.

@Test
     public final void testSendSignature() throws IOException,
SAXException, SignatureNotFoundException{
         /* Create valid signed example ---------------------------- */
         Document request =
createNspExampleRequestWithoutSignature(this.nspExampleRequestWithoutSignature);
         this.secureHandler.setAddSignatureFlag(true);
         Document response = this.secureHandler.addSignature(request);
         /* ---------------------------------------------------------- */

         /* Check example -------------------------------------------- */
         boolean check = this.signer.checkSignature(response);
         Assert.assertTrue("Signature is unvalid!", check);
         /* ---------------------------------------------------------- */

         /* Convert document to byte[]*/
         String requestString = XMLUtils.PrettyDocumentToString(request);
         byte[] soapBytes = requestString.getBytes();
         /* ---------------------------------------------------------- */

         /* set up the HTTP request - POST of SOAP 1.2 data */
         URL url = getDestinationURL(dest);
         HttpURLConnection connection =
(HttpURLConnection)url.openConnection();
         connection.setRequestMethod("POST");
         connection.setRequestProperty("Content-type",
SoapConstants.CONTENT_TYPE_HEADER);
         connection.setDoOutput(true);
         connection.connect();
         /* ---------------------------------------------------------- */

         /* send the SOAP request... */
         OutputStream output = connection.getOutputStream();
         output.write(soapBytes);
         output.flush();
         output.close();
         /* --------------------------------------------------------- */
     }

The client adds a signature in my Soap-message and checks the new
Soap-message. The signature is ok. The message is converted to a 
bytestream and sent. In TestServlet, removeSignature can't remove the 
signature. I got the error message "signature is unvalid".

I assumed that the converting to string or byte ruins the signature. I 
coded a test  to test the converting.

     @Test
     public final void testSignatureToByte() throws IOException,
SAXException, SignatureNotFoundException{
         /* Create valid signed example ------------------------------ */
         Document request =
createNspExampleRequestWithoutSignature(this.nspExampleRequestWithoutSignature);
         this.secureHandler.setAddSignatureFlag(true);
         Document response = this.secureHandler.addSignature(request);
         String responseString = XMLUtils.PrettyDocumentToString(response);
         /* --------------------------------------------------------- */

         /* Check example -------------------------------------------- */
         boolean check = this.signer.checkSignature(response);
         Assert.assertTrue("Signature is unvalid!", check);
         /* -------------------------------------------------------- */

         /*Create a copy----------------------------------------------*/
         byte[] responseByte = responseString.getBytes();
         String newResponseString = new String(responseByte);
         System.out.println("newResponse: ---------");
         System.out.println(newResponseString);
         Assert.assertTrue("Strings are unequal",
responseString.equals(newResponseString));
         /* -------------------------------------------------------- */

         /*Check copy ---------------------------------------------- */
         Document newResponse = XmlUtils.createDocument(newResponseString);
         check = this.signer.checkSignature(newResponse);
         Assert.assertTrue("Signature is unvalid!", check);
         /* ------------------------------------------------------- */
     }

The result of the test is positive.
I do not understand why removeSignature() in TestServlet calls me
"signature is unvalid". It would be nice if you could help me with this 
problem.
Thank you in advance.

Regards,

Sandra Kosmalla


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org