You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Gorbunov Pavel <P....@ftc.ru> on 2012/04/05 09:31:32 UTC
AlgorithmSuite not enought
Hello!
I need to write secure WS client. I have wsdl, but it is not policy-annotated. I have example SOAP Message - there is BinarySecurityToken and Signature inside. Signature algorithm is <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>
I found example of using Axis+Rampart:
http://www.ibm.com/developerworks/java/library/j-jws5/index.html
which makes almost all I need. But there is one problem - it use <TripleDesRsa15> AlgorithmSuite. I found no AlgorithmSuite with gostr signature. I have xml signature provider, which can make gostr, but don't understand, how to make Rampart use it. Tell me please, how to add that signature algorithm to Rampart? I stuck in ws stack :) Sorry for my English...
SOAP, that I need:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<S:Header>
<wsse:Security soapenv:actor="http://smev.gosuslugi.ru/actors/smev">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId">MIIGZTCCBhKgAwIBAgIKH60oRgAAAAAC1zAKBgYqhQMCAgMFADBBMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGjAYBgoJkiaJk/IsZAEZFgpTZWNyZXROZXQ1MQwwCgYDVQQDEwNTTjUwHhcNMTEwMjE1MTQ0MjM5WhcNMTIwMjE1MTQ0MjM5WjCB9zENMAsGA1UEKhMEUGV0cjEPMA0GA1UEBBMGUGV0cm92MTAwLgYJKoZIhvcNAQkCEyExLjIuNjQzLjMuNjEuMS4xLjYuNTAyNzEwLjMuNC4yLjMxGzAZBgNVBAwMEtCx0YPRhdCz0LDQu9GC0LXRgDELMAkGA1UEBhMCUlUxJDAiBgNVBAgMG9CQ0LvRgtCw0LnRgdC60LjQuSDQutGA0LDQuTEVMBMGA1UEBwwM0JzQvtGB0LrQstCwMQ8wDQYDVQQKDAbQoNCR0KExFDASBgNVBAMTC1BldHJvdiBQZXRyMRUwEwYJKoZIhvcNAQkBFgYyQDMucnUwYzAcBgYqhQMCAhMwEgYHKoUDAgIkAAYHKoUDAgIeAQNDAARARuJRu79UiE16eMxKipRLj3j3MiJNDoCQqtfo5dzlukqvOCBlWvAxqd7rv8BF2D5p9GakGZEgpdklmsIjGfx42KOCBC8wggQrMA4GA1UdDwEB/wQEAwIEsDCB+QYDVR0lBIHxMIHuBg8qhQMDPQEBBp7XNgMEAQEGDyqFAwM9AQEGntc2AwQBAgYPKoUDAz0BAQae1zYDBAEDBg8qhQMDPQEBBp7XNgMEAQQGDyqFAwM9AQEGntc2AwQBBQYPKoUDAz0BAQae1zYDBAEGBg8qhQMDPQEBBp7XNgMEAQcGDyqFAwM9AQEGntc2AwQBCAYPKoUDAz0BAQae1zYDBAEJBg8qhQMDPQEBBp7XNgMEAQoGDyqFAwM9AQEGntc2AwQBCwYPKoUDAz0BAQae1zYDBAEMBg8qhQMDPQEBBp7XNgMEAQ0GDyqFAwM9AQEGntc2AwQBDjAcBgNVHSAEFTATMBEGDyqFAwM9AQEGntc2AwQBATBJBgNVHREEQjBAoA4GByqFAwHgOQGgAwwBMKAKBgNVHRGgAwwBMaAiBg8qhQMDPQEBBp7XNgMEAwGgDwwNUGV0cm92X1BldHIgMTAdBgNVHQ4EFgQU3uZixLuZb3DwHLt8xId+mVHVwW0wHwYDVR0jBBgwFoAU9/5uKcUNBfmrS6KgwSzUlNvruY0wggEEBgNVHR8EgfwwgfkwgfaggfOggfCGgbRsZGFwOi8vL0NOPVNONSxDTj1Eb21lbkNvbnRyb2wsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9U2VjcmV0TmV0NSxEQz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGN2h0dHA6Ly9kb21lbmNvbnRyb2wuc2VjcmV0bmV0NS5sb2NhbC9DZXJ0RW5yb2xsL1NONS5jcmwwggEfBggrBgEFBQcBAQSCAREwggENMIGnBggrBgEFBQcwAoaBmmxkYXA6Ly8vQ049U041LENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPVNlY3JldE5ldDUsREM9bG9jYWw/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwYQYIKwYBBQUHMAKGVWh0dHA6Ly9kb21lbmNvbnRyb2wuc2VjcmV0bmV0NS5sb2NhbC9DZXJ0RW5yb2xsL0RvbWVuQ29udHJvbC5TZWNyZXROZXQ1LmxvY2FsX1NONS5jcnQwDAYDVR0TAQH/BAIwADA7BgkrBgEEAYI3FQcELjAsBiQrBgEEAYI3FQiTvxaCwuZhh/GHC4efuDiFuOEGPYK9iW23hUwCAWQCASUwCgYGKoUDAgIDBQADQQD9qcbFvMUMRPbdtT3XqU4kt38diuYrGgp0qsT50Jwcic7WiyJzUYbNx57fjLEXO+glVktAm+SJQS4C69Nq2oWQ</wsse:BinarySecurityToken>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>
<ds:Reference URI="#body">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>
<ds:DigestValue>uwI+8TTfxhaRH1fz88ex7s6B43/+XZ5scnTN3wBacK4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>q42ugY0LlIcQt4+V92ztXcp52I0BXpwkHo54IYsI6dgClaevTCTlFaa344Mw8dCR92g9bPmNf+l24khAxd6WEg==</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#CertId" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</S:Header>
<S:Body wsu:Id="body">
<ns9:UnifoTransferMsg xmlns:ns10="http://roskazna.ru/xsd/ExportQuittanceResponse" xmlns:ns11="http://roskazna.ru/xsd/ExportIncomesResponse" xmlns:ns12="http://roskazna.ru/xsd/ExportPaymentsResponse" xmlns:ns13="http://roskazna.ru/xsd/PGU_ChargesResponse" xmlns:ns14="http://roskazna.ru/xsd/PaymentInfo" xmlns:ns15="http://roskazna.ru/xsd/Charge" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>" xmlns:ns3="http://www.w3.org/2004/08/xop/include" xmlns:ns4="http://smev.gosuslugi.ru/rev110801" xmlns:ns5="http://roskazna.ru/xsd/PGU_ImportRequest" xmlns:ns6="http://rosrazna.ru/xsd/SmevUnifoService" xmlns:ns7="http://roskazna.ru/xsd/Ticket" xmlns:ns8="http://roskazna.ru/xsd/PGU_DataRequest" xmlns:ns9="http://roskazna.ru/SmevUnifoService/">
<ns4:Message>
<ns4:Sender>
<ns4:Code>0000000001</ns4:Code>
<ns4:Name>External Organization</ns4:Name>
</ns4:Sender>
<ns4:Recipient>
<ns4:Code>0000000000</ns4:Code>
<ns4:Name>UNIFO</ns4:Name>
</ns4:Recipient>
<ns4:Originator>
<ns4:Code>0000000001</ns4:Code>
<ns4:Name>External Organization</ns4:Name>
</ns4:Originator>
<ns4:TypeCode>Request</ns4:TypeCode>
<ns4:Date>2011-08-24T12:35:39.121+04:00</ns4:Date>
</ns4:Message>
<ns4:MessageData>
<ns4:AppData>
<ns6:exportData>
<ns8:DataRequest kind="CHARGESTATUS">
<PostBlock>
<ID>7ba91a04-9f25-463e-8227-ca3e46354c43</ID>
<TimeStamp>2011-08-24T12:35:39.121+04:00</TimeStamp>
<SenderIdentifier>3</SenderIdentifier>
</PostBlock>
<SupplierBillIDs>
<SupplierBillID>18855500000000000018</SupplierBillID>
</SupplierBillIDs>
</ns8:DataRequest>
</ns6:exportData>
</ns4:AppData>
</ns4:MessageData>
</ns9:UnifoTransferMsg>
</S:Body>
</soapenv:Envelope>
SOAP from example of Dennis Sosnoski : http://www.ibm.com/developerworks/java/library/j-jws5/index.html
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
<wsu:Created>2012-04-05T05:42:25.006Z</wsu:Created>
<wsu:Expires>2012-04-05T05:47:25.006Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-AA1B434D3C13A3123713336045451151">MIICoDCCAgkCBEnhw2IwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAk5aMRMwEQYDVQQIEwpXZWxsaW5ndG9uMRowGAYDVQQHExFQYXJhcGFyYXVtdSBCZWFjaDEqMCgGA1UEChMhU29zbm9za2kgU29mdHdhcmUgQXNzb2NpYXRlcyBMdGQuMRAwDgYDVQQLEwdVbmtub3duMRgwFgYDVQQDEw9EZW5uaXMgU29zbm9za2kwHhcNMDkwNDEyMTAzMzA2WhcNMzYwODI3MTAzMzA2WjCBljELMAkGA1UEBhMCTloxEzARBgNVBAgTCldlbGxpbmd0b24xGjAYBgNVBAcTEVBhcmFwYXJhdW11IEJlYWNoMSowKAYDVQQKEyFTb3Nub3NraSBTb2Z0d2FyZSBBc3NvY2lhdGVzIEx0ZC4xEDAOBgNVBAsTB1Vua25vd24xGDAWBgNVBAMTD0Rlbm5pcyBTb3Nub3NraTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAhOVyNK8xyxtb4DnKtU6mF9KoiFqCk7eKoLE26+9h410CtTkxzWAfgnR+8i+LPbdsPY+yXAo6NYpCCKolXfDLe+AG2GwnMZGrIl6+BLF3hqTmIXBFTLGUmC7A7uBTivaWgdH1w3hb33rASoVU67BVtQ3QQi99juZX4vU9o9pScocCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBMNPo1KAGbz8Jl6HGbtAcetieSJ3bEAXmv1tcjysBS67AXzdu1Ac+onHh2EpzBM7kuGbw+trU+AhulooPpewIQRApXP1F0KHRDcbqWjwvknS6HnomN9572giLGKn2601bHiRUj35hiA8aLmMUBppIRPFFAoQ0QUBCPx+m8/0n33w==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>" Id="Signature-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-8970973">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>SbYGQzu+noLM7xXwvcG8XFTG+zE=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>MMuBsiseg8TJYCh8XclCQQHtagk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>LkEs5AE2VNuRWcA/Up+ksOlPQB/PELF2vKibO9+8K8TZilA0eVeT5yaCMghOlwQuAzbWvY+XCbhlcnu3pbNu4kO2SOzra61RwZPbOr3VPf8Ekz8CWF57aW5TRsxM6knjBuU2g188lAM4NoypuRkUELP3vEdKAeHmZGIIjvjg3KM=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-AA1B434D3C13A3123713336045451312">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-AA1B434D3C13A3123713336045451313">
<wsse:Reference URI="#CertId-AA1B434D3C13A3123713336045451151" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-8970973">
<ns2:getBook xmlns:ns2="http://ws.sosnoski.com/library/wsdl">
<ns2:isbn>0061020052</ns2:isbn>
</ns2:getBook>
</soapenv:Body>
</soapenv:Envelope>
Best regards, Pavel