Search in sources :

Example 1 with WSSecurityEngine

use of org.apache.ws.security.WSSecurityEngine in project iaf by ibissource.

the class SoapWrapper method signMessage.

public String signMessage(String soapMessage, String user, String password) throws SenderException {
    try {
        WSSecurityEngine secEngine = WSSecurityEngine.getInstance();
        WSSConfig config = secEngine.getWssConfig();
        config.setPrecisionInMilliSeconds(false);
        // create context
        AxisClient tmpEngine = new AxisClient(new NullProvider());
        MessageContext msgContext = new MessageContext(tmpEngine);
        InputStream in = new ByteArrayInputStream(soapMessage.getBytes());
        Message msg = new Message(in);
        msg.setMessageContext(msgContext);
        // create unsigned envelope
        SOAPEnvelope unsignedEnvelope = msg.getSOAPEnvelope();
        Document doc = unsignedEnvelope.getAsDocument();
        // create security header and insert it into unsigned envelope
        WSSecHeader secHeader = new WSSecHeader();
        secHeader.insertSecurityHeader(doc);
        // add a UsernameToken
        WSSecUsernameToken tokenBuilder = new WSSecUsernameToken();
        tokenBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
        tokenBuilder.setUserInfo(user, password);
        tokenBuilder.addNonce();
        tokenBuilder.addCreated();
        tokenBuilder.prepare(doc);
        WSSecSignature sign = new WSSecSignature();
        sign.setUsernameToken(tokenBuilder);
        sign.setKeyIdentifierType(WSConstants.UT_SIGNING);
        sign.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
        sign.build(doc, null, secHeader);
        tokenBuilder.prependToHeader(secHeader);
        // add a Timestamp
        WSSecTimestamp timestampBuilder = new WSSecTimestamp();
        timestampBuilder.setTimeToLive(300);
        timestampBuilder.prepare(doc);
        timestampBuilder.prependToHeader(secHeader);
        Document signedDoc = doc;
        return DOM2Writer.nodeToString(signedDoc);
    } catch (Exception e) {
        throw new SenderException(e);
    }
}
Also used : Message(org.apache.axis.Message) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NullProvider(org.apache.axis.configuration.NullProvider) WSSecSignature(org.apache.ws.security.message.WSSecSignature) SOAPEnvelope(org.apache.axis.message.SOAPEnvelope) Document(org.w3c.dom.Document) WSSecTimestamp(org.apache.ws.security.message.WSSecTimestamp) TransformerException(javax.xml.transform.TransformerException) TransformerConfigurationException(javax.xml.transform.TransformerConfigurationException) DomBuilderException(nl.nn.adapterframework.util.DomBuilderException) IOException(java.io.IOException) ConfigurationException(nl.nn.adapterframework.configuration.ConfigurationException) SenderException(nl.nn.adapterframework.core.SenderException) WSSecHeader(org.apache.ws.security.message.WSSecHeader) WSSConfig(org.apache.ws.security.WSSConfig) AxisClient(org.apache.axis.client.AxisClient) ByteArrayInputStream(java.io.ByteArrayInputStream) WSSecurityEngine(org.apache.ws.security.WSSecurityEngine) MessageContext(org.apache.axis.MessageContext) SenderException(nl.nn.adapterframework.core.SenderException) WSSecUsernameToken(org.apache.ws.security.message.WSSecUsernameToken)

Example 2 with WSSecurityEngine

use of org.apache.ws.security.WSSecurityEngine in project webservices-axiom by apache.

the class WSS4JTest method testSignature.

private void testSignature(String file, Vector<WSEncryptionPart> parts) throws Exception {
    WSSecSignature sign = new WSSecSignature();
    sign.setUserInfo("key1", "password");
    sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
    sign.setParts(parts);
    SOAPMessage message = load(file);
    Document doc = (Document) message;
    WSSecHeader secHeader = new WSSecHeader();
    secHeader.insertSecurityHeader(doc);
    Document signedDoc = sign.build(doc, crypto, secHeader);
    WSSecurityEngine secEngine = new WSSecurityEngine();
    assertThat(secEngine.processSecurityHeader(signedDoc, null, null, crypto)).hasSize(2);
}
Also used : WSSecHeader(org.apache.ws.security.message.WSSecHeader) WSSecSignature(org.apache.ws.security.message.WSSecSignature) WSSecurityEngine(org.apache.ws.security.WSSecurityEngine) Document(org.w3c.dom.Document) SOAPMessage(org.apache.axiom.soap.SOAPMessage)

Aggregations

WSSecurityEngine (org.apache.ws.security.WSSecurityEngine)2 WSSecHeader (org.apache.ws.security.message.WSSecHeader)2 WSSecSignature (org.apache.ws.security.message.WSSecSignature)2 Document (org.w3c.dom.Document)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 TransformerConfigurationException (javax.xml.transform.TransformerConfigurationException)1 TransformerException (javax.xml.transform.TransformerException)1 ConfigurationException (nl.nn.adapterframework.configuration.ConfigurationException)1 SenderException (nl.nn.adapterframework.core.SenderException)1 DomBuilderException (nl.nn.adapterframework.util.DomBuilderException)1 SOAPMessage (org.apache.axiom.soap.SOAPMessage)1 Message (org.apache.axis.Message)1 MessageContext (org.apache.axis.MessageContext)1 AxisClient (org.apache.axis.client.AxisClient)1 NullProvider (org.apache.axis.configuration.NullProvider)1 SOAPEnvelope (org.apache.axis.message.SOAPEnvelope)1 WSSConfig (org.apache.ws.security.WSSConfig)1 WSSecTimestamp (org.apache.ws.security.message.WSSecTimestamp)1