KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > samples > security > SignedSOAPEnvelope


1 /*
2  * The Apache Software License, Version 1.1
3  *
4  *
5  * Copyright (c) 2001-2003 The Apache Software Foundation. All rights
6  * reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  * notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  * notice, this list of conditions and the following disclaimer in
17  * the documentation and/or other materials provided with the
18  * distribution.
19  *
20  * 3. The end-user documentation included with the redistribution,
21  * if any, must include the following acknowledgment:
22  * "This product includes software developed by the
23  * Apache Software Foundation (http://www.apache.org/)."
24  * Alternately, this acknowledgment may appear in the software itself,
25  * if and wherever such third-party acknowledgments normally appear.
26  *
27  * 4. The names "Axis" and "Apache Software Foundation" must
28  * not be used to endorse or promote products derived from this
29  * software without prior written permission. For written
30  * permission, please contact apache@apache.org.
31  *
32  * 5. Products derived from this software may not be called "Apache",
33  * nor may "Apache" appear in their name, without prior written
34  * permission of the Apache Software Foundation.
35  *
36  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
37  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
38  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
39  * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
42  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
43  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
44  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
45  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
46  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47  * SUCH DAMAGE.
48  * ====================================================================
49  *
50  * This software consists of voluntary contributions made by many
51  * individuals on behalf of the Apache Software Foundation. For more
52  * information on the Apache Software Foundation, please see
53  * <http://www.apache.org/>.
54  */
55
56 package samples.security;
57
58 import org.apache.axis.Constants;
59 import org.apache.axis.Message;
60 import org.apache.axis.MessageContext;
61 import org.apache.axis.client.AxisClient;
62 import org.apache.axis.configuration.NullProvider;
63 import org.apache.axis.encoding.SerializationContext;
64 import org.apache.axis.encoding.SerializationContext;
65 import org.apache.axis.encoding.DeserializationContext;
66 import org.apache.axis.message.SOAPEnvelope;
67 import org.apache.axis.message.SOAPHeaderElement;
68 import org.apache.axis.utils.Mapping;
69 import org.apache.axis.utils.Messages;
70 import org.apache.axis.utils.XMLUtils;
71 import org.apache.xml.security.c14n.Canonicalizer;
72 import org.apache.xml.security.signature.XMLSignature;
73 import org.w3c.dom.Document JavaDoc;
74 import org.w3c.dom.Element JavaDoc;
75 import org.xml.sax.InputSource JavaDoc;
76
77 import java.io.FileInputStream JavaDoc;
78 import java.io.Reader JavaDoc;
79 import java.io.StringReader JavaDoc;
80 import java.io.StringWriter JavaDoc;
81 import java.security.KeyStore JavaDoc;
82 import java.security.PrivateKey JavaDoc;
83 import java.security.cert.X509Certificate JavaDoc;
84
85
86 public class SignedSOAPEnvelope extends SOAPEnvelope {
87     static String JavaDoc SOAPSECNS = "http://schemas.xmlsoap.org/soap/security/2000-12";
88     static String JavaDoc SOAPSECprefix = "SOAP-SEC";
89
90     static String JavaDoc keystoreType = "JKS";
91     static String JavaDoc keystoreFile = "keystore.jks";
92     static String JavaDoc keystorePass = "xmlsecurity";
93     static String JavaDoc privateKeyAlias = "test";
94     static String JavaDoc privateKeyPass = "xmlsecurity";
95     static String JavaDoc certificateAlias = "test";
96     private MessageContext msgContext;
97
98     static {
99         org.apache.xml.security.Init.init();
100     }
101
102     public SignedSOAPEnvelope(MessageContext msgContext, SOAPEnvelope env, String JavaDoc baseURI, String JavaDoc keystoreFile) {
103         this.msgContext = msgContext;
104         init(env, baseURI, keystoreFile);
105     }
106
107     public SignedSOAPEnvelope(SOAPEnvelope env, String JavaDoc baseURI) {
108         init(env, baseURI, keystoreFile);
109     }
110
111     private void init(SOAPEnvelope env, String JavaDoc baseURI, String JavaDoc keystoreFile) {
112         try {
113             System.out.println("Beginning Client signing...");
114             env.addMapping(new Mapping(SOAPSECNS, SOAPSECprefix));
115             env.addAttribute(Constants.URI_SOAP11_ENV, "actor", "some-uri");
116             env.addAttribute(Constants.URI_SOAP11_ENV, "mustUnderstand", "1");
117
118             SOAPHeaderElement header =
119                 new SOAPHeaderElement(XMLUtils.StringToElement(SOAPSECNS,
120                                                                "Signature",
121                                                                ""));
122             env.addHeader(header);
123
124             Document JavaDoc doc = getSOAPEnvelopeAsDocument(env, msgContext);
125
126             KeyStore JavaDoc ks = KeyStore.getInstance(keystoreType);
127             FileInputStream JavaDoc fis = new FileInputStream JavaDoc(keystoreFile);
128
129             ks.load(fis, keystorePass.toCharArray());
130
131             PrivateKey JavaDoc privateKey = (PrivateKey JavaDoc) ks.getKey(privateKeyAlias,
132                     privateKeyPass.toCharArray());
133
134             Element soapHeaderElement = (Element) ((Element) doc.getFirstChild()).getElementsByTagNameNS("*", "Header").item(0);
135             Element soapSignatureElement = (Element) soapHeaderElement.getElementsByTagNameNS("*", "Signature").item(0);
136
137             //Id attribute creation
138 Element body = (Element)doc.getElementsByTagNameNS("http://schemas.xmlsoap.org/soap/envelope/", "Body").item(0);
139             body.setAttribute("Id", "Body");
140
141             XMLSignature sig = new XMLSignature(doc, baseURI,
142                     XMLSignature.ALGO_ID_SIGNATURE_DSA);
143
144             soapSignatureElement.appendChild(sig.getElement());
145             sig.addDocument("#Body");
146
147
148             X509Certificate JavaDoc cert =
149                     (X509Certificate JavaDoc) ks.getCertificate(certificateAlias);
150
151
152             sig.addKeyInfo(cert);
153             sig.addKeyInfo(cert.getPublicKey());
154             sig.sign(privateKey);
155
156             Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
157             byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
158
159             InputSource JavaDoc is = new InputSource JavaDoc(new java.io.ByteArrayInputStream JavaDoc(canonicalMessage));
160             DeserializationContext dser = null;
161             if (msgContext == null) {
162                 AxisClient tmpEngine = new AxisClient(new NullProvider());
163                 msgContext = new MessageContext(tmpEngine);
164             }
165             dser = new DeserializationContext(is, msgContext,
166                     Message.REQUEST, this);
167
168             dser.parse();
169             System.out.println("Client signing complete.");
170         } catch (Exception JavaDoc e) {
171             e.printStackTrace();
172             throw new RuntimeException JavaDoc(e.toString());
173         }
174     }
175
176     private Document JavaDoc getSOAPEnvelopeAsDocument(SOAPEnvelope env, MessageContext msgContext)
177             throws Exception JavaDoc {
178         StringWriter JavaDoc writer = new StringWriter JavaDoc();
179         SerializationContext serializeContext = new SerializationContext(writer, msgContext);
180         env.output(serializeContext);
181         writer.close();
182
183         Reader JavaDoc reader = new StringReader JavaDoc(writer.getBuffer().toString());
184         Document JavaDoc doc = XMLUtils.newDocument(new InputSource JavaDoc(reader));
185         if (doc == null)
186             throw new Exception JavaDoc(
187                     Messages.getMessage("noDoc00", writer.getBuffer().toString()));
188         return doc;
189     }
190 }
191
Popular Tags