Skip to Main Content
Forums

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Why soap header with signature is gone as trying to verify it

843834Sep 10 2004 — edited Sep 23 2004
I am trying veirfy the xml's digital signature at businees level code.

By using jwsdp1.4's sample code, called simple, and added some retrieved code from the docs, I am trying to verify the signature on the server side.

From the server log info as below, it is showing nothing about siganture in the soap header, this makes my verification totally failed. Any help is appreciated?

Any small method i need to implement to make the lower level code to keep the siagture?
Any API i need to set?
Any other API is avalable to let retrieve the sigture at business level code?

Thanks in advance! XueChun.

Code sample:

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
package simple;

import java.io.*;

import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.xml.rpc.*;
import javax.xml.rpc.ServiceException;
import javax.xml.rpc.server.ServiceLifecycle;
import javax.xml.rpc.server.ServletEndpointContext;

import javax.servlet.ServletContext;

import com.sun.xml.rpc.server.http.ServletEndpointContextImpl;
import com.sun.xml.rpc.server.TieBase;
import com.sun.xml.rpc.spi.runtime.Tie;

import com.sun.xml.rpc.security.LoggerConstants;

import java.security.cert.CertificateFactory;
import java.security.cert.Certificate;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;

import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyName;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.SOAPMessage;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;

import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

public class PingImpl implements PingPort, ServiceLifecycle {
private static Logger log = Logger.getLogger(LoggerConstants.RPC_SECURITY_DOMAIN,
LoggerConstants.RPC_SECURITY_RESOURCE_BUNDLE);

protected ServletEndpointContext sec = null;

/**
*/
PingImpl() {
System.out.println("CONTRUCT---COUNTER");
}

public void init(Object context) throws ServiceException {
//////////////////////////////////////////////////////////////
// THIS is servlet init code only, NOT session-related.
//////////////////////////////////////////////////////////////
System.out.println("xxx Entered init(Object context), context is [" + context +"]");
System.out.println("xxx Entered init(Object context), context.getClass() is [" + context.getClass() +"]");
System.out.println("xxx I am sleeping 3 secnods, ...");

try {
Thread.sleep(3000);
}
catch (Exception e) {
//doing nothing
}
finally {
}

this.sec = (ServletEndpointContext) context;

System.out.println("xxx I am leaving init(Object context)");
}


/////////////////////////////////////////////////////////////////////////////
// --- implementation of main operation ---
/////////////////////////////////////////////////////////////////////////////
public String ping(TicketType ticket, String message) {
try {
System.out.println("The message is here : " + message);
System.out.println("In the main operation, I am sleeping 3 seconds >>>>");
try {
Thread.sleep(3000);
}
catch (Exception e) {
//doing nothing
}
System.out.println("The Ticket id is here : " + ticket.getId());

/////////////////////////////////////////////////////////////////////////////////
// Verify
/////////////////////////////////////////////////////////////////////////////////
SOAPMessageContext msgctx = (SOAPMessageContext) (sec.getMessageContext());
SOAPMessage msg = msgctx.getMessage();

ByteArrayOutputStream msgOutStream = new ByteArrayOutputStream();
msg.writeTo(msgOutStream);

System.out.println("-----SOAP MSG[" + new String( msgOutStream.toByteArray() ) + "]-------------");

ByteArrayInputStream msgInStream = new ByteArrayInputStream(msgOutStream.toByteArray());
javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc = db.parse(new InputSource(msgInStream));

System.out.println("-----XMLSignature.XMLNS=[" + XMLSignature.XMLNS + "]");

// Find Signature element
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
System.out.println("-----nl.getLength()=[" + nl.getLength() + "]");
if (nl.getLength() == 0) {
//Cannot find Signature element
//This is normal for QueryManager requests
//Just return null for XMLSignature
return null;
}

// Create a DOM XMLSignatureFactory that will be used to unmarshal the
// document containing the XMLSignature
XMLSignatureFactory fac = createXMLSignatureFactory();

// Get the p[ublisc key
String certURL = "/home/xchen/jwsdp/ver1.4/xws-security/etc/client-cert.pem";
FileInputStream fis = new FileInputStream(certURL);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate cert = cf.generateCertificate(fis);
java.security.PublicKey pk = cert.getPublicKey();
fis.close();

// Create a DOMValidateContext and specify a KeyValue KeySelector
// and document context
DOMValidateContext valContext = new DOMValidateContext
(pk, nl.item(0));

// unmarshal the XMLSignature
XMLSignature signature = fac.unmarshalXMLSignature(valContext);

// Validate the XMLSignature (generated above)
boolean coreValidity = signature.validate(valContext);

// Check core validation status
if (coreValidity == false) {
String errorMsg = "Signature failed core validation";
boolean sv = signature.getSignatureValue().validate(valContext);
errorMsg += "\n signature validation status: " + sv;
// check the validation status of each Reference
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
boolean refValid =
((Reference) i.next()).validate(valContext);
errorMsg += "\n ref["+j+"] validity status: " + refValid;
}
throw new XMLSignatureException(errorMsg);
}
/////////////////////////////////////////////////////////////////////////////////
// Verify
/////////////////////////////////////////////////////////////////////////////////
}
catch (Exception e) {
e.printStackTrace(System.out);
}
finally {
}
return message;
}

/**
* Utility method to create a DOM XMLSignatureFactory using system property 'jsr105Provider'.
*
* @return new DOM XMLSignatureFactory
* @throw RegistryException wrapping ClassNotFoundException,
* InstantiationException or IllegalAccessException
*/
public XMLSignatureFactory createXMLSignatureFactory() throws Exception {
String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance());
return fac;
}


/* (non-Javadoc)
* @see javax.xml.rpc.server.ServiceLifecycle#destroy()
*/
public void destroy() {
System.out.println("xxx Entering destroy");
System.out.println("xxx I am sleeping 3 secnods, ...");

try {
Thread.sleep(3000);
}
catch (Exception e) {
//doing nothing
}
finally {
}


System.out.println("xxx I am leaving destroy(Object context)");
}


}
///////////////////////////////////////////////////////////////
// STANDING BRACKTS.
///////////////////////////////////////////////////////////////

LOG results=============================>
CONTRUCT---COUNTER
xxx Entered init(Object context), context is [com.sun.xml.rpc.server.http.ServletEndpointContextImpl@881cb3]
xxx Entered init(Object context), context.getClass() is [class com.sun.xml.rpc.server.http.ServletEndpointContextImpl]
xxx I am sleeping 3 secnods, ...
xxx I am leaving init(Object context)
Sep 10, 2004 2:36:36 PM com.sun.xml.wss.filter.DumpFilter process
INFO: ==== Received Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="urn:Foo" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Id-2894355035366988544">MIIDWTCCAsKgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJOQTELMAkGA1UECBMC
TkExCzAJBgNVBAcTAk5BMQswCQYDVQQKEwJOQTELMAkGA1UECxMCTkExHjAcBgNVBAMTFWNlcnRp
ZmljYXRlLWF1dGhvcml0eTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMDQwNDA5MjAyMDA0WhcNMDUw
NDA5MjAyMDA0WjByMQswCQYDVQQGEwJOQTELMAkGA1UECBMCTkExCzAJBgNVBAcTAk5BMQswCQYD
VQQKEwJOQTELMAkGA1UECxMCTkExHDAaBgNVBAMTE3h3cy1zZWN1cml0eS1jbGllbnQxETAPBgkq
hkiG9w0BCQEWAk5BMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChxbTlPz21PNp5YSh3Wr0Q
97HhHOenXMI4G/mAkknS3gEFV8CJJR8sE2+WeweOk2M2UIpQLYHPE2mFKoe9SV82IW5o0dJwrh5J
ELSq9fR3x6wdE5/O8leY0dFL5zPtm4gWHU7b/pV1kfijrGiIBTO7M59oACxhHJE7RB0WYy1zUQID
AQABo4H8MIH5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
cnRpZmljYXRlMB0GA1UdDgQWBBSdEF+wTGtncGGY/Pd6MpAKaIRhtDCBngYDVR0jBIGWMIGTgBS1
BYo8LSYEn16yMWhvreilyanXfqF4pHYwdDELMAkGA1UEBhMCTkExCzAJBgNVBAgTAk5BMQswCQYD
VQQHEwJOQTELMAkGA1UEChMCTkExCzAJBgNVBAsTAk5BMR4wHAYDVQQDExVjZXJ0aWZpY2F0ZS1h
dXRob3JpdHkxETAPBgkqhkiG9w0BCQEWAk5BggEAMA0GCSqGSIb3DQEBBAUAA4GBAMxAGol7R7BT
BWW/Jv+51R0JAtWfZyI54qmU0cfYkgiIk5wp7LrVge4NlJwmlnq0exp5LKPB2gLqHVP9oK6PIEbS
P6yMzV0G2/qXbsi1UPQvQlKeAdkcsbYeq1WpQUzdNLCVg4eTIsoZQoosSdAiL672kRBEW2fDtRuK
qV+oNKQk</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-2391999914156714227">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>iIY8k7hrZMblCtIjWiS04nM3t9M=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
BXM97vXnfEOz132lEtVLIQGq4GOprMDmHYAcJ8r1b28ZnFd8jjo/2530vMtakWPuIItHU+/qAkfc
mDXtMa+VswwfHHSFzGyBguX7AWUrI9hNXh7Ba8QwYD41/RgPBRi9i5HDIcbFjSJGsMO4kX/ypOKX
pYtWxPHjx0I2ukp0Wp8=
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#Id-2894355035366988544" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</env:Header>
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-2391999914156714227">
<ns0:ping>
<TicketType_1>
<_value xsi:nil="1"/>
<id>SUNW</id>
</TicketType_1>
<String_2>Hello !</String_2>
</ns0:ping>
</env:Body>
</env:Envelope>
==== Received Message End ====

The message is here : Hello !
In the main operation, I am sleeping 3 seconds >>>>
The Ticket id is here : SUNW
-----SOAP MSG[<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="urn:Foo" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><env:Header>

</env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-2391999914156714227"><ns0:ping><TicketType_1><_value xsi:nil="1"/><id>SUNW</id></TicketType_1><String_2>Hello !</String_2></ns0:ping></env:Body></env:Envelope>]-------------
-----XMLSignature.XMLNS=[http://www.w3.org/2000/09/xmldsig#]
-----nl.getLength()=[0]
Sep 10, 2004 2:36:41 PM com.sun.xml.wss.filter.DumpFilter process
INFO: ==== Sending Message Start ====
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="urn:Foo" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Id8377369575960459306">MIIDWTCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQQFADB0MQswCQYDVQQGEwJOQTELMAkGA1UECBMC
TkExCzAJBgNVBAcTAk5BMQswCQYDVQQKEwJOQTELMAkGA1UECxMCTkExHjAcBgNVBAMTFWNlcnRp
ZmljYXRlLWF1dGhvcml0eTERMA8GCSqGSIb3DQEJARYCTkEwHhcNMDQwNDA5MjAxNTUwWhcNMDUw
NDA5MjAxNTUwWjByMQswCQYDVQQGEwJOQTELMAkGA1UECBMCTkExCzAJBgNVBAcTAk5BMQswCQYD
VQQKEwJOQTELMAkGA1UECxMCTkExHDAaBgNVBAMTE3h3cy1zZWN1cml0eS1zZXJ2ZXIxETAPBgkq
hkiG9w0BCQEWAk5BMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTEAYXDMEpuR5m6mVMNPBT
vSbiFJJfykCJuANuIsYMqCGbajlJYxkPSFjsUbxhSinSTCYGlHfqqesxKyk8dPcX/LAujCOwwd1t
Ddql2sQZ6WZwf21wfSv65TczldTTlbADzttoJbzsICl7LH85900XUv25mmouS96Cw5CSdgL/8wID
AQABo4H8MIH5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
cnRpZmljYXRlMB0GA1UdDgQWBBS1RijUqFm1EOJR/UtU0NSilNzOajCBngYDVR0jBIGWMIGTgBS1
BYo8LSYEn16yMWhvreilyanXfqF4pHYwdDELMAkGA1UEBhMCTkExCzAJBgNVBAgTAk5BMQswCQYD
VQQHEwJOQTELMAkGA1UEChMCTkExCzAJBgNVBAsTAk5BMR4wHAYDVQQDExVjZXJ0aWZpY2F0ZS1h
dXRob3JpdHkxETAPBgkqhkiG9w0BCQEWAk5BggEAMA0GCSqGSIb3DQEBBAUAA4GBAEjzXe4rgJmz
rbDKYqe5MLSe8dDwkTWZhlN9OE+d3WdVDZAS0tXSC22sWahPBN9RcAkOSCNyX42vCNxjH+wWIbtx
C+B8ODXBbvJNPzsEA2dVK04VlixzhJsdAZB5BEeG35nhL3Z0TSo57EclJKCmATyMn0RNWxJFJyHA
fj09r4zf</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-9066316747135162397">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>r3ftCKnFslGSjHnnTHKVb5bQcz0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
gvxejbdeCX8ndC87FTedSg0TPobBlu9FIUZ1OGSfFUnEWlyLgf0ngcibfWquNgZauRy7CYZwfb+4
SEUIYrAAOlsVLVJeAp+QumIZ9khgcz9ocpmh7vwfBUMLFyNWgJBdLjmre+3AGDNkHch7Vi0n/kCE
JYE20Im8cWUYwqIc1mY=
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#Id8377369575960459306" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</env:Header>
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-9066316747135162397">
<ns0:pingResponse>
<result xsi:nil="1"/>
</ns0:pingResponse>
</env:Body>
</env:Envelope>
==== Sending Message End ====
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Oct 21 2004
Added on Sep 10 2004
#java-technologies-for-web-services
7 comments
393 views