Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
This gist shows how to sign a Soap-Message using Apache WSS4J.
package de.wolff.wsst;
import java.io.File;
import java.util.Properties;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPMessage;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.w3c.dom.Document;
/**
* Uses Apache WSS4J 2.2.2 to sign a soap message
*
* @author luis wolff
*
*/
public class WSSecuritySigner {
private static final String KEY_STORE_FILE = System.getProperty("keystore.file");
private static final String KEY_STORE_PASSWD = System.getProperty("keystore.password");
private static final String KEY_STORE_ALIAS = System.getProperty("keystore.alias");
private static final String KEY_STORE_PRIVAT_PASSWD = System.getProperty("keystore.private.password", KEY_STORE_PASSWD);
public static void main(String[] args) throws Throwable {
SOAPMessage message = createMessage(new File(args[0]));
signMessage(message.getSOAPPart());
message.writeTo(System.out);
}
private static SOAPMessage createMessage(File file) throws Exception {
Document document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file);
SOAPMessage message = MessageFactory.newInstance().createMessage();
message.getSOAPBody().addDocument(document);
return message;
}
private static void signMessage(Document message) throws WSSecurityException {
WSSecHeader secHeader = new WSSecHeader(message);
secHeader.setMustUnderstand(false);
secHeader.insertSecurityHeader();
generateSignature(secHeader);
}
private static void generateSignature(WSSecHeader secHeader) throws WSSecurityException {
WSSecSignature builder = new WSSecSignature(secHeader);
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setUserInfo(KEY_STORE_ALIAS, KEY_STORE_PRIVAT_PASSWD);
builder.build(createCrypto());
}
private static Crypto createCrypto() throws WSSecurityException {
Properties properties = new Properties();
properties.setProperty("org.apache.wss4j.crypto.merlin.keystore.file", KEY_STORE_FILE);
properties.setProperty("org.apache.wss4j.crypto.merlin.keystore.password", KEY_STORE_PASSWD);
return CryptoFactory.getInstance(properties);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment