Problems with tomcat and wss4j

Fri, 25 Jan 2008 04:03:14 -0800 

Hi,
I have some problems with tomcat and wss4j. I programmed a servlet that recieves Soap-messages with signatures. The servlet checks the signature. In case of a valid signature the servlet removes it. The removeSignature gives me the error message "Signature is unvalid" even with valid signatures. 

The code of my servlet:

public class TestServlet extends HttpServlet
{
    private SecurityHandler signer = new SecurityHandler();

    public void doPost(HttpServletRequest request, HttpServletResponse
response)
    throws IOException
    {
        InputStream input = request.getInputStream();

        Document soapRequest = null;

        try
        {
            soapRequest = XmlUtils.createDocument(input);
        }

        catch (SAXException error)
        {
            throw new IOException(error.getMessage());
        }

        try {
            soapRequest = this.signer.removeSignature(soapRequest);
//auth failed!!

        } catch (SignatureNotFoundException e) {
            e.printStackTrace();
        }



    }
}

My client is a jUnit-Test.

@Test
    public final void testSendSignature() throws IOException,
SAXException, SignatureNotFoundException{
        /* Create valid signed example ---------------------------- */
        Document request =
createNspExampleRequestWithoutSignature(this.nspExampleRequestWithoutSignature);
        this.secureHandler.setAddSignatureFlag(true);
        Document response = this.secureHandler.addSignature(request);
        /* ---------------------------------------------------------- */

        /* Check example -------------------------------------------- */
        boolean check = this.signer.checkSignature(response);
        Assert.assertTrue("Signature is unvalid!", check);
        /* ---------------------------------------------------------- */

        /* Convert document to byte[]*/
        String requestString = XMLUtils.PrettyDocumentToString(request);
        byte[] soapBytes = requestString.getBytes();
        /* ---------------------------------------------------------- */

        /* set up the HTTP request - POST of SOAP 1.2 data */
        URL url = getDestinationURL(dest);
        HttpURLConnection connection =
(HttpURLConnection)url.openConnection();
        connection.setRequestMethod("POST");
        connection.setRequestProperty("Content-type",
SoapConstants.CONTENT_TYPE_HEADER);
        connection.setDoOutput(true);
        connection.connect();
        /* ---------------------------------------------------------- */

        /* send the SOAP request... */
        OutputStream output = connection.getOutputStream();
        output.write(soapBytes);
        output.flush();
        output.close();
        /* --------------------------------------------------------- */
    }

The client adds a signature in my Soap-message and checks the new

Soap-message. The signature is ok. The message is converted to a 
bytestream and sent. In TestServlet, removeSignature can't remove the 
signature. I got the error message "signature is unvalid".



I assumed that the converting to string or byte ruins the signature. I 
coded a test  to test the converting.


    @Test
    public final void testSignatureToByte() throws IOException,
SAXException, SignatureNotFoundException{
        /* Create valid signed example ------------------------------ */
        Document request =
createNspExampleRequestWithoutSignature(this.nspExampleRequestWithoutSignature);
        this.secureHandler.setAddSignatureFlag(true);
        Document response = this.secureHandler.addSignature(request);
        String responseString = XMLUtils.PrettyDocumentToString(response);
        /* --------------------------------------------------------- */

        /* Check example -------------------------------------------- */
        boolean check = this.signer.checkSignature(response);
        Assert.assertTrue("Signature is unvalid!", check);
        /* -------------------------------------------------------- */

        /*Create a copy----------------------------------------------*/
        byte[] responseByte = responseString.getBytes();
        String newResponseString = new String(responseByte);
        System.out.println("newResponse: ---------");
        System.out.println(newResponseString);
        Assert.assertTrue("Strings are unequal",
responseString.equals(newResponseString));
        /* -------------------------------------------------------- */

        /*Check copy ---------------------------------------------- */
        Document newResponse = XmlUtils.createDocument(newResponseString);
        check = this.signer.checkSignature(newResponse);
        Assert.assertTrue("Signature is unvalid!", check);
        /* ------------------------------------------------------- */
    }

The result of the test is positive.
I do not understand why removeSignature() in TestServlet calls me

"signature is unvalid". It would be nice if you could help me with this 
problem.

Thank you in advance.

Regards,

Sandra Kosmalla


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to