Verifying the soap message signature

mohamed sellami Tue, 04 Jul 2006 07:03:24 -0700

Hello everybody

I'm new to wss4j and I’m actually testing it.


I tried to sign a soap message and then to verify it.

For the signature all seems to be all right but I encountered an exception when 
verifying the signature.

Here is the code I used for the verification:

---------------------------------------------------------------------------
------------------------Code start
---------------------------------------------------------------------------
import java.io.*;

import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.*;
import org.apache.ws.security.message.*;

import org.apache.axis.utils.*;
import org.apache.axis.message.*;
import org.apache.axis.client.*;
import org.apache.axis.*;
import org.apache.axis.configuration.*;
import java.util.Vector;
import org.w3c.dom.*;

public class VerifSignSOAP{
         private static final String signedSOAPMsg=
        "<SOAP-ENV:Envelope "+
        "xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\"; "+
        "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"; "+
        "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\";>"+
        "<SOAP-ENV:Header>"+
        "<wsse:Security SOAP-ENV:mustUnderstand=\"true\" "+
        
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\";>"+
        "<ds:Signature xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\";>"+
        "<ds:SignedInfo>"+
        "<ds:CanonicalizationMethod 
Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>"+
        "<ds:SignatureMethod 
Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>"+
        "<ds:Reference URI=\"#id-30472956\">"+
        "<ds:Transforms>"+
        "<ds:Transform Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>"+
        "</ds:Transforms>"+
        "<ds:DigestMethod 
Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>"+
        "<ds:DigestValue>UgA2oOAXUuXx7wXm7NfLHu7qS34=      </ds:DigestValue>"+
        "</ds:Reference>"+
        "</ds:SignedInfo>"+
        "<ds:SignatureValue>"+
        
"jlviX+9c/bSlAF01GLfilti3Yp1+9EXcKzI2rDi/dJ1tpsk0DO7tXvmv8HqNu9oVSBS6soXhKMuG"+
        
"GUxe5hvotBANtuk3Fo0JBtr63+r9ZuwoGgSjer+5uHge6e+3XA029CzdSMNAFSvJobzCSojvgX+C"+
        "dv+cmd4ApWLAogPCgq4="+
        "</ds:SignatureValue>"+
        "<ds:KeyInfo Id=\"KeyId-8549963\">"+
        "<wsse:SecurityTokenReference wsu:Id=\"STRId-31782850\" "+
        
"xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\";>"+
        "<ds:X509Data>"+
        "<ds:X509IssuerSerial>"+
        "<ds:X509IssuerName>CN=sellami 
mohamed,OU=CNSS,O=CNSS,L=Sfax,ST=Tunisie,C=TN</ds:X509IssuerName>"+
        "<ds:X509SerialNumber>1151857306</ds:X509SerialNumber>"+
        "</ds:X509IssuerSerial>"+
        "</ds:X509Data>"+
        "</wsse:SecurityTokenReference>"+
        "</ds:KeyInfo>"+
        "</ds:Signature>"+
        "</wsse:Security>"+
        "</SOAP-ENV:Header>"+
        "<SOAP-ENV:Body wsu:Id=\"id-30472956\" 
xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\";>"+
        "<sayHello xmlns=\"http://jeffhanson.com/services/helloworld\";>"+
        "<value xmlns=\"\">Hello world!</value>"+
        "</sayHello>"+
        "</SOAP-ENV:Body>"+
        "</SOAP-ENV:Envelope>";
            
        private static final WSSecurityEngine secEngine =new WSSecurityEngine();
        private static final Crypto crypto =CryptoFactory.getInstance();
        private static AxisClient engine = null;
        private static MessageContext msgContext = null;
        private static void verify(SOAPEnvelope signedEnvelope) throws 
Exception {
        Document doc = signedEnvelope.getAsDocument();
        secEngine.processSecurityHeader(doc, null, null,crypto);

        System.out.println("La firma del messaggio è valida");
        }   
   

   private static Message getAxisMessage(String unsignedEnvelope){
        InputStream inStream =new 
ByteArrayInputStream(unsignedEnvelope.getBytes());
        Message axisMessage = new Message(inStream);
        axisMessage.setMessageContext(msgContext);
        return axisMessage;
        }
        
public static void main(String[] args){
                
        try
       {
       Message axisMessage = getAxisMessage(signedSOAPMsg);
       SOAPEnvelope signedEnvelope = axisMessage.getSOAPEnvelope();

       System.out.println("<<< signed >>>");
       
       XMLUtils.PrettyElementToWriter(signedEnvelope.getAsDOM(),new 
PrintWriter(System.out));
       
      verify(signedEnvelope);

   }
   catch (Exception e){e.printStackTrace();}

                
        }
        
}

---------------------------------------------------------------------------
----------------------------Code Ends
---------------------------------------------------------------------------

I received this Exception :

java.lang.NullPointerException
at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(Envel
opeIdResolver.java:100)

at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unkno
wn Source)

at org.apache.xml.security.signature.Reference.getContentsBeforeTransfor
mation(Unknown Source)

at org.apache.xml.security.signature.Reference.dereferenceURIandPerformT
ransforms(Unknown Source)

at org.apache.xml.security.signature.Reference.calculateDigest(Unknown S
ource)

at org.apache.xml.security.signature.Reference.verify(Unknown Source)

at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown S
ource)

at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)

at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Un
known Source)

at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Un
known Source)

at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignatur
e(SignatureProcessor.java:264)

at org.apache.ws.security.processor.SignatureProcessor.handleToken(Signa
tureProcessor.java:79)

at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:269)

at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:191)

at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:144)

at VerifSignSOAP.verify(VerifSignSOAP.java:78)

at VerifSignSOAP.main(VerifSignSOAP.java:102)

--------------------------------------------------------------------------

Do someone has an idea on what the problem is ?

Thanks

Mohamed Sellami
-- 


"Feel free" – 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Verifying the soap message signature

Reply via email to