Hi,
I developed one webservcie application, where client has to use the x509
secuirty token in the soap message. I created the soap message as per the
WSS Security token x509 certificate profile.
SOAP message is digitally signed using my private key.
Once soap message arrives at the server, I need to do authentication using
Digital certificates. So i tried to get the certificate as follows
NodeList list1 = header.getElementsByTagName("Security");
Element x509Element = (Element) list1.item(0);
XMLSignature xmlSignature = new XMLSignature(x509Element, null);
xmlSignature.addResourceResolver(EnvelopeIdResolver.getInstance());
X509Certificate[] certs = null;
KeyInfo info = xmlSignature.getKeyInfo();
Node node = null;
if (info != null)
{
node = WSSecurityUtil.getDirectChild(info.getElement(),
SecurityTokenReference.SECURITY_TOKEN_REFERENCE,WSSE_SEC_NS_URI);
if (node == null)
{
throw new
WSSecurityException(WSSecurityException.INVALID_SECURITY,"unsupportedKeyInfo");
}
SecurityTokenReference secRef = new SecurityTokenReference((Element)
node);
}
boolean valid = xmlSignature.checkSignatureValue(pkCert);
if (valid)
System.out.println("Signature is valid.");
else
System.out.println("Signature is not valid.");
return bret;
First question is how to validate the soap message?
Second question is how to get the Binary Secuirty token value which then
will create X509Certificate(How to create this also from binary security
token) Object?
Third is how to do authentication?
When I am trying to fetch the Secuirty Token Reference from the KeyInfo
object, I am gettnig the following error.
Exception in thread "main"
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd:Security
from a http://www.w3.org/2000/09/xmldsig#:Signature element
at
org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrectSpace(Unknown
Source)
at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown
Source)
at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
at client.WSSecSingatureTest.doVerify(WSSecSingatureTest.java:239)
at client.WSSecSingatureTest.main(WSSecSingatureTest.java:191)
Currently we are not using the WSS4J framework. SO I dont need to create the
deployment descriptors like client-config.wssd and server-config.wssd.
i am trynig to do the authentication, validation on the server using
programmatically.
I request your help in fixing this issue.
Regards,
Pandu
--
View this message in context:
http://www.nabble.com/Binary-Security-Token-for-X509-certificates-issue-tf2381136.html#a6636040
Sent from the WSS4J mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
