wss4j signed soap message call .net wse2.0 web service does not work
---------------------------------------------------------------------
Key: WSS-134
URL: https://issues.apache.org/jira/browse/WSS-134
Project: WSS4J
Issue Type: Test
Components: WSS4J Core
Affects Versions: 1.5.4
Environment: wss4j 1.54,jdk1.6
Reporter: guo dongliang
Assignee: Ruchith Udayanga Fernando
Fix For: 1.5.4
wss4j 1.54 java client sign soap message with x.509 cert, then consume .net
wse2.0 web service, server throw a exception as "Descryption or signature was
In soap message , header ,timestamp and body are signed. I compare the signed
message by wss4j and .net , only timestamp and ws-address order are diffeent.
Other all are same.
Here is my wss4j java code
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.FileWriter;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.axis.client.Call;
import org.apache.axis.message.SOAPBodyElement;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.utils.XMLUtils;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.components.crypto.*;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
//import org.perfsonar.client.base.requests.authService.AuthNEERequestGenerator;
import java.util.*;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.SimpleTimeZone;
import javax.xml.soap.Name;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPPart;
import org.apache.axis.message.SOAPHeaderElement;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.util.Base64;
//import org.apache.commons.ssl.;
/**
* Class which provides the basic web service (Doc/Lit) client capability
*
*
* @author Guo dong liang
*/
public class SOAPX509Client_home {
//@SuppressWarnings(value={"deprecation"})
String wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing/";;
String
wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";;
String
wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";;
String
alias="f5897568954049c99a1d057df74e54e0_72b30743-1afb-418c-9272-1c13014cf103";
String propertyFile =
"D:/java/JavaApplication1/build/classes/crypto.property";
String actorName
="http://10.215.15.200:18001/MEDINET_BIZTALK/EMRX_WEBSERVICE/SERVICEINTERCHANGEENGINE2004S/RequestAdapter.asmx?wsdl";//
"http://extranet.msb-uat.moh.gov.sg:16001/MEDINET_BIZTALK/EMRX_WEBSERVICE/SERVICEINTERCHANGEENGINE2004S/RequestAdapter.asmx?wsdl";;
String
actionName="http://EMRX.Orchestration.ServiceInterchangeEngine/RequestAdapter/InitiateService";;
String inputFile = "D:/java/JavaApplication1/build/classes/Request.xml";
String outputFile = "D:/java/JavaApplication1/build/classes/Response.xml";
String inputSOAP = "D:/java/JavaApplication1/build/classes/inputSOAP.xml";
String beforeSignFile = "D:/java/JavaApplication1/build/classes/beforeSign";
public void makeRequest(String[] args) {
try {
SOAPBodyElement requestMessage = getSOAPBodyElement(inputFile);
SOAPEnvelope envelope = new SOAPEnvelope();
envelope.addNamespaceDeclaration("wsa", wsa );
envelope.addNamespaceDeclaration("wsu", wsu );
envelope.addNamespaceDeclaration("wsse", wsse );
envelope.addBodyElement(requestMessage);
/**insert ws-addressing header element*****/
insertHeaderElement(envelope);
/*******adding to be signed parts***/
SOAPConstants soapConstants =
WSSecurityUtil.getSOAPConstants(envelope.getAsDOM());
// Set up to use InitiateService to sign the signature token
Vector<WSEncryptionPart> parts = new Vector<WSEncryptionPart>();
//sign body ,to ,action,timestamp, 4 parts
String localPart =soapConstants.getBodyQName().getLocalPart();
String envelopeURI =soapConstants.getEnvelopeURI();
WSEncryptionPart eAction = new WSEncryptionPart("Action", wsa,
"Content");
parts.add(eAction);
WSEncryptionPart eMessageID = new WSEncryptionPart("MessageID", wsa,
"Content");
parts.add(eMessageID);
WSEncryptionPart eReplyTo = new WSEncryptionPart("ReplyTo", wsa,
"Content");
parts.add(eReplyTo);
WSEncryptionPart eTo = new WSEncryptionPart("To", wsa, "Content");
parts.add(eTo);
WSEncryptionPart body = new WSEncryptionPart(localPart, envelopeURI,
"Content");
parts.add(body);
/***************insert sec header***************/
java.util.Properties property=new
java.util.Properties();//(propertyFile);
property.load(new FileInputStream(propertyFile));
Crypto crypto1=new Merlin(property) ;
try{
/***************sign soap message****************/
WSSecSignature sec509 = new WSSecSignature();
sec509.setUserInfo(alias, "Password");
sec509.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
Document doc1 = envelope.getAsDocument();
//create security header
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc1);
/*
Adds a new Timestamp to a soap envelope.
A complete Timestamp is constructed and added to the wsse:Security
header.
* */
WSSecTimestamp timestamp = new WSSecTimestamp();
timestamp.setTimeToLive(600);
timestamp.build(doc1, secHeader);
sec509.setParts(parts);
parts.add(new WSEncryptionPart(timestamp.getId()));
saveSOAPMessage(envelope.getAsDocument(), beforeSignFile);
/*
Builds a signed soap envelope. This is a convenience method and
for backward compatibility.
The method creates a Signature and puts it into the Security
header.
It does so by calling the single functions in order to perform a
one shot signature
*/
Document signedDoc = sec509.build(doc1, crypto1, secHeader);
org.apache.axis.Message signedMsg = (org.apache.axis.Message)
SOAPUtil.toAxisMessage(signedDoc);
envelope = signedMsg.getSOAPEnvelope();
System.out.println(sec509.getId()+":"+""+":"+sec509.getSignatureValue().length);
// Saving SOAP message
saveSOAPMessage(envelope.getAsDocument(), inputSOAP);
/*****************Call soap web service*************************/
} catch (ClassCastException e) {
e.printStackTrace();
System.out.println("SOAPX509Client.makeRequest: We didn't get a
Vector of SOAPBodyElements!");
}
// System.out.println("time taken :"+((endTime-startTime)/1000d)+"
secs");
}catch(Exception e)
{
e.printStackTrace();
}
}
private void saveSOAPMessage(Document doc, String file) {
try {
File response = new File(file+".soap.xml");
FileWriter outWriter = new FileWriter(response);
// XMLUtils.ElementToWriter(doc.getDocumentElement(),outWriter);
XMLUtils.DocumentToWriter(doc, outWriter);
//
XMLUtils.PrettyElementToWriter(doc.getDocumentElement(),outWriter);
outWriter.close();
} catch (Exception e) {
System.out.println("SOAPX509Client.saveSOAPMessage: General
exception while writing SOAP message");
e.printStackTrace();
}
}
private void insertHeaderElement(SOAPEnvelope envelope)
{
/*************************insert To, Action header
element*************************************/
try
{
SOAPHeader aHeader = envelope.getHeader();
Name headerActionElement =envelope.createName("Action",
"wsa",wsa);
javax.xml.soap.SOAPHeaderElement action =
aHeader.addHeaderElement(headerActionElement);
action.addTextNode("http://EMRX.Orchestration.ServiceInterchangeEngine/RequestAdapter/InitiateService";);
Name headerMessageIDElement =envelope.createName("MessageID",
"wsa",wsa);
javax.xml.soap.SOAPHeaderElement messageID =
aHeader.addHeaderElement(headerMessageIDElement);
messageID.addTextNode("uuid:ff494257-2921-47d4-9c02-f3c2722c8775");
Name headerReplyToElement =envelope.createName("ReplyTo",
"wsa",wsa);
javax.xml.soap.SOAPHeaderElement replyTo =
aHeader.addHeaderElement(headerReplyToElement);
javax.xml.soap.SOAPElement
addressElement=replyTo.addChildElement(envelope.createName("Address",
"wsa",wsa));
addressElement.addTextNode("http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous";);
Name headerToElement =envelope.createName("To", "wsa",wsa);
javax.xml.soap.SOAPHeaderElement to =
aHeader.addHeaderElement(headerToElement);
to.addTextNode("http://extranet.msb-uat.moh.gov.sg:16001/MEDINET_BIZTALK/EMRX_WEBSERVICE/SERVICEINTERCHANGEENGINE2004S/RequestAdapter.asmx";);
// saveSOAPMessage(envelope.getAsDocument(), outputFile2);
}catch(Exception e)
{
System.out.println(e.getMessage());
}
/*******************************************/
}
private String getTimestamp()
{
//<aws:Timestamp>2008-02-10T23:59:59Z</aws:Timestamp>
Calendar aGregorian = Calendar.getInstance();
SimpleTimeZone aUTC = new SimpleTimeZone(0, "UTC");
SimpleDateFormat aISO8601 = new
SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
aISO8601.setTimeZone(aUTC);
return aISO8601.format(aGregorian.getTime());
}
private SOAPBodyElement getSOAPBodyElement(String inputFile)
{
// read the request into a org.w3c.DOM.Document
SOAPBodyElement requestMessage=null;
try
{
Document request = null;
DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
request = builder.parse(new File(inputFile));
// build a SOAPBodyElement from the document
requestMessage = new SOAPBodyElement(request.getDocumentElement());
}catch(Exception e)
{}
return requestMessage;
}
public static void main(String[] args) {
SOAPX509Client_home doclitClient = new SOAPX509Client_home();
doclitClient.makeRequest(args);
}
}
Wss4j signed soap message
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing/";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";><soapenv:Header><wsse:Security
soapenv:mustUnderstand="1"><wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
wsu:Id="CertId-12737140">MIIEiDCCA3CgAwIBAgIEQH2PFzANBgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJTRzEtMCsGA1UEChMkTmV0cnVzdCBUZXN0IENlcnRpZmljYXRlIEF1dGhvcml0eSAxMRkwFwYDVQQLExBOZXRydXN0IFRlc3QgQ0ExMB4XDTA4MDUyMTA3MzA0NloXDTEwMDUyMDE2MDAwMFowgbMxCzAJBgNVBAYTAlNHMS0wKwYDVQQKEyROZXRydXN0IFRlc3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDExJTAjBgNVBAsTHE5ldHJ1c3QgVGVzdCBDQTEgKENvcnBvcmF0ZSkxKzApBgNVBAsTIlBhcmt3YXkgSG9zcGl0YWwgU2luZ2Fwb3JlIFB0ZSBMdGQxITAfBgNVBAMTGFBhcmt3YXkgTGFiIFNlcnZpY2VzIDAwMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsHFBZeScvyEaAXkX+XodsTmvN0Wmq4pHl1dTLcwluMyO/1c4rGzRfO58mMEKMPf1c0PHfrlbKVyrSL/kNkyhihp9iNDt+v9WzXRt4C2d2TQDEzPvdXAXx6cQNCeHTqQ5wLFynMaQsAnJvpiRjF5yIA+jGurSaNQREM1g6LYN+K8CAwEAAaOCAYEwggF9MAsGA1UdDwQEAwIFoDArBgNVHRAEJDAigA8yMDA4MDUyMTA3MzA0NlqBDzIwMTAwNTIwMTYwMDAwWjAVBgNVHSAEDjAMMAoGCCqFPgCHag1mMBEGCWCGSAGG+EIBAQQEAwIGwDCBsAYDVR0fBIGoMIGlMG+gbaBrpGkwZzELMAkGA1UEBhMCU0cxLTArBgNVBAoTJE5ldHJ1c3QgVGVzdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMTEZMBcGA1UECxMQTmV0cnVzdCBUZXN0IENBMTEOMAwGA1UEAxMFQ1JMMTAwMqAwoC6GLGh0dHA6Ly90ZXN0Y29ubmVjdG9yLm5ldHJ1c3QubmV0L25ldHJ1c3QuY3JsMB8GA1UdIwQYMBaAFPeDjjNHRaMnlVr9oEBvALV1456BMB0GA1UdDgQWBBSN0OEUCH3vYuIWnQd+N7ABu6KomjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgMoMA0GCSqGSIb3DQEBBQUAA4IBAQCQ79zRqGdDBeSuJx9z+GgnVw2JNSO0O0BNrmxQqcd3qHagFuk9QnNw9kpAqwxixPCvdwzLAiBjbdlN52cabyTdHKbk+YD0/t6y3/Gu2G5cLvSgiXsIdX1op+0zNsvT07XSLINoAuqWmBfSX0k5m0ajlQ2aQ63MaHLXxsKMt+eVzZcrpvH6Njr/lJmx9u+rUqgzOUu6OoHRG26TQ7P4WwEubJF1ctebM0zze4dPDKolnwbtUBVSvZSQI9bHXsBmxRngHM+S9DDLjNXt4lpwaWdHoRXp1ZRljUmkU9aHyW0GhM95wtsp2VMEe46uBDyyTHvlMrEh1A5rFrUt1F8p4Bv4</wsse:BinarySecurityToken><ds:Signature
Id="Signature-6301159" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-21471211">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>kBoY7azVy7lGu+mODDcGlpIzeIQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-21762307">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>ngT+UYRsOHX92EIS1/TXq8dgrIM=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-15799300">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>r4ZL95V4Apg84D+SrRBWUgOjftc=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-22618484">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>CzrAq/f0oSP8PBMkQ6cNe5/KkQw=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#id-10703525">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>JT1wkPEimT8L9tFWX/gQ17PxqoU=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-4729123">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>0LcScoyqJxsxRoyfeodMJ1Aod/E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
qDPg64mXTLFkctAKXRPdxyS1kVcdl+aYe3UeiJaNrcv1ifxh/Pa6R77tpfzoqo6uNuR88Uol8A/Z
fRJdD6HGAI4tQQBBYDQNR/KwJOvDJwEC8qgBqvvpNs2f2ocr8DishMOaUlNicrT4X8xpUuqr+S28
+WscFyafCkvHgNlvi4o=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-22743805">
<wsse:SecurityTokenReference wsu:Id="STRId-13665843"><wsse:Reference
URI="#CertId-12737140"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature><wsu:Timestamp
wsu:Id="Timestamp-4729123"><wsu:Created>2008-07-08T08:00:31.512Z</wsu:Created><wsu:Expires>2008-07-08T08:10:31.512Z</wsu:Expires></wsu:Timestamp></wsse:Security><wsa:Action
soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next";
soapenv:mustUnderstand="0"
wsu:Id="id-21471211">http://EMRX.Orchestration.ServiceInterchangeEngine/RequestAdapter/InitiateService</wsa:Action><wsa:MessageID
soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next";
soapenv:mustUnderstand="0"
wsu:Id="id-21762307">uuid:ff494257-2921-47d4-9c02-f3c2722c8775</wsa:MessageID><wsa:ReplyTo
soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next";
soapenv:mustUnderstand="0"
wsu:Id="id-15799300"><wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address></wsa:ReplyTo><wsa:To
soapenv:actor="http://schemas.xmlsoap.org/soap/actor/next";
soapenv:mustUnderstand="0"
wsu:Id="id-22618484">http://extranet.msb-uat.moh.gov.sg:16001/MEDINET_BIZTALK/EMRX_WEBSERVICE/SERVICEINTERCHANGEENGINE2004S/RequestAdapter.asmx</wsa:To></soapenv:Header><soapenv:Body
wsu:Id="id-10703525"><InitiateService
xmlns="http://EMRX.Orchestration.ServiceInterchangeEngine/";
xmlns:ns1="http://EMRX.Orchestration.ServiceInterchangeEngine/";>
<EMRXRequestResponseMessage
xmlns="http://EMRX.Orchestration.ServiceInterchangeEngine.Schemas.EMRXRequestResponseMessage";
xmlns:ns2="http://EMRX.Orchestration.ServiceInterchangeEngine.Schemas.EMRXRequestResponseMessage";>
<ServiceAuditID>61c545c8-98b2-435d-ac5a-6d5b2a2a3754</ServiceAuditID>
<ServiceRequesterID>66</ServiceRequesterID>
<ServiceProviderID>13</ServiceProviderID>
<ServiceID>9D72C4AF-2ADD-4F1D-8E41-3BACFB7DB001</ServiceID>
<ServiceVersion>1.0</ServiceVersion>
<MessageContent><NewDataSet>
<RequestInputs>
<Patient_HRN_No>602006000113Z</Patient_HRN_No>
<Submission_Date>3/26/2008 5:29:00 AM</Submission_Date>
</RequestInputs>
</NewDataSet></MessageContent>
<MessageTimeStamp>6/5/2008 1:54:46 PM</MessageTimeStamp>
</EMRXRequestResponseMessage>
</InitiateService></soapenv:Body></soapenv:Envelope>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
