Can't Verify a SOAP message

I have a problem in verifying a SOAP message that I have created my self, after signing the message and then convert it to string, I try to verify it, but it returns false each time, but when I use the Document after siging it without converting it to a string , it works, I really need some one to tell me why is it doing this here is the code for both cases
- Converting Document to String before verifying sugnature
signature.sign(dsc);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
StringWriter signedXMl = new StringWriter();
trans.transform(new DOMSource(docElement), new StreamResult(signedXMl));
String tempstr = signedXMl.toString();
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
NodeList nl = null;
DocumentBuilder builder = dbf.newDocumentBuilder();
Document doc = builder.parse(new InputSource(new StringReader(inXML)));
nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0)
                    System.out.println("In main: ERROR - Cannot find Signature element");
validateElement(nl.item(0),kp);---------------------------------------------------------------------------------------------
- Using the same Document element used in Signing for verification
signature.sign(dsc);
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
validateElement(nl.item(0),kp);----------------------------------------------
both use validateElement function
private static void validateElement(Node signElement,KeyPair kp) {
                 DOMValidateContext valContext = new DOMValidateContext(kp.getPublic(), signElement);
          String providerName = System.getProperty("jsr105Provider","org.jcp.xml.dsig.internal.dom.XMLDSigRI");
          XMLSignatureFactory factory = null;
          XMLSignature signature = null;
          try
               factory = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
               signature = factory.unmarshalXMLSignature(valContext);
               boolean coreValidity = signature.validate(valContext);
               String kiki = null;
               boolean sv = signature.getSignatureValue().validate(valContext);
               //System.out.println("signature validation status: " sv);
               Iterator i = signature.getSignedInfo().getReferences().iterator();
               for (int j=0; i.hasNext(); j++)
                    boolean refValid = ((Reference) i.next()).validate(valContext);
                    String koko = null;
          } catch (Exception e)
               String koko = null;
I really apreciate any input, I don't know what to do

There is no such system as Windows 7 Vista SP2. Either you have Windows 7 or Windows Vista. If your system is Vista, then sending video messages is not available. This feature is only present on Windows 7 and higher systems.

Similar Messages

Can I create a SOAP message object from a string?

can i create a soap message object in saaj with a string containing soap xml?
I know messageFactory has a constructor that
public abstract SOAPMessage createMessage(MimeHeaders headers, InputStream in)
does anyone know how to use this? Specifically transform a SOAP message in string format to something i could pass this constructor.
Is there a better way to do this?
I'm not EVER going to use apache's tomcat or GLUE or anyting and need to send a soap message from a client to a server via SOAP. I need to be able to transfer a String SOAP document to something i can search for elements with.

sorry for being critical but the tutorial you just linked to is for the most part USELESS. it doesnt deal with Java just what a SOAP message looks like. yeah, i get it, its like xml. now how do i do what i want to with saaj?
something like
String sm;
sm = in.readLine(); //gives me a whole SOAP document (pretend)
sm--->>>MAGIC------>>>>>MIMEHeaders headers & InputStream sm_in
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage message = factory.createMessage(headers, sm_in);
SOAPBody soapBody = message.getSOAPBody();
Name bodyName = factory.createName("YUP","m","http://theinternet/YUP");
Iterator iterator = soapBody.getChildElements(bodyName);
SOAPBodyElement bodyElement = (SOAPBodyElement)iterator.next();
String yup = bodyElement.getValue();
System.out.println("YUP element of the SOAP document is " + yup);what is the MAGIC in the above code?

HT204053 Can't verify AppleID for Messages (Mountain Lion app) because it's not a real email.

My AppleID (an @mac.com address) is listed as a primary email address under my AppleID Account page, but does not receive email, of course. When I check it in the AppleID account page, there is no way to decouple it so Apple stops seeing it as a bonafide "email" address and asking to verify
When setting up Messages for the first time with the new OSX Mountain release, it asks to verify the AppleID, but gets caught in a loop since there is no real "email" to check at that address.
The error message received

.mac addresses are email addresses, why can't you receive yours? have you been to www.icloud.com and tried to login with it? did you migrate the account from Mobile Me to iCloud?

How to send a signed SOAP message with additional HTTP Header fields

Our Partner's integration requirements are that we send them asynchronous SOAP messages, that are digitally signed, and whose HTTP headers contains 5 or 6 additional header fields, of which 3 or 4 will need to be dynamically set during the message mapping. I believe we can use the HTTP adapter for adding new fields to the HTTP header, but don't believe it supports signing. I believe that the SOAP adapter supports signing, but I'm not clear on how to use it to add fields to the HTTP header. What is the most straight-forward way to achieve both the signing of the message and the addition of the HTTP header values?
Thanks,
Kurt

>>>What is the most straight-forward way to achieve both the signing of the message and the addition of the HTTP header values?
Use Java mapping for both.
1) Signing the message
You can digitally sign the soap message using many standard api like WSS4j? or refer Java XML signature API which comes in Jdk1.6.
Refer these links
WSS4J - http://ws.apache.org/wss4j/axis.html
Java XML signature : http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/
2) >>whose HTTP headers contains 5 or 6 additional header fields, of which 3 or 4 will need to be dynamically set during the message mapping
Use Dynamic configuration API to set the additional header fields during message mapping.

SOAP messages not visible in RWB - Message Monitoring - Adapter Engine

Hi,
following scenario:
ERP is sending IDocs to PI.
Within PI an integration process sends the IDoc data through a SOAP (WS) receiver channel to a system far far away.
In RWB -> Communication Channel Monitoring I can see all delivered messages selecting my SOAP channel.
But:
I can´t see the SOAP messages in RWB -> Message Monitoring -> Messages of Adapter Engine.
In RWB -> Message Monitoring -> Messages of Integration Engine I only see SOAP messages with status "Error".
Successful column is empty.
Do I have to adjust some system / monitoring parameters also seeing SOAP messages in RWB->Message Monitoring?
Thanks in advance,
André

Hi Ravi,
thanks.
But there are thousands of successful messages delivered to the receiver.
These successful messages can only be seen in the Channel Monitoring.
I can´t find these successful messages in Message Monitoring.
Only some with status "Error" are displayed.
Strange...
Cheers,
André

ADF Web Services 11g - how to change SOAP message

Hey,
Can I affect on SOAP structure?
When we call web service, next soap message is generated:
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://hr/crosig/ws/osigurateljnidokument/OsigurateljniDokument.wsdl"; xmlns:ns1="http://hr/crosig/ws/osigurateljnidokument/OsigurateljniDokument.wsdl/types/"; xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance">
<env:Header/>
<env:Body>
<ns:unos>
<ppol>
<ns1:kratkiopis/>
<ns1:premijado/>
<ns1:sifraklauzule/>
<ns1:datumpocetka/>
</ppol>
<res_out>
<ns1:kratkiopis ns2:nil="true"/>
<ns1:premijado ns2:nil="true"/>
<ns1:sifraklauzule ns2:nil="true"/>
<ns1:datumpocetka ns2:nil="true"/>
<ns1:vinkulacije ns2:nil="true"/>
</res_out>
</ns:unos>
</env:Body>
</env:Envelope>
and we get next error:
<?xml version = '1.0' encoding = 'UTF-8'?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>BEA-380001: Internal Server Error</faultstring>
<detail>
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
<con:errorCode>BEA-380001</con:errorCode>
<con:reason>Internal Server Error</con:reason>
<con:location>
<con:node>RouteNode1</con:node>
<con:path>response-pipeline</con:path>
</con:location>
</con:fault>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
We send next SOAP message and then everything works fine (just removed ns1):
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://hr/crosig/ws/osigurateljnidokument/OsigurateljniDokument.wsdl"; xmlns:ns1="http://hr/crosig/ws/osigurateljnidokument/OsigurateljniDokument.wsdl/types/"; xmlns:ns2="http://www.w3.org/2001/XMLSchema-instance">
<env:Header/>
<env:Body>
<ns:unos>
<ppol>
<kratkiopis/>
<premijado/>
<sifraklauzule/>
<datumpocetka/>
</ppol>
<res_out>
<kratkiopis ns2:nil="true"/>
<premijado ns2:nil="true"/>
<sifraklauzule ns2:nil="true"/>
<datumpocetka ns2:nil="true"/>
<vinkulacije ns2:nil="true"/>
</res_out>
</ns:unos>
</env:Body>
</env:Envelope>
But I don't know how can we affect on SOAP message? I don't see any parameter or something what can I set to change SOAP message...
Tnx.

And when we call web service from proxy classes, then different SOAP message was sent , and that SOAP message is ok, too:
<?xml version = '1.0' encoding = 'UTF-8'?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns3:unos xmlns:ns3="http://hr/crosig/ws/osigurateljnidokument/OsigurateljniDokument.wsdl" xmlns:ns2="http://hr/crosig/ws/osigurateljnidokument/OsigurateljniDokument.wsdl/types/">
<ppol>
<ns2:kratkiopis xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
<ns2:premijado xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
<ns2:sifraklauzule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
<ns2:datumpocetka xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
<res_out>
<ns2:kratkiopis xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
<ns2:premijado xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
<ns2:sifraklauzule xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
<ns2:datumpocetka xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
</res_out>
</ns3:unos>
</S:Body>
</S:Envelope>

Modify SOAP message

Is there any tool which can help me to modify the SOAP response before sending back to the client. I have used tools like tcpmon which just shows the traffic, but I can't modify the message with this.
Thanks
Sanat

forumKid2 wrote:
user575089 wrote:
Can a JAX-WS handler alter SOAP message ? In other words, can we modify the SOAP message using JAX-WS handler ?
Yes.
Thanks

Safari keeps dropping down this error message when ever i try to log on to any website safai can't verify the identity of the website ( e.g.. any address ) and the drop down has three choices to click on or else you can't go foward., they are check certif

Safari keeps dropping down this error message when ever i try to log on to any website safai can't verify the identity of the website ( e.g.. any address ) and the drop down has three choices to click on or else you can't go foward., they are check certificate ______ cancel ______ continue.... This thing is so annoying when trying to go somewhere i just want the error message to go away.

In your Keychain under 'login' delete the VeriSign certificates and then quit and restart all browsers/itunes/app store.
http://apple.stackexchange.com/questions/180570/invalid-certificate-after-securi ty-update-2015-004-in-mavericks

OWSM SAML Verify step problem: Missing Security Header in SOAP message

I'm having a problem with SAML steps. From gateway log:
2008-09-17 13:21:32,987 INFO [HTTPThreadGroup-58] saml.InsertSAMLSVStep - User attributes map set to generate the attribute assertions: null
2008-09-17 13:21:33,034 INFO [HTTPThreadGroup-60] saml.SAMLProcessor - Assertion Major Version :1 , Minor Version :1
2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.SAMLProcessor - SAML Assertion verification error: An invalid token was provided
2008-09-17 13:21:33,034 WARNING [HTTPThreadGroup-60] saml.VerifySAMLStep - SAML Token verification failed:
2008-09-17 13:21:33,096 SEVERE [HTTPThreadGroup-58] wssecurity.OSDTWSSecurity - Missing Security Header in SOAP message
2008-09-17 13:21:33,096 WARNING [HTTPThreadGroup-58] wssecurity.SecurityBaseStep - Failure while applying XML Security
FAULT CODE: InvalidSecurity FAULT MESSAGE: Missing WS Security header in the SOAP message
at com.cfluent.policysteps.security.wssecurity.OSDTWSSecurity.decryptVerify(OSDTWSSecurity.java:369)
at com.cfluent.policysteps.security.wssecurity.DecryptStep.performXmlSecurity(DecryptStep.java:131)
at com.cfluent.policysteps.security.wssecurity.SecurityBaseStep.execute(SecurityBaseStep.java:238)
at com.cfluent.pipelineengine.container.DefaultPipeline.executeStep(DefaultPipeline.java:124)
but the wsse:Security header with SAML assertion IS confirmed in the incoming message log. Anybody seen this issue?

Below is the log of the incoming message just prior to the failing SAML Verify step:
<?xml version="1.0" encoding="UTF-8" ?>
- <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://exception.common.periop.gehc.com" xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ns2="http://www.patient.patientmanager.periop.gehc.com/service/" xmlns:ns3="http://entity.common.periop.gehc.com" xmlns:ns4="http://entity.patient.patientmanager.periop.gehc.com" xmlns:ns5="http://entity.allergy.patientmanager.periop.gehc.com" xmlns:ns6="http://pdo.domain.customizer.periop.gehc.com" xmlns:ns7="http://entity.cases.scheduler.periop.gehc.com" xmlns:ns8="http://entity.insurance.patientmanager.periop.gehc.com">
- <env:Header>
- <ns1:Security>
- <saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="158RBY2QvCFPiTqdXYWh9A22" IssueInstant="2008-09-17T19:58:43Z" Issuer="GE" xmlns="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2008-09-17T19:58:13Z" NotOnOrAfter="2008-09-17T19:59:43Z" />
- <saml:AuthenticationStatement AuthenticationInstant="2008-09-17T19:58:43Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
- <saml:Subject>
<saml:NameIdentifier NameQualifier="www.ge.com" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">gowri</saml:NameIdentifier>
- <saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
</ns1:Security>
</env:Header>
- <env:Body>
- <ns2:getPatient>
<ns2:patientId>137115</ns2:patientId>
</ns2:getPatient>
</env:Body>
</env:Envelope>

TS4268 my daughter's email can not be verified on Itouch messages bc it says "can not be verifed bc the email is already in use" does anyone know what the solution is?

my daughter's email can not be verified on Itouch messages bc it says "can not be verifed bc the email is already in use" does anyone know what the solution is?

Maybe:
iOS: FaceTime is 'Unable to verify email because it is in use'
iOS 5: iMessage not working – how to fix - Apple Toolbox

How can make java servlet sent soap message to other java web application

hello,
i want to make simple servlet send soap message to other java web application containing web service????
for example
web application " A " contain web service add two number
java servlet " B " send soap message contain num1 and num2 to A to add them.
how can do this????

I tried that but my problem is that the code is so old. At least what I saw. I don't know how old is too old and I'm trying to do things "right." I saw code from 1998, but I don't know if that's still what you do. It might still work, but that doesn't mean it's correct. There's so much out there on Java that so old that half the time I'm not sure what to do because some other technology in J2EE or the latest Java SDK might have come up with a new way to do things. Thanks.

I can't download mountain lion, I get the following message "could not complete your purchase, can't verify the file, it may be damaged or unsigned" ? what do i have to do ?

I can't download mountain lion, I get the following message "could not complete your purchase, can't verify the file, it may be damaged or unsigned" ? what do i have to do ?

The only thing that worked for me was to boot in safe mode.
Power down. Then press power button and hold 'shift' key until grey screen with progress bar appears... Once booted and logged in just open safari and browse to applestore.
No trouble at all once I did this.
Reminder: create full backup before you upgrade OS
Hope it helps.

Settings tells me it can't verify my email see email for message how to set but I get no email

I get a message "photo stream cannot find iCloud account iCloud" there are buttons for "ignore" if I choose that it sometimes just brings up the error message again and crashes the app I'm in. Other button says "go to settings" if I choose that settings says it cannot verify my email and says a message has been sent to my email on how to set up iCloud. But I never get the email. In the Apple account site it shows my secondary email is verified but I can't verify my main email it won't send me the vermiform message. What to do?

Where are the attachments stored, locally (on your computer) or on the Web (Flickr, for example) ??

XMLSignature.validate - can it handle SOAP Message

hi,
can we verify a xml file where the xml signature has a certificate with the public key for verification
import weblogic.webservice.core.soap.XMLSignature;
FileInputStream fis = new FileInputStream("c:\\my.xml");
res = XMLSignature.validate(fis);
======== this is xml ==========
<Infringements><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>Ibk/s94reaUTFYU6mwV0isxj6es=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
GRPQiCi+OSEx/ARw14uK+2GeIQQVDaXsUQWTxqMNp+qt3nGE7G7gkOxAU6k85rMplQ0KCliAJSO+
U5UJgTHE7ltqe2B+N0d16xNJAQYJqtilpGTmHFT63SvRqJIXJ8nqNxxRLcMOFSDSJ9uQ4svXZm1d
0LUT39+4x1KD2eL0c6c=
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIC3zCCApWgAwIBAgIERCsMuTAJBgcqhkjOPQQBMB4xCzAJBgNVBAoTAkNBMQ8wDQYDVQQLEwZy
b290Y2EwHhcNMDYwNzI1MjMwNDAwWhcNMDkwNzI1MjMzNDAwWjBDMQ8wDQYDVQQKEwZDT1VSVFMx
EDAOBgNVBAsTB0NFTlRSQUwxDTALBgNVBAsTBFdHVE4xDzANBgNVBAMTBlJFTkRFRTCBoDANBgkq
hkiG9w0BAQEFAAOBjgAwgYoCgYEAtobxvMc6NXHiyAEGc9F2vybRXG7+W2yEgW3jrPyGX/iY0Q+l
NZSdUtzwGHMMmOMZQeydQGaGrcv6aWaj/Ropnh93IwurJfyQ8KKnTHV3Psc/2ka1lgJie+Vz53iY
kRSnYTtWd/Q0p7kp8qu4FW7FBJ/ko8d3I6DvebwpJ9hi6TUCBACUm82jggFTMIIBTzALBgNVHQ8E
BAMCB4AwKwYDVR0QBCQwIoAPMjAwNjA3MjUyMzA0MDBagQ8yMDA4MDgzMTAzMzQwMFowIgYDVR0R
BBswGYEXRGVlLlJlbkBqdXN0aWNlLmdvdnQubnowgYgGA1UdHwSBgDB+MDWgM6AxpC8wLTELMAkG
A1UEChMCQ0ExDzANBgNVBAsTBnJvb3RjYTENMAsGA1UEAxMEQ1JMMTBFoEOgQYY/bGRhcDovLzEw
LjE3Ni4xLjEvb3U9cm9vdGNhLG89Q0E/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlMB8G
A1UdIwQYMBaAFAYzTcM4Vtn7ikDcuLwITTKFYDJJMB0GA1UdDgQWBBR67rXz6zLs4M6HgC/TUr+S
uFlkxDAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgSwMAkGByqGSM49BAEDOQAw
NgIZAL/CPVyvKJ3XoueG2TzEQj4mDPPOqt25AQIZAL+wwlrjsngEQO2BW4pusMexLkT1E1WQmw==
</X509Certificate>
</X509Data>
<KeyValue>
<RSAKeyValue>
<Modulus>
tobxvMc6NXHiyAEGc9F2vybRXG7+W2yEgW3jrPyGX/iY0Q+lNZSdUtzwGHMMmOMZQeydQGaGrcv6
aWaj/Ropnh93IwurJfyQ8KKnTHV3Psc/2ka1lgJie+Vz53iYkRSnYTtWd/Q0p7kp8qu4FW7FBJ/k
o8d3I6DvebwpJ9hi6TU=
</Modulus>
<Exponent>lJvN</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature></Infringements>
Any help will be appreiciated.
I tried and it fails with weblogic.webservice.core.soap.XMLSignatureInvalidException: Signature invalid: 0 length SecurityAssersion

http://blogs.oracle.com/reynolds/2007/05/17
soap 1.2 uses different headers..so guess thats where the esb gets stuck

Signing a soap message seems to not work in jwsdp14

I'm trying to sign a soap message according to the latest oasis specifications (http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf) using the libraries provided with jwsdp14 (mainly xmlsec.jar).
As far as I know, there is not yet documention/example about this specific issue.
The following is the code I have to sign a soap message: it seems to work fine because the signed soap message respects the above specifications... but what I notice is that the digest and the signature values it contains are always the same, I mean: if i change the source soap message, the signed soap message in output is always the same!
Any clue??
import com.sun.org.apache.xml.security.Init;
import com.sun.org.apache.xml.security.signature.XMLSignature;
import com.sun.org.apache.xml.security.transforms.Transforms;
import com.sun.org.apache.xml.security.utils.Constants;
import com.sun.xml.wss.*;
import com.sun.xml.wss.reference.DirectReference;
import org.w3c.dom.Document;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPBody;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
public class Main {
public static void main(String[] args) {
// The file from which we will load the sample SOAP message
String fileName = "F:\\SampleSoapMessage.xml";
// Store the WSSE signed message here
String signatureFileName = "F:\\SignedSampleSoapMessage.xml";
try {
// Initialize the apache libraries
Init.init();
// Obtain security elements from the keystore
PrivateKey privateKey = MySecurityUtils.getPrivateKey();
X509Certificate cert = MySecurityUtils.getCertificate();
// Obtain a sample SOAPMessage from a file
FileInputStream fis = new FileInputStream(new File(fileName));
Document doc = XMLUtil.toDOMDocument(fis);
SOAPMessage message = MyFileUtils.getMessageFromFile(doc);
SOAPHeader header = message.getSOAPHeader();
SOAPBody body = message.getSOAPBody();
// Set the wsu:Id attribute to the Body
XMLUtil.setWsuIdAttr(body, "MyId");
// Create a WSSE context for the SOAP message
SecurableSoapMessage sssm = new SecurableSoapMessage(message);
// Create a security header for the message (<wsse:Security>)
SecurityHeader sh = sssm.findOrCreateSecurityHeader();
// Insert the certificate (<wsse:BinarySecurityToken>)
X509SecurityToken stoken = new X509SecurityToken(header.getOwnerDocument(), cert, "X509TokenRef");
sh.insertHeaderBlock(stoken);
// Insert the keyinfo referring to the certificate (<ds:KeyInfo>)
KeyInfoHeaderBlock kihb = new KeyInfoHeaderBlock(header.getOwnerDocument());
SecurityTokenReference secTR = new SecurityTokenReference(header.getOwnerDocument());
DirectReference dirRef = new DirectReference();
dirRef.setURI("#X509TokenRef");
secTR.setReference(dirRef);
kihb.addSecurityTokenReference(secTR);
//sh.insertHeaderBlock(kihb);
// Insert the Signature block (<ds:Signature>)
SignatureHeaderBlock shb = new SignatureHeaderBlock(header.getOwnerDocument(), XMLSignature.ALGO_ID_SIGNATURE_RSA);
Transforms transforms = new Transforms(header.getOwnerDocument());
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
shb.addSignedInfoReference("#MyId", transforms, Constants.ALGO_ID_DIGEST_SHA1);
shb.addChildElement(kihb.getAsSoapElement());
sh.insertHeaderBlock(shb);
// Digest all References (#MyId) in the SignedInfo, calculate the signature value
// and set it in the SignatureValue Element
shb.sign(privateKey);
// Add the signature data to the header element
header.addChildElement(sh.getAsSoapElement());
// Save the signed SOAP message
FileOutputStream fos = new FileOutputStream(new File(signatureFileName));
message.writeTo(fos);
message.writeTo(System.out);
} catch (Exception exc) {
exc.printStackTrace();
System.out.println("An error has occurred : " + exc.toString());
PS: Classes MySecurityUtils and MyFileUtils are not included since they have nothing interesting.
The sample input sopa message is:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<Intestazione>
</Intestazione>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
and the output signed sample message is:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header>
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#MyId">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
YdKNSPWnx630AYeZ6AXVco1b0RMo8C3WWbziq7C009gg4nhknEZmH0ds78y328SgAlAAVR6Swwok
HE3OWgL8TZ1Ks0IimmmDd8/XIb2KlfiqnUNtTjGjUn9FLQEv/CMbmrCr7EO9rf/N+0cyAyGzrKo5
ieEQhtZy9uZAKh2mrmM=
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#X509TokenRef"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo></ds:Signature><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="X509TokenRef">MIIDITCCAsugAwIBAgIQIdu5EMFuQntM5IBOMeFcETANBgkqhkiG9w0BAQUFADCBqTEWMBQGA1UE
ChMNVmVyaVNpZ24sIEluYzFHMEUGA1UECxM+d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1Rl
c3RDUFMgSW5jb3JwLiBCeSBSZWYuIExpYWIuIExURC4xRjBEBgNVBAsTPUZvciBWZXJpU2lnbiBh
dXRob3JpemVkIHRlc3Rpbmcgb25seS4gTm8gYXNzdXJhbmNlcyAoQylWUzE5OTcwHhcNMDQwODA1
MDAwMDAwWhcNMDQwODE5MjM1OTU5WjBhMQswCQYDVQQGEwJJVDENMAsGA1UECBMEUk9NQTENMAsG
A1UEBxQEcm9tYTEOMAwGA1UEChQFaXNzcGExDjAMBgNVBAsUBWNoaWVmMRQwEgYDVQQDFAt3d3cu
dGVzdC5pdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtIsomDk9VthgMorPmG0dAwqLtTBi
U69liwopwrnAbtzIiO56R9yh4tXvG9+QWtEFRcDHVwWi9YdaHQFCvjymnNYDUHkpJsWp11nIAfOA
k+d9v1YDje4S6oba7tsIJSEkUu7LQ888Q3cGt/KUaEu6b0lZJ5zY9slK0onUPeTB3e8CAwEAAaOB
0TCBzjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3Js
LnZlcmlzaWduLmNvbS9TZWN1cmVTZXJ2ZXJUZXN0aW5nQ0EuY3JsMFEGA1UdIARKMEgwRgYKYIZI
AYb4RQEHFTA4MDYGCCsGAQUFBwIBFipodHRwOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5
L1Rlc3RDUFMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA0EA
Y66OqTOpHcpNUPlD4A38s8bPIIjrf+C+Wv08lUj+DGN5pm+gBWdbWEGaQmqU8fPPtGrQnHz2NAUr
ZmLaEw/qKw==</wsse:BinarySecurityToken></wsse:Security></SOAP-ENV:Header>
<SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="MyId">
<aTag>
<aChild>a value</aChild>
</aTag>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
NOTE: Check the value of <ds:SignatureValue> and <ds:DigestValue>: they never change even if I change the body of the source message.

Quoting Farrukh's reply to this question on java.net -
I can share some examples of how I have used JWSDP 1.4 and XML DSIG API to sign and verify a "standalone" soap message with and without mime attachments.
Please see the following Utility class written for the freebXML Registry project [1] for an example of how to do what you seek:
http://cvs.sourceforge.net/viewcvs.py/ebxmlrr/omar/src/java/org/freebxml/omar/common/security/SecurityUtil.java?view=markup
See methods signSOAPMessage(...), signPayload(...), verifySOAPMessage(...) and verifyPayloadSignature(...)
What you are trying to do is definitely doable and has been done with JWSDP 1.4. In my experience XML DSIG API met my needs very well.
Best of luck.
[1] freebXML Registry Project:
http://ebxmlrr.sourceforge.net
---------------------------------------------------------------------------------

Can't Verify a SOAP message

Similar Messages

Maybe you are looking for