axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@apache.org
Subject cvs commit: xml-axis/java/samples/security ClientSigningHandler.java SignedSOAPEnvelope.java
Date Wed, 13 Feb 2002 15:21:16 GMT
dims        02/02/13 07:21:16

  Modified:    java/samples/security ClientSigningHandler.java
                        SignedSOAPEnvelope.java
  Log:
  Fix for "Weird serialization behavior in Client side handler" problem using transparent
Signing and Verification.
  
  Revision  Changes    Path
  1.3       +15 -32    xml-axis/java/samples/security/ClientSigningHandler.java
  
  Index: ClientSigningHandler.java
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/samples/security/ClientSigningHandler.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ClientSigningHandler.java	23 Jan 2002 14:00:28 -0000	1.2
  +++ ClientSigningHandler.java	13 Feb 2002 15:21:16 -0000	1.3
  @@ -57,61 +57,44 @@
   
   import org.apache.axis.AxisFault;
   import org.apache.axis.Handler;
  -import org.apache.axis.MessageContext;
  -import org.apache.axis.handlers.BasicHandler;
  -import org.apache.axis.AxisFault;
   import org.apache.axis.Message;
   import org.apache.axis.MessageContext;
  +import org.apache.axis.handlers.BasicHandler;
   import org.apache.axis.message.SOAPEnvelope;
  -import org.apache.axis.utils.JavaUtils;
   import org.apache.log4j.Category;
  -import org.apache.xml.security.signature.XMLSignature;
  -import org.apache.xml.security.utils.Constants;
  -import org.apache.xpath.CachedXPathAPI;
  -
  -import org.w3c.dom.Document;
  -import org.w3c.dom.Element;
  -
  -import java.io.FileWriter;
  -import java.io.PrintWriter;
  -import java.io.FileOutputStream;
  -import java.io.PrintWriter;
  -import java.util.Date;
   
   public class ClientSigningHandler extends BasicHandler {
       static Category category =
               Category.getInstance(ClientSigningHandler.class.getName());
   
  -    public void invoke(MessageContext msgContext) throws AxisFault
  -    {
  +    public void invoke(MessageContext msgContext) throws AxisFault {
           /** Sign the SOAPEnvelope
            */
           try {
               Handler serviceHandler = msgContext.getServiceHandler();
  -            String filename = (String)getOption("keystore");
  +            String filename = (String) getOption("keystore");
               if ((filename == null) || (filename.equals("")))
                   throw new AxisFault("Server.NoKeyStoreFile",
  -                                 "No KeyStore file configured for the ClientSigningHandler!",
  -                                    null, null);
  -			Message requestMessage = msgContext.getRequestMessage();
  -			SOAPEnvelope unsignedEnvelope = requestMessage.getSOAPEnvelope();
  -			// need to correctly compute baseuri
  -			SignedSOAPEnvelope signedEnvelope = new SignedSOAPEnvelope(unsignedEnvelope,"http://xml-security",filename);
  -			requestMessage = new Message(signedEnvelope);
  -			msgContext.setCurrentMessage(requestMessage);
  +                        "No KeyStore file configured for the ClientSigningHandler!",
  +                        null, null);
  +            Message requestMessage = msgContext.getRequestMessage();
  +            SOAPEnvelope unsignedEnvelope = requestMessage.getSOAPEnvelope();
  +            // need to correctly compute baseuri
  +            SignedSOAPEnvelope signedEnvelope = new SignedSOAPEnvelope(msgContext, unsignedEnvelope,
"http://xml-security", filename);
  +            requestMessage = new Message(signedEnvelope);
  +            msgContext.setCurrentMessage(requestMessage);
               // and then pass on to next handler
               //requestMessage.getSOAPPart().writeTo(System.out);
           } catch (Exception e) {
               throw AxisFault.makeFault(e);
  -		}
  +        }
       }
   
  -    public void undo(MessageContext msgContext)
  -    {
  +    public void undo(MessageContext msgContext) {
           try {
               // probably needs to fault.
  -        } catch( Exception e ) {
  -            category.error( e );
  +        } catch (Exception e) {
  +            category.error(e);
           }
       }
   }
  
  
  
  1.6       +60 -43    xml-axis/java/samples/security/SignedSOAPEnvelope.java
  
  Index: SignedSOAPEnvelope.java
  ===================================================================
  RCS file: /home/cvs/xml-axis/java/samples/security/SignedSOAPEnvelope.java,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- SignedSOAPEnvelope.java	27 Jan 2002 03:42:02 -0000	1.5
  +++ SignedSOAPEnvelope.java	13 Feb 2002 15:21:16 -0000	1.6
  @@ -55,34 +55,34 @@
   
   package samples.security;
   
  -import org.apache.axis.client.Call;
  -import org.apache.axis.client.Service;
  -import org.apache.axis.utils.Options;
  -
  -import java.io.*;
  -import java.security.cert.X509Certificate;
  -import java.security.KeyStore;
  -import java.security.PrivateKey;
  -
  -import org.apache.axis.*;
  +import org.apache.axis.Constants;
  +import org.apache.axis.Message;
  +import org.apache.axis.MessageContext;
  +import org.apache.axis.client.AxisClient;
   import org.apache.axis.configuration.NullProvider;
   import org.apache.axis.encoding.DeserializationContextImpl;
  +import org.apache.axis.encoding.SerializationContext;
  +import org.apache.axis.encoding.SerializationContextImpl;
   import org.apache.axis.message.SOAPEnvelope;
  -import org.apache.axis.message.SOAPBodyElement;
  -import org.apache.axis.message.MessageElement;
   import org.apache.axis.message.SOAPHeader;
  -import org.apache.axis.client.ServiceClient;
  -import org.apache.axis.client.AxisClient;
  -import org.apache.axis.transport.http.HTTPTransport ;
  -import org.apache.axis.utils.*;
  -import org.apache.xml.security.signature.XMLSignature;
  +import org.apache.axis.utils.JavaUtils;
  +import org.apache.axis.utils.Mapping;
  +import org.apache.axis.utils.XMLUtils;
   import org.apache.xml.security.c14n.Canonicalizer;
  -import org.w3c.dom.Element;
  +import org.apache.xml.security.signature.XMLSignature;
   import org.w3c.dom.Document;
  +import org.w3c.dom.Element;
   import org.xml.sax.InputSource;
   
  -public class SignedSOAPEnvelope extends SOAPEnvelope
  -{
  +import java.io.FileInputStream;
  +import java.io.Reader;
  +import java.io.StringReader;
  +import java.io.StringWriter;
  +import java.security.KeyStore;
  +import java.security.PrivateKey;
  +import java.security.cert.X509Certificate;
  +
  +public class SignedSOAPEnvelope extends SOAPEnvelope {
       static String SOAPSECNS = "http://schemas.xmlsoap.org/soap/security/2000-12";
       static String SOAPSECprefix = "SOAP-SEC";
   
  @@ -92,30 +92,32 @@
       static String privateKeyAlias = "test";
       static String privateKeyPass = "xmlsecurity";
       static String certificateAlias = "test";
  +    private MessageContext msgContext;
   
       static {
           org.apache.xml.security.Init.init();
       }
   
  -    public SignedSOAPEnvelope (SOAPEnvelope env, String baseURI, String keystoreFile) {
  +    public SignedSOAPEnvelope(MessageContext msgContext, SOAPEnvelope env, String baseURI,
String keystoreFile) {
  +        this.msgContext = msgContext;
           init(env, baseURI, keystoreFile);
       }
   
  -    public SignedSOAPEnvelope (SOAPEnvelope env, String baseURI) {
  -            init(env, baseURI, keystoreFile);
  +    public SignedSOAPEnvelope(SOAPEnvelope env, String baseURI) {
  +        init(env, baseURI, keystoreFile);
       }
   
  -    private void init (SOAPEnvelope env, String baseURI, String keystoreFile) {
  +    private void init(SOAPEnvelope env, String baseURI, String keystoreFile) {
           try {
  -System.out.println("Beginning Client signing...");
  -            env.addMapping(new Mapping(SOAPSECNS,SOAPSECprefix));
  -            env.addAttribute(Constants.URI_SOAP_ENV,"actor","some-uri");
  -            env.addAttribute(Constants.URI_SOAP_ENV,"mustUnderstand","1");
  +            System.out.println("Beginning Client signing...");
  +            env.addMapping(new Mapping(SOAPSECNS, SOAPSECprefix));
  +            env.addAttribute(Constants.URI_SOAP_ENV, "actor", "some-uri");
  +            env.addAttribute(Constants.URI_SOAP_ENV, "mustUnderstand", "1");
   
  -            SOAPHeader header = new SOAPHeader(XMLUtils.StringToElement(SOAPSECNS,"Signature",
""));
  +            SOAPHeader header = new SOAPHeader(XMLUtils.StringToElement(SOAPSECNS, "Signature",
""));
               env.addHeader(header);
   
  -	    Document doc = env.getAsDocument();
  +            Document doc = getSOAPEnvelopeAsDocument(env, msgContext);
   
               KeyStore ks = KeyStore.getInstance(keystoreType);
               FileInputStream fis = new FileInputStream(keystoreFile);
  @@ -123,20 +125,20 @@
               ks.load(fis, keystorePass.toCharArray());
   
               PrivateKey privateKey = (PrivateKey) ks.getKey(privateKeyAlias,
  -                                       privateKeyPass.toCharArray());
  +                    privateKeyPass.toCharArray());
   
  -            Element soapHeaderElement = (Element)((Element)doc.getFirstChild()).getElementsByTagNameNS("*","Header").item(0);
  -            Element soapSignatureElement = (Element)soapHeaderElement.getElementsByTagNameNS("*","Signature").item(0);
  +            Element soapHeaderElement = (Element) ((Element) doc.getFirstChild()).getElementsByTagNameNS("*",
"Header").item(0);
  +            Element soapSignatureElement = (Element) soapHeaderElement.getElementsByTagNameNS("*",
"Signature").item(0);
   
               XMLSignature sig = new XMLSignature(doc, baseURI,
  -                                                XMLSignature.ALGO_ID_SIGNATURE_DSA);
  +                    XMLSignature.ALGO_ID_SIGNATURE_DSA);
   
               soapSignatureElement.appendChild(sig.getElement());
               sig.addDocument("#Body");
   
   
               X509Certificate cert =
  -                  (X509Certificate) ks.getCertificate(certificateAlias);
  +                    (X509Certificate) ks.getCertificate(certificateAlias);
   
   
               sig.addKeyInfo(cert);
  @@ -147,19 +149,34 @@
               byte[] canonicalMessage = c14n.canonicalizeDocument(doc);
   
               InputSource is = new InputSource(new java.io.ByteArrayInputStream(canonicalMessage));
  -            DeserializationContextImpl dser = null ;
  -            AxisClient     tmpEngine = new AxisClient(new NullProvider());
  -            MessageContext msgContext = new MessageContext(tmpEngine);
  +            DeserializationContextImpl dser = null;
  +            if (msgContext == null) {
  +                AxisClient tmpEngine = new AxisClient(new NullProvider());
  +                msgContext = new MessageContext(tmpEngine);
  +            }
               dser = new DeserializationContextImpl(is, msgContext,
  -                                              Message.REQUEST, this );
  +                    Message.REQUEST, this);
   
               dser.parse();
  -System.out.println("Client signing complete.");
  -        }
  -        catch( Exception e ) {
  +            System.out.println("Client signing complete.");
  +        } catch (Exception e) {
               e.printStackTrace();
  -            throw new RuntimeException( e.toString() );
  +            throw new RuntimeException(e.toString());
           }
       }
   
  +    private Document getSOAPEnvelopeAsDocument(SOAPEnvelope env, MessageContext msgContext)
  +            throws Exception {
  +        StringWriter writer = new StringWriter();
  +        SerializationContext serializeContext = new SerializationContextImpl(writer, msgContext);
  +        env.output(serializeContext);
  +        writer.close();
  +
  +        Reader reader = new StringReader(writer.getBuffer().toString());
  +        Document doc = XMLUtils.newDocument(new InputSource(reader));
  +        if (doc == null)
  +            throw new Exception(
  +                    JavaUtils.getMessage("noDoc00", writer.getBuffer().toString()));
  +        return doc;
  +    }
   }
  
  
  

Mime
View raw message