SignedSOAPEnvelope.java

/*
 * The Apache Software License, Version 1.1
 *
 *
 * Copyright (c) 2001-2003 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Axis" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact apache@apache.org.
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 */

package samples.security;

import org.apache.axis.Constants;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.client.AxisClient;
import org.apache.axis.configuration.NullProvider;
import org.apache.axis.encoding.SerializationContext;
import org.apache.axis.encoding.SerializationContext;
import org.apache.axis.encoding.DeserializationContext;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.message.SOAPHeaderElement;
import org.apache.axis.utils.Mapping;
import org.apache.axis.utils.Messages;
import org.apache.axis.utils.XMLUtils;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;

import java.io.FileInputStream;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;


public class SignedSOAPEnvelope extends SOAPEnvelope {
    static String SOAPSECNS = "http://schemas.xmlsoap.org/soap/security/2000-12";
    static String SOAPSECprefix = "SOAP-SEC";

    static String keystoreType = "JKS";
    static String keystoreFile = "keystore.jks";
    static String keystorePass = "xmlsecurity";
    static String privateKeyAlias = "test";
    static String privateKeyPass = "xmlsecurity";
    static String certificateAlias = "test";
    private MessageContext msgContext;

    static {
        org.apache.xml.security.Init.init();
    }

    public SignedSOAPEnvelope(MessageContext msgContext, SOAPEnvelope env, String baseURI, String keystoreFile) {
        this.msgContext = msgContext;
        init(env, baseURI, keystoreFile);
    }

    public SignedSOAPEnvelope(SOAPEnvelope env, String baseURI) {
        init(env, baseURI, keystoreFile);
    }

    private void init(SOAPEnvelope env, String baseURI, String keystoreFile) {
        try {
            System.out.println("Beginning Client signing...");
            env.addMapping(new Mapping(SOAPSECNS, SOAPSECprefix));
            env.addAttribute(Constants.URI_SOAP11_ENV, "actor", "some-uri");
            env.addAttribute(Constants.URI_SOAP11_ENV, "mustUnderstand", "1");

            SOAPHeaderElement header = 
                new SOAPHeaderElement(XMLUtils.StringToElement(SOAPSECNS,
                                                               "Signature",
                                                               ""));
            env.addHeader(header);

            Document doc = getSOAPEnvelopeAsDocument(env, msgContext);

            KeyStore ks = KeyStore.getInstance(keystoreType);
            FileInputStream fis = new FileInputStream(keystoreFile);

            ks.load(fis, keystorePass.toCharArray());

            PrivateKey privateKey = (PrivateKey) ks.getKey(privateKeyAlias,
                    privateKeyPass.toCharArray());

            Element soapHeaderElement = (Element) ((Element) doc.getFirstChild()).getElementsByTagNameNS("*", "Header").item(0);
            Element soapSignatureElement = (Element) soapHeaderElement.getElementsByTagNameNS("*", "Signature").item(0);

            //Id attribute creation
            Element body = (Element)doc.getElementsByTagNameNS("http://schemas.xmlsoap.org/soap/envelope/", "Body").item(0);
            body.setAttribute("Id", "Body");

            XMLSignature sig = new XMLSignature(doc, baseURI,
                    XMLSignature.ALGO_ID_SIGNATURE_DSA);

            soapSignatureElement.appendChild(sig.getElement());
            sig.addDocument("#Body");


            X509Certificate cert =
                    (X509Certificate) ks.getCertificate(certificateAlias);


            sig.addKeyInfo(cert);
            sig.addKeyInfo(cert.getPublicKey());
            sig.sign(privateKey);

            Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
            byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);

            InputSource is = new InputSource(new java.io.ByteArrayInputStream(canonicalMessage));
            DeserializationContext dser = null;
            if (msgContext == null) {
                AxisClient tmpEngine = new AxisClient(new NullProvider());
                msgContext = new MessageContext(tmpEngine);
            }
            dser = new DeserializationContext(is, msgContext,
                    Message.REQUEST, this);

            dser.parse();
            System.out.println("Client signing complete.");
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e.toString());
        }
    }

    private Document getSOAPEnvelopeAsDocument(SOAPEnvelope env, MessageContext msgContext)
            throws Exception {
        StringWriter writer = new StringWriter();
        SerializationContext serializeContext = new SerializationContext(writer, msgContext);
        env.output(serializeContext);
        writer.close();

        Reader reader = new StringReader(writer.getBuffer().toString());
        Document doc = XMLUtils.newDocument(new InputSource(reader));
        if (doc == null)
            throw new Exception(
                    Messages.getMessage("noDoc00", writer.getBuffer().toString()));
        return doc;
    }
}