StaxServer.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package demo.wssec.server;

import java.net.URL;
import java.util.Properties;

import javax.xml.namespace.QName;
import javax.xml.ws.Endpoint;

import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.ws.security.wss4j.StaxCryptoCoverageChecker;
import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.stax.ext.SecurePart;

/**
 * A StAX-based server
 */
public class StaxServer {

    protected StaxServer() throws Exception {
        System.out.println("Starting StaxServer");

        Object implementor = new GreeterImpl();
        String address = "http://localhost:9000/SoapContext/GreeterPort";
        Endpoint.publish(address, implementor);
    }

    public static void main(String args[]) throws Exception {

        SpringBusFactory bf = new SpringBusFactory();
        URL busFile = Server.class.getResource("wssec.xml");
        Bus bus = bf.createBus(busFile.toString());

        Properties decCryptoProperties =
            CryptoFactory.getProperties("etc/Server_Decrypt.properties", StaxServer.class.getClassLoader());
        Properties sigVerCryptoProperties =
            CryptoFactory.getProperties("etc/Server_SignVerf.properties", StaxServer.class.getClassLoader());

        WSSSecurityProperties properties = new WSSSecurityProperties();
        properties.addAction(WSSConstants.USERNAMETOKEN);
        properties.addAction(WSSConstants.TIMESTAMP);
        properties.addAction(WSSConstants.SIGNATURE);
        properties.addAction(WSSConstants.ENCRYPT);

        properties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT);
        properties.setTokenUser("Alice");
        properties.setSignatureUser("serverx509v1");
        properties.setEncryptionUser("clientx509v1");

        properties.setEncryptionCryptoProperties(sigVerCryptoProperties);
        properties.setEncryptionKeyIdentifier(
            WSSecurityTokenConstants.KeyIdentifier_IssuerSerial
        );
        properties.setEncryptionKeyTransportAlgorithm(
            "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
        );
        properties.addEncryptionPart(
            new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element)
        );
        properties.addEncryptionPart(
            new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Content)
        );

        properties.setSignatureCryptoProperties(decCryptoProperties);
        properties.setSignatureKeyIdentifier(
            WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE
        );
        properties.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        properties.addSignaturePart(
            new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), SecurePart.Modifier.Element)
        );
        properties.addSignaturePart(
            new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Content)
        );
        properties.setCallbackHandler(new UTPasswordCallback());

        WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
        bus.getOutInterceptors().add(ohandler);

        WSSSecurityProperties inProperties = new WSSSecurityProperties();
        inProperties.addAction(WSSConstants.USERNAMETOKEN);
        inProperties.addAction(WSSConstants.TIMESTAMP);
        inProperties.addAction(WSSConstants.SIGNATURE);
        inProperties.addAction(WSSConstants.ENCRYPT);

        inProperties.setCallbackHandler(new UTPasswordCallback());
        inProperties.setDecryptionCryptoProperties(decCryptoProperties);
        inProperties.setSignatureVerificationCryptoProperties(sigVerCryptoProperties);

        WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
        bus.getInInterceptors().add(inhandler);

        // Check to make sure that the SOAP Body and Timestamp were signed,
        // and that the SOAP Body was encrypted
        StaxCryptoCoverageChecker coverageChecker = new StaxCryptoCoverageChecker();
        coverageChecker.setSignBody(true);
        coverageChecker.setSignTimestamp(true);
        coverageChecker.setEncryptBody(true);
        bus.getInInterceptors().add(coverageChecker);

        BusFactory.setDefaultBus(bus);

        new StaxServer();
        System.out.println("StaxServer ready...");

        Thread.sleep(5 * 60 * 1000);

        bus.shutdown(true);
        System.out.println("StaxServer exiting");
        System.exit(0);
    }
}