3

I need to sign a SOAP message in java using X.509 certificate. I already implemented it using libraries 'com.sun.org.apache.xml.internal.security' and 'java.security'.

This is how my signed SOAP message looks like:

<soapenv:Envelope xmlns:axw="http://www.axway.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                <ds:Reference URI="">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <ds:DigestValue>/*encoded value*/</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>
/*signature value*/
            </ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>
/*certificate*/
                    </ds:X509Certificate>
                </ds:X509Data>
                <ds:KeyValue>
                    <ds:RSAKeyValue>
                        <ds:Modulus>
/*other encoded data*/
                        </ds:Modulus>
                        <ds:Exponent>AQAB</ds:Exponent>
                    </ds:RSAKeyValue>
                </ds:KeyValue>
            </ds:KeyInfo>
        </ds:Signature>
    </soapenv:Header>
    <soapenv:Body>
        /*SOAP message body*/
</soapenv:Envelope>

But I need my SOAP message to include 'wsse:SecurityTokenReference' and 'wsse:KeyIdentifier' instead of 'ds:X509Data' and 'ds:X509Certificate' tag.

Expected signed SOAP message is: 

<soapenv:Envelope xmlns:axw="http://www.axway.com" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <ds:Signature Id="SIG-554C045BCDA442589F146244518693410" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
               <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                  <ec:InclusiveNamespaces PrefixList="axw soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
               </ds:CanonicalizationMethod>
               <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
               <ds:Reference URI="#id-554C045BCDA442589F14624451869339">
                  <ds:Transforms>
                     <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="axw" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                     </ds:Transform>
                  </ds:Transforms>
                  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                  <ds:DigestValue>/**encoded value/</ds:DigestValue>
               </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>/*signature value*/</ds:SignatureValue>
            <ds:KeyInfo Id="KI-554C045BCDA442589F14624451869337">
               <wsse:SecurityTokenReference wsu:Id="STR-554C045BCDA442589F14624451869338">
                  <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
                  /*certificate*/</wsse:KeyIdentifier>
               </wsse:SecurityTokenReference>
            </ds:KeyInfo>
         </ds:Signature>
      </wsse:Security>
   </soapenv:Header>
   <soapenv:Body wsu:Id="id-554C045BCDA442589F14624451869339" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      /*message body*/
   </soapenv:Body>
</soapenv:Envelope>

I googled and found that expected signed SOAP message is signed by using wss4j api.

But I am not able to implement this api successfully and get the desired result. Could anybody please guide how to use wss4j to sign a SOAP message?

Akhil Tiwari
  • 264
  • 3
  • 15
  • Hi @Akhil , wondering if you got a solution for that, if yes could you please answer? I have a similar problem - http://stackoverflow.com/questions/42084341/soaphandler-for-wssecurity-with-digital-signature – Mahasooq Feb 07 '17 at 10:13
  • I found some workaround using SOAPUI that time. SOAPUI uses wss4j api. – Akhil Tiwari Apr 10 '17 at 03:22

0 Answers0