I really struggle with that. I have a web service for a call that is protected by a certificate and digitally signed. All this must be transmitted as part of the SOAP request that I create using Java code, but even after several days on it, the digital signature part that I am trying to create is not formed properly.
The code creates the request properly before the BinaryToken and breaks from the "Name signatureToken". Look for directions on what is not right in your code.
This is an XML example:
<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="XWSSGID-1313056420712-845854837">MIIDVjCCAj6gAwIBAgIEThbQLTANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJnYjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEUMBIGA1UEChMLaGVhbHRoc29sdmUxFDASBgNVBAsTC2hlYWx0aHNvbHZlMQ4wDAYDVQQDEwVzaW1vbjAeFw0xMTA3MDgwOTM4NTNaFw0xMjA3MDIwOTM4NTNaMG0x</wsse:BinarySecurityToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="XWSSGID-13130564207092015610708"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse SOAP-ENV"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#XWSSGID-1313056421405-433059543"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>3wCcYA8m7LN0TLchG80s6zUaTJE=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>ZkPCKEGpOmkhJA5Kq6oqUYU3OWQYyca676UhL lOyRj7HQD7g0vS+wp70gY7Hos/2G7UpjmYDLPA==</ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1313056421331317573418"> <wsse:Reference URI="#XWSSGID-1313056420712-845854837" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="XWSSGID-1313056421405-433059543"> </ns2:GetEhaStatusRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
and the code that I wrote to create the above XML through the code looks like this:
protected void setSecuritySection(SOAPFactory soapFactory, SOAPEnvelope envelope, SOAPPart soapPart) throws SOAPException, ECException { String METHODNAME = "setSecuritySection"; KeyPairGenerator kpg; boolean mustUnderstand = true; SOAPHeader soapHeader = envelope.getHeader(); try { Name securityName = soapFactory.createName("Security", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd"); SOAPElement securityElement = soapHeader.addHeaderElement(securityName); // SOAPHeaderElement securityElement = // soapHeader.addHeaderElement(securityName); // securityElement.setMustUnderstand(mustUnderstand); Name binarySecurityToken = soapFactory.createName("BinarySecurityToken", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd"); SOAPElement binarySecurityTokenElement = securityElement.addChildElement(binarySecurityToken); Certificate cert; String trustStoreLocation = ServerInformation.getValueForWebsphereVariable("EHA_TRUSTSTORE"); String trustStorePwd = ServerInformation.getValueForWebsphereVariable("EHA_TRUSTSTORE_PWD"); InputStream path = new FileInputStream(trustStoreLocation); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(path, new String(new BASE64Decoder().decodeBuffer(trustStorePwd)).toCharArray()); cert = ks.getCertificate("test"); binarySecurityTokenElement.addTextNode(new BASE64Encoder().encode(cert.getEncoded())); kpg = KeyPairGenerator.getInstance("DSA"); Name idToken = soapFactory.createName("Id", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-secext-1.0.xsd"); SOAPElement idElement = binarySecurityTokenElement.addChildElement(idToken); idElement.addTextNode("test"); Name valueTypeToken = soapFactory.createName("ValueType", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); SOAPElement valueTypeElement = binarySecurityTokenElement.addChildElement(valueTypeToken); valueTypeElement.addTextNode("X509v3"); Name encodingTypeToken = soapFactory.createName("EncodingType", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"); SOAPElement encodingTypeElement = binarySecurityTokenElement.addChildElement(encodingTypeToken); encodingTypeElement.addTextNode("Base64Binary"); Name signatureToken = soapFactory.createName("Signature", "ds", "http://www.w3.org/2000/09/xmldsig#"); SOAPHeaderElement signElement = soapHeader.addHeaderElement(signatureToken); Name id1 = soapFactory.createName("Id"); signElement.addAttribute(id1,"XWSSGID-13130564207092015610708"); Name signedInfo = soapFactory.createName("SignedInfo"); SOAPElement signInfoElement = signElement.addChildElement(signedInfo); //SOAPHeaderElement signInfoElement = soapHeader.addHeaderElement(signedInfo); Name canonicalToken = soapFactory.createName("CanonicalizationMethod"); SOAPElement canonicalTokenTokenElement = signInfoElement.addChildElement(canonicalToken); Name alg = soapFactory.createName("Algorithm"); canonicalTokenTokenElement.addAttribute(alg,"http://www.w3.org/2001/10/xml-exc-c14n#"); Name InclusiveNamespaceToken = soapFactory.createName("InclusiveNamespaces", "wsse", "http://www.w3.org/2001/10/xml-exc-c14n#"); SOAPElement element = canonicalTokenTokenElement.addChildElement(InclusiveNamespaceToken); Name prefixList = soapFactory.createName("PrefixList"); element.addAttribute(prefixList,"wsse SOAP-ENV"); Name signatureMethodToken = soapFactory.createName("SignatureMethod","ds", "http://www.w3.org/2000/09/xmldsig#rsa-sha1"); SOAPElement signatureMethodTokenElement = signInfoElement.addChildElement(signatureMethodToken); Name alg2 = soapFactory.createName("Algorithm"); signatureMethodTokenElement.addAttribute(alg2,"http://www.w3.org/2000/09/xmldsig#rsa-sha1"); Name referenceToken = soapFactory.createName("Reference", "ds", "#XWSSGID-1313056421405-433059543"); SOAPElement referenceTokenElement = signatureMethodTokenElement.addChildElement(referenceToken); Name uri = soapFactory.createName("URI"); referenceTokenElement.addAttribute(uri,"#XWSSGID-1313056421405-433059543"); Name digestMethodAlgToken = soapFactory.createName("DigestMethod"); SOAPElement digestMethodAlgTokenElement = referenceTokenElement.addChildElement(digestMethodAlgToken); Name alg3 = soapFactory.createName("Algorithm"); digestMethodAlgTokenElement.addAttribute(alg3,"http://www.w3.org/2000/09/xmldsig#sha1"); Name digestValueToken = soapFactory.createName("DigestValue" ,"ds" , "3wCcYA8m7LN0TLchG80s6zUaTJE="); SOAPElement digestValueTokenElement = referenceTokenElement.addChildElement(digestValueToken); digestValueTokenElement.addTextNode("3wCcYA8m7LN0TLchG80s6zUaTJE="); Name signValueToken = soapFactory.createName("SignatureValue"); SOAPElement signValueElement = signElement.addChildElement(signValueToken); signValueElement.addTextNode("QlYfURFjcYPu41G31bXgP4JbFdg6kWH+8ofrY+oc22FvLqVMUW3zdtvZN=="); Name keyInfoToken = soapFactory.createName("KeyInfo") ; SOAPElement keyInfoElement = signElement.addChildElement(keyInfoToken); Name securityRefToken = soapFactory.createName("SecurityTokenReference" ,"wsse" , "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); SOAPElement securityRefElement = keyInfoElement.addChildElement(securityRefToken); Name id2 = soapFactory.createName("Id","wsu","http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"); securityRefElement.addAttribute(id2,"XWSSGID-1313056421331317573418"); Name referenceURIToken = soapFactory.createName("Reference", "wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-tokenprofile1.0#X509v3"); SOAPElement refElement = securityRefElement.addChildElement(referenceURIToken); Name uri1 = soapFactory.createName("URI"); refElement.addAttribute(uri1,"#XWSSGID-1313056420712-845854837"); Name valType = soapFactory.createName("ValueType"); refElement.addAttribute(valType,"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); } catch (Exception ex) { throw new SOAPException(ex); }