-
-
Save alapini/c5929df7a5ec41ec328290b72c06bf27 to your computer and use it in GitHub Desktop.
This gist shows how to verify a signed Soap-Message using Apache WSS4J
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package de.wolff.wsst; | |
| import java.io.FileInputStream; | |
| import java.io.FileNotFoundException; | |
| import java.io.IOException; | |
| import java.io.InputStream; | |
| import java.util.Arrays; | |
| import java.util.Properties; | |
| import java.util.regex.Pattern; | |
| import javax.xml.soap.MessageFactory; | |
| import javax.xml.soap.SOAPException; | |
| import javax.xml.soap.SOAPMessage; | |
| import org.apache.wss4j.common.crypto.Crypto; | |
| import org.apache.wss4j.common.crypto.CryptoFactory; | |
| import org.apache.wss4j.common.ext.WSSecurityException; | |
| import org.apache.wss4j.dom.engine.WSSecurityEngine; | |
| import org.apache.wss4j.dom.handler.RequestData; | |
| public class WSSecurityVerifier { | |
| private static final String TRUSTSTORE_FILE = System.getProperty("truststore.file"); | |
| private static final String TRUSTSTORE_PASSWD = System.getProperty("truststore.password"); | |
| public static void main(String[] args) throws Throwable { | |
| SOAPMessage message = readSoapMessage(args[0]); | |
| WSSecurityEngine engine = new WSSecurityEngine(); | |
| engine.processSecurityHeader(message.getSOAPPart(), requestData()); | |
| System.out.println("Message valid!"); | |
| } | |
| private static SOAPMessage readSoapMessage(String path) throws IOException, SOAPException, FileNotFoundException { | |
| try (InputStream stream = new FileInputStream(path)) { | |
| return MessageFactory.newInstance().createMessage(null, stream); | |
| } | |
| } | |
| private static RequestData requestData() throws WSSecurityException { | |
| Crypto crypto = crypto(); | |
| RequestData requestData = new RequestData(); | |
| requestData.setDecCrypto(crypto); | |
| requestData.setSigVerCrypto(crypto); | |
| requestData.setSubjectCertConstraints(Arrays.asList(Pattern.compile(".*"))); | |
| return requestData; | |
| } | |
| private static Crypto crypto() throws WSSecurityException { | |
| Properties properties = new Properties(); | |
| properties.setProperty("org.apache.wss4j.crypto.merlin.truststore.file", TRUSTSTORE_FILE); | |
| properties.setProperty("org.apache.wss4j.crypto.merlin.truststore.password", TRUSTSTORE_PASSWD); | |
| return CryptoFactory.getInstance(properties); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment