Java client SOAP HTTP - SignatureValue and DigestValue -


i've been trying communicate secured endpoint (https/ssl) sending soap request in java.

i have .cer , .pfx files being read via fileinputstream i'm not sure on how signaturevalue , digestvalue should generated getting extracted .pfx file.

however, problem response i'm getting invalidsecurity. suggestions on resolving highly appreciated.

below codes:

public class test2 {     public static void main(string[] args) {          try {             string uniquetoken = jwttokenutil.generatetoken(user_agent);             rsa1 rsa = new rsa1();             map<string,string> map = rsa.getvalue();             string singnaturevalue = map.get("signature");             string digestvalue = map.get("digest");             string httpsurl = "https://<https url>.svc/https";             defaulthttpclient httpclient = new defaulthttpclient();              try {  string ca_file = "c:\\users\\administrator\\desktop\\certificate file.cer";  fileinputstream fis = new fileinputstream(ca_file); x509certificate ca = (x509certificate) certificatefactory.getinstance(         "x.509").generatecertificate(new bufferedinputstream(fis));  keystore ks = keystore.getinstance(keystore.getdefaulttype()); ks.load(null, null); ks.setcertificateentry(integer.tostring(1), ca);  trustmanagerfactory tmf = trustmanagerfactory         .getinstance(trustmanagerfactory.getdefaultalgorithm()); tmf.init(ks);  sslcontext ctx = sslcontext.getinstance("tls"); trustmanager[] trustmanagers = tmf.gettrustmanagers();  keymanager[] keymanagers = getkeymanagers("pkcs12", new fileinputstream(new file("c:\\users\\administrator\\desktop\\pfxfile.pfx")), "password"); ctx.init(keymanagers, trustmanagers, new securerandom()); sslsocketfactory factory = new sslsocketfactory(ctx, new stricthostnameverifier());  clientconnectionmanager manager = httpclient.getconnectionmanager(); manager.getschemeregistry().register(new scheme("https", 443, factory));  inputstream pfxinputstream = new fileinputstream("c:\\users\\administrator\\desktop\\dvs\\pfxfile.pfx"); keystore ksa = keystore.getinstance("pkcs12"); ksa.load(pfxinputstream, "aztgex4nptsckffs".tochararray()); enumeration<string> aliases = ksa.aliases(); string aliaz = ""; while (aliases.hasmoreelements()) {     aliaz = aliases.nextelement();     if (ksa.iskeyentry(aliaz)) {         break;     } } messagedigest md = messagedigest.getinstance("sha-1"); md.update("x.509".getbytes()); byte[] digestd =  md.digest();  x509certificate certificate = (x509certificate) ksa.getcertificate(aliaz); base64 base64 = new base64(); string tokena = base64.encodetostring(certificate.getencoded()); string signature = base64.encodetostring(certificate.getsignature()); string digest = base64.encodetostring(digestd);  url obj = new url(httpsurl); httpsurlconnection con = (httpsurlconnection) obj.openconnection();  con.setrequestmethod("post"); con.setrequestproperty("user-agent", user_agent); con.setrequestproperty("content-type", "application/soap+xml; charset=utf-8"); con.setrequestproperty("host", "endpoint url"); con.setrequestproperty("accept-language", "en-us,en;q=0.5"); con.setrequestproperty("accept-encoding", "gzip, deflate"); con.setsslsocketfactory(ctx.getsocketfactory());  string urlparameters = "<s:envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:a=\"http://www.w3.org/2005/08/addressing\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">\n"         + " <s:header>\n"         + " <a:action s:mustunderstand=\"1\">http://contract/service/manager/verification</a:action>\n"         + " <a:messageid>urn:uuid:cc74abd8aafsa8f</a:messageid>\n"         + " <activityid correlationid=\"c4bsdde6af1d5\" xmlns=\"http://schemas.microsoft.com/2004/09/servicemodel/diagnostics\">8338-38a9a19bd371</activityid>\n"         + " <a:replyto>\n"         + " <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>\n"         + " </a:replyto>\n"         + " <a:to s:mustunderstand=\"1\" u:id=\"_1\">https://url/bus/verificationservicebus.svc/https</a:to>\n"         + " <o:security s:mustunderstand=\"1\" xmlns:o=\"http://url.xsd\">\n"         + " <u:timestamp u:id=\"_0\">\n"         + " <u:created>" + nowutcg + "</u:created>\n"         + " <u:expires>" + nowutcg5 + "</u:expires>\n"         + " </u:timestamp>\n"         + " <o:binarysecuritytoken encodingtype=\"http://wss-soap-message-security-1.0#base64binary\" \n"         + " valuetype=\"http://url-token-profile-1.0#x\" \n"         + " u:id=\"urn:uuid:5a23-4a786f0da8c-10\">" + tokena + "</o:binarysecuritytoken>\n"         + " <signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n"         + " <signedinfo>\n"         + " <canonicalizationmethod algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></canonicalizationmethod>\n"         + " <signaturemethod algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"></signaturemethod>\n"         + " <reference uri=\"#_0\">\n"         + " <transforms>\n"         + " <transform algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></transform>\n"         + " </transforms>\n"         + " <digestmethod algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"></digestmethod>\n"         + " <digestvalue></digestvalue>\n"         + " </reference>\n"         + " <reference uri=\"#_1\">\n"         + " <transforms>\n"         + " <transform algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"></transform>\n"         + " </transforms>\n"         + " <digestmethod algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"></digestmethod>\n"         + " <digestvalue>"+digestvalue+"</digestvalue>\n"         + " </reference>\n"         + " </signedinfo>\n"         + " <signaturevalue>"+singnaturevalue+"</signaturevalue>\n"         + " <keyinfo>\n"         + " <o:securitytokenreference>\n"         + " <o:reference valuetype=\"http://url-token-profile-1.0#x\" uri=\"#urn:uuid:5a23-4a786f0da8c-10\"></o:reference>\n"         + " </o:securitytokenreference>\n"         + " </keyinfo>\n"         + " </signature>\n"         + " </o:security>\n"         + " </s:header>\n"         + " <s:body>\n"         + " <verifydocument xmlns=\"http://contract/service/manager\">\n"         + " <request i:type=\"b:requestname\" xmlns:b=\"http://contract/data/manager\" xmlns:i=\"http://www.w3.org/2001/xmlschema-instance\">\n"         + " <b:fullname i:nil=\"true\"></b:fullname>\n"         + " </request>\n"         + " </verifydocument>\n"         + " </s:body>\n"         + " </s:envelope>";  con.setdoinput(true); con.setdooutput(true); dataoutputstream wr = new dataoutputstream(con.getoutputstream()); wr.writebytes(urlparameters); wr.flush(); wr.close();  int responsecode = con.getresponsecode(); bufferedreader innn = new bufferedreader(new inputstreamreader(con.geterrorstream())); string line = ""; while ((line = innn.readline()) != null) {     system.out.println("error stream=>" + line); }              } catch (exception e) {                 e.printstacktrace();             }         } catch (ioexception ex) {             logger.getlogger(test2.class.getname()).log(level.severe, null, ex);         } catch (nosuchalgorithmexception ex) {             logger.getlogger(test2.class.getname()).log(level.severe, null, ex);         }     }      protected static keymanager[] getkeymanagers(string keystoretype, inputstream keystorefile, string keystorepassword) throws exception {         keystore keystore = keystore.getinstance(keystoretype);         keystore.load(keystorefile, keystorepassword.tochararray());         keymanagerfactory kmf = keymanagerfactory.getinstance(keymanagerfactory.getdefaultalgorithm());         kmf.init(keystore, keystorepassword.tochararray());         return kmf.getkeymanagers();     }      protected static trustmanager[] gettrustmanagers(string truststoretype, inputstream truststorefile, string truststorepassword) throws exception {         keystore truststore = keystore.getinstance(truststoretype);         truststore.load(truststorefile, truststorepassword.tochararray());         trustmanagerfactory tmf = trustmanagerfactory.getinstance(trustmanagerfactory.getdefaultalgorithm());         tmf.init(truststore);         return tmf.gettrustmanagers();     } }

appreciate if i'm missing soap request:

<?xml version="1.0" encoding="utf-8"?> <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">    <s:header>       <a:action s:mustunderstand="1">http://dvs/common/2014/06/contract/service/manager/iverification/verification</a:action>       <a:messageid>urn:uuid:cc74abd8aafsa8f</a:messageid>       <activityid xmlns="http://schemas.microsoft.com/2004/09/servicemodel/diagnostics" correlationid="c4bsdde6af1d5">8338-38a9a19bd371</activityid>       <a:replyto>          <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>       </a:replyto>       <a:to s:mustunderstand="1" u:id="_1">https://url/bus/verificationservicebus.svc/https</a:to>       <o:security xmlns:o="http://url.xsd" s:mustunderstand="1">          <u:timestamp u:id="_0">             <u:created>2017-08-21t00:37:35.427z</u:created>             <u:expires>2017-08-21t00:42:35.427z</u:expires>          </u:timestamp>          <o:binarysecuritytoken encodingtype="http:wss-soap-message-security-1.0#base64binary#base64binary" valuetype="http://url-token-profile-1.0#x" u:id="urn:uuid:5a23-4a786f0da8c-10">securitytoken</o:binarysecuritytoken>          <signature xmlns="http://www.w3.org/2000/09/xmldsig#">             <signedinfo>                <canonicalizationmethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />                <signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />                <reference uri="#_0">                   <transforms>                      <transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />                   </transforms>                   <digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />                   <digestvalue />                </reference>                <reference uri="#_1">                   <transforms>                      <transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />                   </transforms>                   <digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />                   <digestvalue>kzmk0hpp5e</digestvalue>                </reference>             </signedinfo>             <signaturevalue>vknhkgvtkge7nz5bkpgrrgmzx5e4dckhks0hune5wol0hsg==</signaturevalue>             <keyinfo>                <o:securitytokenreference>                   <o:reference valuetype="http://url-token-profile-1.0#x" uri="#urn:uuid:5a23-4a786f0da8c-10" />                </o:securitytokenreference>             </keyinfo>          </signature>       </o:security>    </s:header>    <s:body>       <verifydocument xmlns="http://contract/service/manager">          <request xmlns:b="http://contract/service/manager" xmlns:i="http://www.w3.org/2001/xmlschema-instance" i:type="b:requestname">             <b:fullname i:nil="true" />          </request>       </verifydocument>    </s:body> </s:envelope>

however, response "invalidsecurity".

<?xml version="1.0" encoding="utf-8"?> <s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">    <s:header>       <a:action s:mustunderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:action>       <a:relatesto>urn:uuid:cc74abd8aafsa8f</a:relatesto>    </s:header>    <s:body>       <s:fault>          <s:code>             <s:value>s:sender</s:value>             <s:subcode>                <s:value xmlns:a="http://senderurl.xsd">a:invalidsecurity</s:value>             </s:subcode>          </s:code>          <s:reason>             <s:text xml:lang="en-us">an error occurred when verifying security message.</s:text>          </s:reason>       </s:fault>    </s:body> </s:envelope>


Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more