/** {@inheritDoc} */ public SOAPMessage signSoapMessage(SOAPMessage msg, CredentialInfo credentialInfo) throws JAXRException { try { // Check if the server being communicated is a legacy server and property for it is set. boolean legacyServer = Boolean.valueOf( CommonProperties.getInstance() .getProperty("omar.common.security.legacyServer", "false")) .booleanValue(); // Create XWSProcessor XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance(); XWSSProcessor processor = null; if (legacyServer) { processor = factory.createForSecurityConfiguration( getSecurityConfiguration(msg), new SecurityCallbackHandler(credentialInfo)); } else { processor = factory.createForSecurityConfiguration( getSigningSecurityConfiguration(msg, credentialInfo), new SecurityCallbackHandler(credentialInfo)); } ProcessingContext context = new ProcessingContext(); // msg will be updated in place context.setSOAPMessage(msg); processor.secureOutboundMessage(context); // work around for SOAPMessage.writeTo() inconsistencies msg.saveChanges(); } catch (Exception e) { throw new JAXRException( CommonResourceBundle.getInstance().getString("message.signSoapMessageFailed"), e); } return msg; }
/** {@inheritDoc} */ public boolean verifySoapMessage(SOAPMessage msg, CredentialInfo credentialInfo) throws JAXRException { try { SecurableSoapMessage secureMsg = null; credentialInfo.cert = null; // manually parse incoming message, looking for certificates ReceivedCertificate certInfo = new ReceivedCertificate(msg); if (null == certInfo || null == certInfo.getCertificate()) { // SOAP message had no <wss:Security/> header or // appropriate <wss:BinarySecurityToken/> return false; } // don't mess with credentialInfo parameter 'till after verification CredentialInfo tempCredentialInfo = new CredentialInfo(); tempCredentialInfo.cert = certInfo.getCertificate(); SecurityCallbackHandler cbHandler = new SecurityCallbackHandler(tempCredentialInfo); SecurityEnvironment se = new DefaultSecurityEnvironmentImpl(cbHandler); // Creates a default security environment using a SecurityCallbackHandler if (msg instanceof SecurableSoapMessage) { secureMsg = (SecurableSoapMessage) msg; } else { // Wrap the SOAPMessage with a SecurableSoapMessage secureMsg = new SecurableSoapMessage(msg); } // Verify that message has a SecurityHeader SecurityHeader secHeader = secureMsg.findSecurityHeader(); if (secHeader == null) { // SOAP message had no wss:SecurityHeader return false; } // There is a security header so verify message // Create XWSProcessor XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance(); XWSSProcessor processor = factory.createForSecurityConfiguration( getVerificationSecurityConfiguration(msg, credentialInfo), cbHandler); ProcessingContext context = new ProcessingContext(); context.setSecurityEnvironment(se); context.setSOAPMessage(secureMsg); processor.verifyInboundMessage(context); credentialInfo.cert = certInfo.getCertificate(); } catch (Exception e) { if (ignoreSignatureVerificationErrors) { if (logSignatureVerificationErrors) { log.error( CommonResourceBundle.getInstance().getString("message.verifySoapMessageFailed"), e); } return false; } else { throw new JAXRException( CommonResourceBundle.getInstance().getString("message.verifySoapMessageFailed"), e); } } return true; }