/** {@inheritDoc} */
public SOAPMessage signSoapMessage(SOAPMessage msg, CredentialInfo credentialInfo)
throws JAXRException {
try {
// Check if the server being communicated is a legacy server and property for it is set.
boolean legacyServer =
Boolean.valueOf(
CommonProperties.getInstance()
.getProperty("omar.common.security.legacyServer", "false"))
.booleanValue();
// Create XWSProcessor
XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance();
XWSSProcessor processor = null;
if (legacyServer) {
processor =
factory.createForSecurityConfiguration(
getSecurityConfiguration(msg), new SecurityCallbackHandler(credentialInfo));
} else {
processor =
factory.createForSecurityConfiguration(
getSigningSecurityConfiguration(msg, credentialInfo),
new SecurityCallbackHandler(credentialInfo));
}
ProcessingContext context = new ProcessingContext();
// msg will be updated in place
context.setSOAPMessage(msg);
processor.secureOutboundMessage(context);
// work around for SOAPMessage.writeTo() inconsistencies
msg.saveChanges();
} catch (Exception e) {
throw new JAXRException(
CommonResourceBundle.getInstance().getString("message.signSoapMessageFailed"), e);
}
return msg;
}
/** {@inheritDoc} */
public boolean verifySoapMessage(SOAPMessage msg, CredentialInfo credentialInfo)
throws JAXRException {
try {
SecurableSoapMessage secureMsg = null;
credentialInfo.cert = null;
// manually parse incoming message, looking for certificates
ReceivedCertificate certInfo = new ReceivedCertificate(msg);
if (null == certInfo || null == certInfo.getCertificate()) {
// SOAP message had no <wss:Security/> header or
// appropriate <wss:BinarySecurityToken/>
return false;
}
// don't mess with credentialInfo parameter 'till after verification
CredentialInfo tempCredentialInfo = new CredentialInfo();
tempCredentialInfo.cert = certInfo.getCertificate();
SecurityCallbackHandler cbHandler = new SecurityCallbackHandler(tempCredentialInfo);
SecurityEnvironment se = new DefaultSecurityEnvironmentImpl(cbHandler);
// Creates a default security environment using a SecurityCallbackHandler
if (msg instanceof SecurableSoapMessage) {
secureMsg = (SecurableSoapMessage) msg;
} else {
// Wrap the SOAPMessage with a SecurableSoapMessage
secureMsg = new SecurableSoapMessage(msg);
}
// Verify that message has a SecurityHeader
SecurityHeader secHeader = secureMsg.findSecurityHeader();
if (secHeader == null) {
// SOAP message had no wss:SecurityHeader
return false;
}
// There is a security header so verify message
// Create XWSProcessor
XWSSProcessorFactory factory = XWSSProcessorFactory.newInstance();
XWSSProcessor processor =
factory.createForSecurityConfiguration(
getVerificationSecurityConfiguration(msg, credentialInfo), cbHandler);
ProcessingContext context = new ProcessingContext();
context.setSecurityEnvironment(se);
context.setSOAPMessage(secureMsg);
processor.verifyInboundMessage(context);
credentialInfo.cert = certInfo.getCertificate();
} catch (Exception e) {
if (ignoreSignatureVerificationErrors) {
if (logSignatureVerificationErrors) {
log.error(
CommonResourceBundle.getInstance().getString("message.verifySoapMessageFailed"), e);
}
return false;
} else {
throw new JAXRException(
CommonResourceBundle.getInstance().getString("message.verifySoapMessageFailed"), e);
}
}
return true;
}
