Welcome to the Java Programming Forums

The professional, friendly Java community. 21,500 members and growing!

The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 2 of 2

Thread: sign XML with WS-Security

  1. #1
    Junior Member
    Join Date
    Oct 2010
    Thanked 0 Times in 0 Posts

    Default sign XML with WS-Security

    I'm new to this forum but i need some help.
    My problem is for signing a xml with the WS-Security Oasis specification
    (it's: <wsse:security><ds:signature><ds....)
    Actually i use the xws-security framework but i have a bug, look my code:
    // Initialize the apache libraries
    // Obtain security elements from the keystore
    PrivateKey privateKey = keyEntry.getPrivateKey();
    // Obtain a sample SOAPMessage from a file
    FileInputStream fis = new FileInputStream(new File(fileName));
    Document doc = XMLUtil.toDOMDocument(fis);
    //SOAPMessage message = MyFileUtils.getMessageFromFile(doc);
    MessageFactory fac = MessageFactory.newInstance();
    MimeHeaders mimeHeaders = new MimeHeaders();
    mimeHeaders.addHeader("Context-Value", null);
    SOAPMessage message = fac.createMessage(mimeHeaders, new FileInputStream(fileName));
    SOAPHeader header = message.getSOAPHeader();
    SOAPBody body = message.getSOAPBody();
    // Set the wsu:Id attribute to the Body
    XMLUtil.setWsuIdAttr(body, "id-2");
    // Create a WSSE context for the SOAP message
    SecurableSoapMessage sssm = new SecurableSoapMessage(message);
    // Create a security header for the message (<wsse:Security>)
    SecurityHeader sh = sssm.findOrCreateSecurityHeader();
    // Insert the certificate (<wsse:BinarySecurityToken>)
    X509SecurityToken stoken = new X509SecurityToken(header.getOwnerDocument(), cert);
    // Insert the keyinfo referring to the certificate (<ds:KeyInfo>)
    KeyInfoHeaderBlock kihb = new KeyInfoHeaderBlock(header.getOwnerDocument());
    SecurityTokenReference secTR = new SecurityTokenReference(header.getOwnerDocument());
    // Insert the Signature block (<ds:Signature>)
    SignatureHeaderBlock shb = new SignatureHeaderBlock(header.getOwnerDocument(),XMLSignature.ALGO_ID_SIGNATURE_RSA);
    Transforms transforms = new Transforms(header.getOwnerDocument());
    shb.addSignedInfoReference("id-2", transforms, Constants.ALGO_ID_DIGEST_SHA1);
    // Digest all References (#MyId) in the SignedInfo, calculate the signature value
    // and set it in the SignatureValue Element
    javax.swing.JOptionPane.showMessageDialog(null, "PublicKey : "+privateKey.toString());
    // Add the signature data to the header element
    // Save the signed SOAP message
    FileOutputStream fos = new FileOutputStream(new File(signatureFileName));

    This code return a null exception at the line : shb.sign(privateKey)
    Erreur code:
    An error has occurred : java.lang.NullPointerException
    	at com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP.engineCanResolve(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.canResolve(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.getInstance(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver.getInstance(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.signature.Reference.calculateDigest(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.signature.Reference.generateDigestValue(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.signature.Manifest.generateDigestValues(Unknown Source)
    	at com.sun.org.apache.xml.internal.security.signature.XMLSignature.sign(Unknown Source)
    	at com.sun.xml.wss.core.SignatureHeaderBlock.sign(SignatureHeaderBlock.java:189)
    	at sign.Main.signedXML(Main.java:475)
    	at sign.Main.main(Main.java:113)

    Thank you.

  2. #2
    Administrator copeg's Avatar
    Join Date
    Oct 2009
    Thanked 833 Times in 772 Posts
    Blog Entries

    Default Re: sign XML with WS-Security

    Please do not post the same topic more than once. Your other post has been removed.

  3. The Following User Says Thank You to copeg For This Useful Post:

    splendes (October 7th, 2010)

Similar Threads

  1. Applet Security Warning & Class Loaders
    By tess in forum What's Wrong With My Code?
    Replies: 5
    Last Post: September 2nd, 2010, 01:41 PM
  2. Security in Server
    By madhu_sushmi in forum Java Servlet
    Replies: 6
    Last Post: May 17th, 2010, 02:07 PM
  3. Jar File Security
    By Symbols in forum Java Theory & Questions
    Replies: 1
    Last Post: February 28th, 2010, 10:48 PM
  4. How do I privately sign my applet?
    By AlphaWhelp in forum Java Theory & Questions
    Replies: 1
    Last Post: December 16th, 2009, 09:42 AM