How to encrypt SOAP messages manually?

Question

I use JBoss 4.2.3.GA. In previous task I\'ve used base encryption mechanism which JBoss supports (WS-Security). I.e. I used keystore, truststore files for encryption and sig

Answer 1

1&2: Defining keystore for jboss:

<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config 
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  <key-store-file>WEB-INF/wsse.keystore</key-store-file>
  <key-store-password>jbossws</key-store-password>
  <trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
 <trust-store-password>jbossws</trust-store-password>
  <config>
     <sign type="x509v3" alias="wsse"/>
     <requires>
        <signature/>
        </requires>
     </config>
</jboss-ws-security>

3: Encryption replacement (and manual too) example described here for axis2: http://www.javaranch.com/journal/2008/10/web-service-security-encryption-axis2.html

Answer 2

If possible you can use Axis2 and Rampart. I've successfully used them both in a similar situation.

Rampart is an axis2 module for handling security and it exposes an API that allows you to define the key store location and aliases that you want to use, thus allowing you to define it dynamically.

Axis2

Rampart

Sample code:

private static final String CONFIGURATION_CTX = "src/ctx";  
private static final String KEYSTORE_TYPE = "org.apache.ws.security.crypto.merlin.keystore.type";
private static final String KEYSTORE_FILE = "org.apache.ws.security.crypto.merlin.file";
private static final String KEYSTORE_PWD = "org.apache.ws.security.crypto.merlin.keystore.password";
private static final String PROVIDER = "org.apache.ws.security.components.crypto.Merlin";

private static void engageRampartModules(Stub stub)
throws AxisFault, FileNotFoundException, XMLStreamException {
    ServiceClient serviceClient = stub._getServiceClient();

    engageAddressingModule(stub);   
    serviceClient.engageModule("rampart");
    serviceClient.engageModule("rahas");

    RampartConfig rampartConfig = prepareRampartConfig();  

    attachPolicy(stub,rampartConfig);
}

/**
 * Sets all the required security properties.
 * @return rampartConfig - an object containing rampart configurations
 */
private static RampartConfig prepareRampartConfig() {
    String certAlias = "alias";             //The alias of the public key in the jks file
    String keyStoreFile = "ctx/client.ks";
    String keystorePassword = "pwd";
    String userName = "youusename";


    RampartConfig rampartConfig = new RampartConfig();
    //Define properties for signing and encription
    Properties merlinProp = new Properties();  
    merlinProp.put(KEYSTORE_TYPE, "JKS");  
    merlinProp.put(KEYSTORE_FILE,keyStoreFile);  
    merlinProp.put(KEYSTORE_PWD, keystorePassword); 

    CryptoConfig cryptoConfig = new CryptoConfig();  
    cryptoConfig.setProvider(PROVIDER);  
    cryptoConfig.setProp(merlinProp);  

    //Rampart configurations
    rampartConfig.setUser(userName);
    rampartConfig.setUserCertAlias(certAlias);  
    rampartConfig.setEncryptionUser(certAlias);  
    rampartConfig.setPwCbClass("com.callback.tests.PasswordCallbackHandler"); //Password Callbak class

    rampartConfig.setSigCryptoConfig(cryptoConfig);  
    rampartConfig.setEncrCryptoConfig(cryptoConfig);
    return rampartConfig;
}

/**
 * attach the security policy to the stub.
 * @param stub
 * @param rampartConfig
 * @throws XMLStreamException
 * @throws FileNotFoundException
 */
private static void attachPolicy(Stub stub, RampartConfig rampartConfig) throws XMLStreamException, FileNotFoundException {
    Policy policy = new Policy();
    policy.addAssertion(rampartConfig);
    stub._getServiceClient().getAxisService().getPolicySubject().attachPolicy(policy);
}

PasswordCallbackHandler:

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

import org.apache.ws.security.WSPasswordCallback;

public class PasswordCallbackHandler implements CallbackHandler {

// @Override
public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
        String id = pwcb.getIdentifer();
        switch (pwcb.getUsage()) {
            case WSPasswordCallback.USERNAME_TOKEN: {
                if (id.equals("pwd")) {
                    pwcb.setPassword("pwd");
                }
            }
        }
    }
}

}