Hi,
In following code , I am getting below error getCrypto(). I am using wss4j1.5.2.jar , axis1.4.jar, xmlsec-1.3.0.jar,commons-logging-1.1.1.jar,log4j.jar
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:211)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:113)
at com.paychex.ws.ana.handler.client.WSSecuritySample.getCrypto(WSSecuritySample.java:324)
at com.paychex.ws.ana.handler.client.WSSecuritySample.<clinit>(WSSecuritySample.java:86)
Caused by: java.lang.NullPointerException
at sun.misc.MetaIndex.mayContain(MetaIndex.java:225)
at sun.misc.URLClassPath$JarLoader.getResource(URLClassPath.java:747)
at sun.misc.URLClassPath.getResource(URLClassPath.java:169)
at sun.misc.URLClassPath.getResource(URLClassPath.java:221)
at java.lang.ClassLoader.getBootstrapResource(ClassLoader.java:1151)
at java.lang.ClassLoader.getResource(ClassLoader.java:1000)
at java.lang.ClassLoader.getResource(ClassLoader.java:998)
at java.lang.ClassLoader.getSystemResource(ClassLoader.java:1101)
at org.apache.ws.security.util.Loader.getResource(Loader.java:76)
at org.apache.ws.security.util.Loader.getResource(Loader.java:102)
at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(AbstractCrypto.java:66)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:65)
... 9 more
java.lang.InstantiationException: org.apache.ws.security.components.crypto.Merlin
at java.lang.Class.newInstance0(Class.java:340)
at java.lang.Class.newInstance(Class.java:308)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:219)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:113)
at com.paychex.ws.ana.handler.client.WSSecuritySample.getCrypto(WSSecuritySample.java:324)
at com.paychex.ws.ana.handler.client.WSSecuritySample.<clinit>(WSSecuritySample.java:86)
java.lang.ExceptionInInitializerError
Caused by: java.lang.RuntimeException: org.apache.ws.security.components.crypto.Merlin cannot create instance
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:224)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:180)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:113)
at com.paychex.ws.ana.handler.client.WSSecuritySample.getCrypto(WSSecuritySample.java:324)
at com.paychex.ws.ana.handler.client.WSSecuritySample.<clinit>(WSSecuritySample.java:86)
Exception in
thread "main"
-------------------------------------------
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.SOAPPart;
import org.apache.axis.client.AxisClient;
import org.apache.axis.configuration.NullProvider;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.utils.XMLUtils;
//import org.apache.ws.axis.security.util.AxisUtil;
//import org.apache.ws.axis.security.util.Canonicalizer;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
//import org.apache.ws.security.components.crypto.Merlin;
import org.apache.ws.security.message.WSSignEnvelope;
import org.apache.ws.security.message.WSEncryptBody;
import org.apache.ws.security.message.WSSAddUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSConstants;
//import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.Properties;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPMessage;
/**
* Enter description here.
*
* @author <a href="mailto:jeff@jeffhanson.com">Jeff Hanson</a>
* @version $Revision: 1.1 $
* <p/>
* <p><b>Revisions:</b>
* <p/>
* <p><b>Jul 26, 2005 jhanson:</b>
* <ul>
* <li> Created file.
* </ul>
*/
public class WSSecuritySample
{
private static final
String soapMsg =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
"<SOAP-ENV:Envelope" +
" xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\"\n" +
" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"\n" +
" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" +
" <SOAP-ENV:Body>" +
" <sayHello xmlns=\"http://jeffhanson.com/services/helloworld\">" +
" <value xmlns=\"\">Hello world!</value>" +
" </sayHello>" +
" </SOAP-ENV:Body>" +
"</SOAP-ENV:Envelope>";
// The following initializes the security engine to the
// default WS-Security settings
//private static final WSSecurityEngine secEngine = new WSSecurityEngine();
// The following creates a crypto provider according to the
// class name specified by the system property:
// org.apache.ws.security.crypto.provider
//
// If the provider property is not set, the default class,
// org.apache.ws.security.components.crypto.BouncyCastle, is
// used.
//
// The provider is initialized to the values specified in
// the crypto.properties file. The crypto.properties file
// found in the wss4j jar file specifies
// org.apache.ws.security.components.crypto.Merlin
// as the provider class.
//private static final Crypto crypto = CryptoFactory.getInstance();
private static final Crypto crypto = getCrypto();
private AxisClient engine = null;
private MessageContext msgContext = null;
/**
* Main method
*/
public static void main(String[] args)
{
try
{
WSSecuritySample app = new WSSecuritySample();
Message axisMessage = app.getAxisMessage(soapMsg);
SOAPEnvelope unsignedEnvelope = axisMessage.getSOAPEnvelope();
System.out.println("<<<<<< Unsigned and Unencrypted >>>>>>");
XMLUtils.PrettyElementToWriter(unsignedEnvelope.getAsDOM(),
new PrintWriter(System.out));
Message samlMsg = app.addUserTokens(unsignedEnvelope);
System.out.println("\n<<<<<< User Tokens >>>>>>");
XMLUtils.PrettyElementToWriter(samlMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
Message encryptedMsg = app.encryptSOAPEnvelope(unsignedEnvelope,
axisMessage);
System.out.println("\n<<<<<< Encrypted >>>>>>");
XMLUtils.PrettyElementToWriter(encryptedMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
Message signedMsg = app.signSOAPEnvelope(unsignedEnvelope);
System.out.println("\n<<<<<< Signed >>>>>>");
XMLUtils.PrettyElementToWriter(signedMsg.getSOAPEnvelope().getAsDOM(),
new PrintWriter(System.out));
}
catch (Exception e)
{
e.printStackTrace();
}
}
/**
* WSSecuritySample constructor
*/
public WSSecuritySample()
{
engine = new AxisClient(new NullProvider());
msgContext = new MessageContext(engine);
}
/**
* Creates and returns an Axis message from a
*
SOAP envelope string.
*
* @param unsignedEnvelope a string containing a SOAP
* envelope
* @return <code>Message</code> the Axis message
*/
private Message getAxisMessage(String unsignedEnvelope)
{
InputStream inStream =
new ByteArrayInputStream(unsignedEnvelope.getBytes());
Message axisMessage = new Message(inStream);
axisMessage.setMessageContext(msgContext);
return axisMessage;
}
/**
* Creates a signed SOAP message in compliance with WS-Security.
*
* @return <code>Message</code> the signed SOAP envelope
* as an Axis message
* @throws Exception on error
*/
public Message signSOAPEnvelope(SOAPEnvelope unsignedEnvelope)
throws Exception
{
// WSSignEnvelope signs a SOAP envelope according to the
// WS Specification (X509 profile) and adds the signature data
// to the envelope.
WSSignEnvelope signer = new WSSignEnvelope();
// String alias = "16c73ab6-b892-458f-abf5-2f875f74882e";
String alias = "anita_gupta";
// String password = "security";
String password = "changeit";
signer.setUserInfo(alias, password);
Document
doc = unsignedEnvelope.getAsDocument();
// The "build" method, creates the signed SOAP envelope.
// It takes a SOAP Envelope as a W3C Document and adds
// a WSS Signature header to it. The signed elements
// depend on the signature parts that are specified by
// the WSBaseMessage.setParts(java.util.Vector parts)
// method. By default, SOAP Body is signed.
// The "crypto" parameter is the object that implements
// access to the keystore and handling of certificates.
// A default implementation is included:
// org.apache.ws.security.components.crypto.Merlin
Document signedDoc = signer.build(doc, crypto);
// Convert the signed document into a SOAP message.
Message signedSOAPMsg =(org.apache.axis.Message)toSOAPMessage(signedDoc);
//(org.apache.axis.Message)AxisUtil.toSOAPMessage(signedDoc);
return signedSOAPMsg;
}
/**
* Adds user tokens to a SOAP envelope in compliance with WS-Security.
*
* @return <code>Message</code> the signed SOAP envelope
* as an Axis message
* @throws Exception on error
*/
public Message addUserTokens(SOAPEnvelope unsignedEnvelope)
throws Exception
{
WSEncryptBody wsEncrypt = new WSEncryptBody();
// Get the message as document
Document doc = unsignedEnvelope.getAsDocument();
//String username = "joedoe";
String username = "mbrown";
//String password = "this is a lot of foobar ";
String password = "cangetin";
byte[] key = password.getBytes();
// Add the UserNameToken.
WSSAddUsernameToken builder =
new WSSAddUsernameToken("", false);
builder.setPasswordType(WSConstants.PASSWORD_TEXT);
builder.build(doc, username, password);
// Add an Id to it.
Element usrEle =
(Element)(doc.getElementsByTagNameNS(WSConstants.WSSE_NS,
"UsernameToken").item(0));
String idValue = "7654";
usrEle.setAttribute("Id", idValue);
// Create a Reference to the UserNameToken.
//Reference ref = new Reference(WSSConfig.getDefaultWSConfig(),doc);
Reference ref = new Reference(doc);
ref.setURI("#" + idValue);
ref.setValueType("UsernameToken");
//SecurityTokenReference secRef = new SecurityTokenReference(WSSConfig.getDefaultWSConfig(),doc);
SecurityTokenReference secRef = new SecurityTokenReference(doc);
secRef.setReference(ref);
// adding the namespace
WSSecurityUtil.setNamespace(secRef.getElement(),
WSConstants.WSSE_NS,
WSConstants.WSSE_PREFIX);
// Setting necessary parameters in WSEncryptBody.
wsEncrypt.setKeyIdentifierType(WSConstants.EMBED_SECURITY_TOKEN_REF);
wsEncrypt.setSecurityTokenReference(secRef);
wsEncrypt.setKey(key);
// Encrypt using the using the key
Document encDoc = wsEncrypt.build(doc, crypto);
// Convert the document into a SOAP message.
//Message signedMsg = (Message)AxisUtil.toSOAPMessage(encDoc);
Message signedMsg = (Message) toSOAPMessage(encDoc);
return signedMsg;
}
/**
* Encrypts a SOAP envelope in compliance with WS-Security.
*
* @return <code>Message</code> the signed SOAP envelope
* as an Axis message
* @throws Exception on error
*/
public Message encryptSOAPEnvelope(SOAPEnvelope unsignedEnvelope,
Message axisMessage)
throws Exception
{
WSEncryptBody encrypt = new WSEncryptBody();
encrypt.setUserInfo("16c73ab6-b892-458f-abf5-2f875f74882e");
// Before Encryption
Document doc = unsignedEnvelope.getAsDocument();
Document encryptedDoc = encrypt.build(doc, crypto);
// Convert the document into a SOAP message.
//Message encryptedMsg = (Message) AxisUtil.toSOAPMessage(encryptedDoc);
Message encryptedMsg = (Message) toSOAPMessage(encryptedDoc);
String soapPart = encryptedMsg.getSOAPPartAsString();
((SOAPPart)axisMessage.getSOAPPart()).setCurrentMessage(soapPart,
SOAPPart.FORM_STRING);
encryptedDoc = axisMessage.getSOAPEnvelope().getAsDocument();
// Convert the document into a SOAP message.
//Message encryptedSOAPMsg = (Message)AxisUtil.toSOAPMessage(encryptedDoc);
Message encryptedSOAPMsg = (Message)toSOAPMessage(encryptedDoc);
return encryptedSOAPMsg;
}
public static SOAPMessage toSOAPMessage(Document doc) throws Exception {
Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
ByteArrayInputStream in = new ByteArrayInputStream(canonicalMessage);
MessageFactory factory = MessageFactory.newInstance();
return factory.createMessage(null, in);
}
@SuppressWarnings("deprecation")
private static Crypto getCrypto(){
// String cryptoClassName = "org.apache.ws.security.components.crypto.BouncyCastle";
String cryptoClassName = "org.apache.ws.security.components.crypto.Merlin";
//
Properties properties = new Properties();
properties.put("org.apache.ws.security.crypto.provider", cryptoClassName);
properties.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "changeit");
properties.put("org.apache.ws.security.crypto.merlin.keystore.alias", "anita_gupta");
properties.put("org.apache.ws.security.crypto.merlin.alias.password","");
properties.put("org.apache.ws.security.crypto.merlin.file ","c://anita.jks");
Crypto crypto = CryptoFactory.getInstance(cryptoClassName, properties);
return crypto;
}
}