allora ragazzi ho trovato un metodo che fa al caso mio per firmare un messaggio soap.
Il metodo è il seguente:
[QUOTE]
**
* Sign a soap message.
* We wish to sign both the body and the attachment
* <p/>
*
* @param msg - SOAPMessage object to sign - there is one attachment
present
* @param msgStream - the SOAPMessage represented as an input stream
* @return new Signed SOAPMessage
* @throws Exception
*/
private SOAPMessage signSOAPMessage(SOAPMessage msg, InputStream msgStream) {
Message signedSOAPMsg=null;
Iterator attachmentsIter=null;
FileInputStream attachmentStream = null;
try {
// create an AxisMessage from the SOAPMessage InputStream
// pass false for arg2 as the msgStream contains the ENTIRE message.
Message axisMessage = new Message(msgStream, false,msg.getMimeHeaders());
SOAPEnvelope unsignedEnvelope = axisMessage.getSOAPEnvelope();
Document doc = unsignedEnvelope.getAsDocument();
// WSSignEnvelope signs a SOAP envelope according to the
// WS Specification (X509 profile) and adds the signature data
// to the envelope.
WSSecSignature signer = new WSSecSignature();
String alias = "16c73ab6-b892-458f-abf5-2f875f74882e";
String password = "security";
signer.setUserInfo(alias, password);
// create a vector of WSEncryptPart parts to sign, both the soap body
//and the attachments
SOAPConstants soapConstants =WSSecurityUtil.getSOAPConstants(unsignedEnvelope);
Vector parts = new Vector();
// add the body part
String localPart = soapConstants.getBodyQName().getLocalPart();
String envelopeURI = soapConstants.getEnvelopeURI();
WSEncryptionPart body = new WSEncryptionPart(localPart, envelopeURI,
"Content"
;
parts.add(body);
// how to add the attachment part?????
signer.setParts(parts);
// The "build" method, creates the signed SOAP envelope.
// It takes a SOAP Envelope as a W3C Document and adds
// a WSS Signature header to it. The signed elements
// depend on the signature parts that are specified by
// the WSBaseMessage.setParts(java.util.Vector parts)
// method. By default, SOAP Body is signed.
// The "crypto" parameter is the object that implements
// access to the keystore and handling of certificates.
// A default implementation is included:
// org.apache.ws.security.components.crypto.Merlin
Document signedDoc = signer.build(doc, CryptoFactory.getInstance(),null);
// Convert the signed document into a SOAP message.
signedSOAPMsg = (Message) toSOAPMessage(signedDoc);
} catch (Exception e) {
e.printStackTrace();
}
return signedSOAPMsg;
}
[/QUOTE]
allora io ho costruito la parte rimanente di codice per farlo funzionare, eccola qua:
[QUOTE]
public class sign {
public static void main(String[] args) {
try {
// Crea message factory
MessageFactory messageFactory = MessageFactory.newInstance();
// Creazione di un messaggio
SOAPMessage message = messageFactory.createMessage();
// Creazione attachment part per il certificcato
URL url = new URL("file:
/…;
DataHandler dataHandler = new DataHandler(url);
AttachmentPart attachment = message.createAttachmentPart(dataHandler);
attachment.setContentId("Certificato"
;
message.addAttachmentPart(attachment);
int i=message.countAttachments();
System.out.println("Numero Allegati al messaggio:"+i);
InputStream inStream = new FileInputStream([B]cosa ci metto qui??[/B]);
inStream.close();
[B] questa è la chiamata a metodo
sign mess = null;
mess.signSOAPMessage(message,inStream);
[/B]
} catch (IOException e) {
System.out.println("I/O exception: " + e.toString());
System.exit(1);
} catch (Exception ex) {
ex.printStackTrace();
}
}
[/QUOTE]
ho creato un messaggio soap e aggiunto un allegato
il problema sorge quando nel main vado a richiamare il metodo che come vedo accetta 2 parametri il messaggio soap e fin qui ci siamo e poi accetta sempre il messaggio soap ma stavolta come [B]inputstream[/B] e questo è il mio problema come glielo passo??