2

I want to convert a SOAPMessage to a byte Array so i can encrypt it and then decrypt it in a proxy server that will make the Invoke of a Web service on my behalf. The problem is that SOAPMessage does not implement java.io.Serializable and therefore I can't proceed on the encryption of it.

I have used this for serializing

public static byte[] serializeSoapMessage (SOAPMessage sm){
    try {

        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        sm.writeTo(baos);
       byte[] bytes= baos.toByteArray();
       return bytes;
    } catch (SOAPException ex) {
        Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
    } catch (IOException ex) {
        Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
    }
    return null;
}

But deserialization is a problem because ObjectInputStream requires the implementation of java.io.Serializable

Thank you in regards :)

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
stratis bellos
  • 41
  • 1
  • 8
  • I don't really understand your question. But the fact that SOAP was meant to be portable, consists basically of XML, yet you cannot serialize it, says more about what you are trying to do than about serialization in general, and that it might be the wrong way of going about it. Instead perhaps look to encrypt the attributes and values in the SOAP message/body, rather than the entire message. – Andrew Thompson Oct 13 '12 at 02:12
  • The SoapMessage with some other information that are required for the invoke of a webService are a single object that must be serialized in order to be contained inside another SoapMessage.The receiver of the first Invoke will open the Package Decrypt it and then Invoke the wanted Web service.Take the response Encrypt it encapsulate it inside a SoapMessage and send it back to the client. – stratis bellos Oct 13 '12 at 02:24
  • Excuse me for asking , but i find it impossible that the only way to make an object a byteArray is through the implementation of the Serializable.I understand the point that xml was meant to be portable but what happens with all the other objects that does not implement serializable and does not meant to be portable? – stratis bellos Oct 13 '12 at 02:49
  • I never wrote `Serializable` but serializable. The 1st implies the Java based class, the 2nd refers to the general concept. – Andrew Thompson Oct 13 '12 at 02:51

1 Answers1

1

I think you don't quite understand what SOAPMessage.writeTo is doing (or how object streams work). As far as I can tell, writeTo will create the XML for the SOAPMessage and write it as bytes to the stream it's given. To read it, you use a MessageFactory and its createMessage method. The information written to the stream isn't an object (which is what ObjectInputStream expects), it's data.

To do what you want, wrap your ByteArrayOutputStream in a CipherOutputStream (see this question to see how to wrap streams with cipher streams) and call sm.writeTo(cipherOutputStream) instead. This will encrypt the bytes on the stream, and then you can send the bytes to your web service.

Have the web service run the decryption by wrapping the bytes received in a ByteArrayInputStream and then wrapping that in a CipherInputStream. Give the resulting CipherInputStream to the MessageFactory and it will reconstruct the original SOAPMessage.

Admittedly, I'm not an expert in web services, so I can't give you working code for your specific solution, but this approach will definitely give you an encrypted byte[] to send that will contain the encrypted SOAPMessage.

Note that the object streams don't encrypt anything anyway. You may think so because its output is more or less unreadable, but it's by no means encrypted. The only way to get encryption is to use, well, encryption.

Some references for you:

Hope that's enough to get you started.

Community
  • 1
  • 1
Brian
  • 17,079
  • 6
  • 43
  • 66