我正在尝试对SOAP消息进行签名和加密,但我收到了这个错误-
签名或解密无效;嵌套异常为:javax.crypto.BadPaddingException:未知块类型
由于签名方法中没有明确提到填充,我认为这是加密方法中的一个错误。
这是我的密钥加密方法:
private String encryptKey(PublicKey pubKey, SecretKey symKey) {
try {
final Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
final byte[] encryptedKey = cipher.doFinal(symKey.getEncoded());
BASE64Encoder b64 = new BASE64Encoder();
return b64.encode(encryptedKey);
} ...
主体的加密工作原理类似(字符串s是soap主体转换为字符串(
private String createEncryptedData(Key key, String s) {
try {
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
final byte[] encryptedData = cipher.doFinal(s.getBytes(StandardCharsets.UTF_8));
BASE64Encoder b64 = new BASE64Encoder();
return b64.encode(encryptedData);
}
catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) {
e.printStackTrace();
throw new IllegalStateException(
"Java runtime does not support AES/CBC/PKCS5Padding (128)", e);
}
}
我发现了这个帖子-javax.crypto.BadPaddingException:未知的块类型,其中提到转换为字符串是一个问题,但我不知道如何在消息中发送byte[]。。。我试过
byte[] encodedData = Base64.getEncoder().encode(encryptedData);
然后我在soap消息中传递了字节[](看起来像[B@6bf256fa(,它给了我另一个错误解码。可分割。四。所以我想这不是合适的方法。
PFB我的完整请求
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cdb="http://cdb.services.np.aek.seavus.com/"
xmlns:sch="http://www.devoteam.com/a1/mk/np/schema">
<soapenv:Header xmlns="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509Token">MIIBwDCCASmgAwIBAgIENDDwzTANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDDAh2aXBfdGVzdDAeFw0yMDA0MjEwODU1NTZaFw0zMDA0MTkwODU1NTZaMBMxETAPBgNVBAMMCHZpcF90ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCe4AdGqUfUtsWfuwedrV8e0+rMC+nPM/kfeDcdvqXYEijIf5+BEKL/MU/WEq5LhQKPrOk1LIJPCwTT1lUwmBLQ9Q1aOd1ZrFVDTkk+RbUmeu6lst+FskJZm8G6rqAvERQEDR2TUCmNpeCHQ8nX80/ZpnUKAtIafSlw2BDoszrS4wIDAQABoyEwHzAdBgNVHQ4EFgQUrSuQYeUEdhMQrdbLHAfb/uBwhxMwDQYJKoZIhvcNAQEFBQADgYEANWPBnmmfbVgYlKr5TS53NT4CJZjry9bVivEcBCkopYdDZo2vg9N/HgSGPULGRYgcQM61+3l2cv1s+5XyNpceXaDHBcT7CQQa8kOR5WSd3vybQybgECwm1MWQZBxZqzD/piI1wDdbn1oUNlCL4bK61vjcoxah5VhRZwvsAum5jBQ=</wsse:BinarySecurityToken>
<wsu:Timestamp wsu:Id="TS-1beccd19-ec76-4011-b72c-4c204c6439b5">
<wsu:Created>2021-05-05T15:08:37</wsu:Created>
<wsu:Expires>2021-05-05T15:09:07</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EK-1beccd19-ec76-4011-b72c-4c204c6439b5">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=CDB</ds:X509IssuerName>
<ds:X509SerialNumber>1376307457</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>FaGhWE+rwBMqUnpMe5qh2n9X3bQYy8CDYCWjRFbfFsYBHso5jYSmwlX/Se4q3nFGABxkKcQlVY1ziiqxDoW2igw5W3M4mu2mk/togAPblhj+ZiAOXVBBYCc+HIbcWdipi96tSRCR0qLSd81obNA39hm6dZ4dvFOeBFzEjWFC9r8=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-1beccd19-ec76-4011-b72c-4c204c6439b5"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#TS-1beccd19-ec76-4011-b72c-4c204c6439b5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>dLT1OJDkyihjpBWglsiV3ScW/l0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Body-1beccd19-ec76-4011-b72c-4c204c6439b5">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>736yosC1DeVBYsHfDiiSlfQOBGg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>kiPjx+N9WUJgXWtxPeFFM0GsK8AaQttpxC0hrZPFjGUYLj8S5fM0Eqp5DZPbRigRgbBw5GOmvZkV5wnrdu1IicRajxSYFbo3QVk8A/p5gb6u8E8F/igE0Vrsmg+krdHISWwplmSBzC2yFawh8A4YdLV2g0Ig3z0E7RBHjl2nay0=</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#X509Token"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsa:Action xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing" soap:mustUnderstand="1">http://cdb.services.np.aek.seavus.com/AssignedSubscriberNumber_WS/GetAllAssignedSeries</wsa:Action>
<wsa:MessageID xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing" soap:mustUnderstand="1">uuid:048add69-81ff-4112-9798-7dbca65b39bb</wsa:MessageID>
<wsa:To xmlns:soap="http://www.w3.org/2003/05/soap-envelope"
xmlns:wsa="http://www.w3.org/2005/08/addressing" soap:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Body-1beccd19-ec76-4011-b72c-4c204c6439b5">
<xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-1beccd19-ec76-4011-b72c-4c204c6439b5" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey">
<wsse:Reference URI="#EK-1beccd19-ec76-4011-b72c-4c204c6439b5"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Vk8ZqEmybLVqf4nd/gbw0KKss60BgbgNZHCg8/NSijU=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
提前谢谢!
所以,对于所有有同样问题的人来说,这是我问题的根本原因——操作顺序!
我确信,首先,我们需要对整个消息进行加密,然后进行"加密";最后的触摸";此外,我的一位资深同事证实,必须这样做。老实说,我在任何地方都没有找到这些信息!人们要么签署消息,要么加密消息,没有人同时做这两件事(我搜索了一个looooot!(
订单应为:
- 签名
- 加密