小贝子编程

如何在 Apache Camel 中实现带有 XML 安全性组件的分离 XML 签名?



H 我对分离 XML 签名的实现有疑问,我主要遵循此处显示的示例。我的疑问与使用架构"test.xsd"完成的验证有关,我没有设法根据我的需要生成它。

我必须对请求的正文、时间戳和二进制安全令牌进行签名,该请求是加密的(对于加密,我使用的是 http://camel.apache.org/xmlsecurity-dataformat.html 中出现的实现(

我的路线骆驼是:

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:camel="http://camel.apache.org/schema/blueprint"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd                            http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<camel:keyStoreParameters id="injks" password="desarrollo" resource="C:/Users/Usuario/Desktop/nuevo/test.jks"/>
<bean class="org.apache.camel.util.jsse.KeyStoreParameters" id="keyStore2">
<property name="resource" value="C:/Users/Usuario/Desktop/nuevo/test.jks"/>
<property name="password" value="development"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.DefaultKeyAccessor" id="keyAccessorOne">
<property name="alias" value="test"/>
<property name="password" value="development"/>
<property name="keyStoreParameters" ref="keyStore2"/>
</bean>
<!-- Parts -->
<bean class="java.util.ArrayList" id="xpathParts">
<argument>
<list>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Body"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Timestamp"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:BinarySecurityToken"/>
</bean>
</list>
</argument>
</bean>
<camelContext id="context-redbanc" xmlns="http://camel.apache.org/schema/blueprint">
<route id="_route1">
<from id="_from1" uri="timer:foo?period=20000"/>
<setBody id="_setBody1">
<simple>resource:classpath:etc/wsdl/schema.xml</simple>
</setBody>
<marshal id="_marshal2">
<jaxb contextPath="cl.coopeuch.integracion.wsredbanc.wsdl.test"/>
</marshal>
<marshal id="_marshal1">
<secureXML id="inEncryption"
keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
keyOrTrustStoreParametersId="injks"
recipientKeyAlias="des-wls02.rbc.cl"
secureTag="//*:Body" secureTagContents="true" xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
</marshal>
<setHeader headerName="CamelXmlSignatureContentReferenceUri" id="_setHeader1">
<constant>#Body</constant>
</setHeader>
<to id="_to2" uri="xmlsecurity:sign://oneSign?keyAccessor=#keyAccessorOne&amp;digestAlgorithm=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1&amp;xpathsToIdAttributes=#xpathParts&amp;schemaResourceUri=etc/wsdl/schema.xsd"/>
<to id="_to3" uri="file://C:/Users/Usuario/Desktop/salida?fileName=outbound_body.xml"/>
<to id="_to4" uri="mock:result"/>
</route>
</camelContext>

要签名的元素是:

<bean class="java.util.ArrayList" id="xpathParts">
<argument>
<list>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Body"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Timestamp"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:BinarySecurityToken"/>
</bean>
</list>
</argument>
</bean>

用于签名的 URI 是:

<to id="_to2" uri="xmlsecurity:sign://oneSign?keyAccessor=#keyAccessorOne&amp;digestAlgorithm=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1&amp;xpathsToIdAttributes=#xpathParts&amp;schemaResourceUri=etc/wsdl/schema.xsd"/>

我的实现中的test.xsd是schema.xsd,它是:(我不知道如何指示其他两方签名(

<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tns="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="xmldsig-core-schema.xsd" />
<element name="Envelope">
<complexType>
<sequence>
<element name="Header"/>
<element name="Body">
<complexType>
<sequence>
<element ref="ds:Signature" minOccurs="0" />
</sequence>
<attribute name="Body" type="ID" use="required" />
<attribute name="stringBody" type="string" />
</complexType>
</element>
</sequence>
</complexType>
</element>

我可以遵循的任何想法或其他示例?

..解决了!ws-policy框架与以下策略一起使用:

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy
wsu:Id="SecureConversation_MutualCertificate10SignEncrypt_IPingService_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp1_2:All xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy">
<sp:AsymmetricBinding xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp1_2:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp1_2:Policy>
<sp:WssX509V3Token10 />
<sp:RequireIssuerSerialReference />
</wsp1_2:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp />
<sp:ProtectTokens />
</wsp1_2:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body />
</sp:EncryptedParts>
</wsp1_2:All>
</wsp:ExactlyOne>
</wsp:Policy>

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium