小贝子编程

WSS4j-WS客户端侦听器:缺少数字签名



尝试为具有PrivateKey和TrustedCert的密钥库条目的Web服务客户端实现WSS。传出请求的拦截器代码如下所示。

// Outgoing
Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
interceptor.setSecurementActions("Timestamp Signature Encrypt");
//Signature
interceptor.setSecurementSignatureUser("privatekey");
interceptor.setSecurementPassword("XXXXXXXX");
interceptor.setSecurementSignatureCrypto(truststoreCrypto.getObject());
interceptor.setSecurementSignatureParts(
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"
);
interceptor.setSecurementSignatureKeyIdentifier("DirectReference");
//interceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
//interceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
// Encryption
interceptor.setSecurementEncryptionUser("privatekey");
interceptor.setSecurementEncryptionCrypto(keystoreCrypto.getObject());
interceptor.setSecurementEncryptionKeyIdentifier("DirectReference");
interceptor.setSecurementEncryptionSymAlgorithm(
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
interceptor.setSecurementEncryptionKeyTransportAlgorithm(
"http://www.w3.org/2001/04/xmlenc#rsa-1_5");
interceptor.
setSecurementEncryptionParts("{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;" + "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");

创建的最终soap请求没有任何ds:Signature标记。知道为什么吗?期望以下内容-

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-357F972C3B28B16BEC15325300300734">
MIID4TCCAsmgAwIBAgIJAMBo4gYOzDh8MA0GCSqGSIb3DQEBCwUAMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU2NvdHRzZGFsZTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMS0wKwYJKoZIhvcNAQkBFh5hc2hpc2guc2hpbmRlQGVhcmx5d2FybmluZy5jb20wHhcNMTgwNzI0MTkzNTI1WhcNMjgwNzIxMTkzNTI1WjCBhjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNjb3R0c2RhbGUxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEtMCsGCSqGSIb3DQEJARYeYXNoaXNoLnNoaW5kZUBlYXJseXdhcm5pbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpW0XxKAotqJXYO99S1wSuO6UBCrI9o2QovCj8eICzXi0Kd38tDmAorAzHJ5EB3lsi8WWRzlr4Y4QFENcBVvvyELU9BFFr6v6Y70fobGP5BY87UY2K1XIiqpOfefmAtlYdIRYuBAyIUXplzp4g19DGeWxMFe+EnJ2prI0huFv29qIRjcwg0YUsMgxAq9P6X7CFxjGXdfSAmCE3LEaXyXtVP7a58SPjqfIKn/Ell47DgY9OX+2/fe5RDaZzRH/tufrHPMK/OJiD7hDQ0M5Ye7mg+2TwzIW7Yp5qZzVNHgcnZBFIXkTjjLpjKAyZqUlyc8rREMAxDiQV2x0sjnbu1VTwIDAQABo1AwTjAdBgNVHQ4EFgQUYWIkciQ/Wb28rks0wuVsjbUsxHcwHwYDVR0jBBgwFoAUYWIkciQ/Wb28rks0wuVsjbUsxHcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFd+PPS6NbfFh9SubF4bhnpStOQDl5ZflURlBrYGH6ODRMwcQLNC9R2BcP+iXxPynmSZTDxsscasGS7oZFj76ApoebcApeYIrItW50LmAlzDtuYOMAVaVqzpNKTm/2ZCegmq8okLxHIbvpPrthtLZvKnWBRYAOiVxJ2zvxc1mANQsHEqoHn8Y66GubR/a1BdwrPXidqAHqGZ54PI3l1fIHrDVIYiHCMoBR8bE+zlDiAcvR1IjfdVK9XOUQGe6GXp5VdPaDk0usDOLjpCQ7BOotZrAu7/xREj7y3zcFiqCBFTCPwEd6/XNdbkH+gMJFaN9nAsTphKumiFdo2p6Avb+8w==
</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-357F972C3B28B16BEC15325300300838" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="root soapenv"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-357F972C3B28B16BEC15325300300787">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="root"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>THnDnGbR93ALSgnd9QVpHbpqffo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DLWONZZiqWwgmPte9UKWesqKNdmxClIY+lQcxnaNo0RaxOb6DzhGZM5dY4rmLFm6ohQ4O1R/j/3431ZUKFAPLTdTil74BX3LXREB5drtz+ki9v0v3GOszBNjEWG3pUAw0J3R5vajZs69sq8mtmDH1t1JQMjiVdiJXh2TlGA0QxGWO3EWadC3gkAfcT71LDeNopVvkiqtEehWRSbx29fmbyyukyMsiIjeGJn/a6aFTLmo2UnxZ8u28KfytCeGYMeT+ntJRTxDL6TuhCLvnAUZCcv+3GNaDSywLQjrwJHV/0jrJCgeeHAiq+zRvjPjlQE9IDdJbsVNsbMwXon8Iit/Sw==
</ds:SignatureValue>
<ds:KeyInfo Id="KI-357F972C3B28B16BEC15325300300765">
<wsse:SecurityTokenReference wsu:Id="STR-357F972C3B28B16BEC15325300300766">
<wsse:Reference URI="#X509-357F972C3B28B16BEC15325300300734"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="357F972C3B28B16BEC15325300300402">
MIID4TCCAsmgAwIBAgIJAMBo4gYOzDh8MA0GCSqGSIb3DQEBCwUAMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU2NvdHRzZGFsZTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMS0wKwYJKoZIhvcNAQkBFh5hc2hpc2guc2hpbmRlQGVhcmx5d2FybmluZy5jb20wHhcNMTgwNzI0MTkzNTI1WhcNMjgwNzIxMTkzNTI1WjCBhjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNjb3R0c2RhbGUxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEtMCsGCSqGSIb3DQEJARYeYXNoaXNoLnNoaW5kZUBlYXJseXdhcm5pbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpW0XxKAotqJXYO99S1wSuO6UBCrI9o2QovCj8eICzXi0Kd38tDmAorAzHJ5EB3lsi8WWRzlr4Y4QFENcBVvvyELU9BFFr6v6Y70fobGP5BY87UY2K1XIiqpOfefmAtlYdIRYuBAyIUXplzp4g19DGeWxMFe+EnJ2prI0huFv29qIRjcwg0YUsMgxAq9P6X7CFxjGXdfSAmCE3LEaXyXtVP7a58SPjqfIKn/Ell47DgY9OX+2/fe5RDaZzRH/tufrHPMK/OJiD7hDQ0M5Ye7mg+2TwzIW7Yp5qZzVNHgcnZBFIXkTjjLpjKAyZqUlyc8rREMAxDiQV2x0sjnbu1VTwIDAQABo1AwTjAdBgNVHQ4EFgQUYWIkciQ/Wb28rks0wuVsjbUsxHcwHwYDVR0jBBgwFoAUYWIkciQ/Wb28rks0wuVsjbUsxHcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFd+PPS6NbfFh9SubF4bhnpStOQDl5ZflURlBrYGH6ODRMwcQLNC9R2BcP+iXxPynmSZTDxsscasGS7oZFj76ApoebcApeYIrItW50LmAlzDtuYOMAVaVqzpNKTm/2ZCegmq8okLxHIbvpPrthtLZvKnWBRYAOiVxJ2zvxc1mANQsHEqoHn8Y66GubR/a1BdwrPXidqAHqGZ54PI3l1fIHrDVIYiHCMoBR8bE+zlDiAcvR1IjfdVK9XOUQGe6GXp5VdPaDk0usDOLjpCQ7BOotZrAu7/xREj7y3zcFiqCBFTCPwEd6/XNdbkH+gMJFaN9nAsTphKumiFdo2p6Avb+8w==
</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="EK-357F972C3B28B16BEC15325300300381" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#357F972C3B28B16BEC15325300300402"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
HTeWqiTy9Iu19kHBCqjNip9ZIXZe5SxOHHlcRgLaafVY1EpgiVjz1va4LrGEywo+Kz7xb68dMKz6tp+uW2shCtD4IJeivq5LgpujrdTzl77Ih/LPV1HbQs43VfR0jINXGuFZ9XU5gxIJVWSR5s6KEjtasqZyvUu1lSJzkysMoPpD8f+eJcJeDfveZrwCev8OmG4IFSnwy+n1zPtCgwJSECMFLYGX6LnAAw5knYvs9wseOmrTxh5G/KDbxGy+TUGcQD89MBR0RkzGG47xZ2+0gKQxRVnwqbzScV1pMFKS+yg8YPMFJJJkCcwO+L5YDOjWEYOKpECBNrgP6eEY2eTdvw==
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-357F972C3B28B16BEC15325300300543"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>

然而,它完全缺少ds:Signature标记。

将基础从Spring拦截器移动到Apache CXF+WSS4j。我能够添加Spring类不支持的属性。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium