我们在调用时给出了以下配置细节;我们使用了 cxf 3.1.1 和 JDK 1.7.0_79。
ctx.put(SecurityConstants.CALLBACK_HANDLER,new KeystorePasswordCallback());
ctx.put(SecurityConstants.SIGNATURE_PROPERTIES, Thread.currentThread().
getContextClassLoader().getResource("META-INF/zeph.properties"));
ctx.put(SecurityConstants.ENCRYPT_PROPERTIES, Thread.currentThread().
getContextClassLoader().getResource("META-INF/zeph.properties"));
ctx.put(SecurityConstants.SIGNATURE_USERNAME, "abc");
ctx.put(SecurityConstants.ENCRYPT_USERNAME, "abc");
我们已经使用 keytool 将.cer(X509 证书数据)创建到 .jks 中
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=Abc123
org.apache.ws.security.crypto.merlin.keystore.alias=abc
org.apache.ws.security.crypto.merlin.keystore.file=META-INF/abckeystore.jks
收到以下异常,请建议我们。
org.apache.cxf.binding.soap.SoapFault: The signature or decryption was invalid
at org.apache.cxf.ws.security.wss4j.WSS4JUtils.createSoapFault(WSS4JUtils.java:213)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:329)
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:184)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: The signature or decryption was invalid
at org.apache.wss4j.dom.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
at org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(SignatureProcessor.java:225)
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The signature or decryption was invalid
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:161)
at com.sun.proxy.$Proxy42.calculateRatingReplicatorINPD(Unknown Source)
at TestWsCxf.main(TestWsCxf.java:110)
Caused by: org.apache.wss4j.common.ext.WSSecurityException: The signature or decryption was invalid
at org.apache.wss4j.dom.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:450)
at org.apache.wss4j.dom.processor.SignatureProcessor.handleToken(SignatureProcessor.java:225)
您必须启用调试日志记录才能查看错误所在。为什么使用相同的密钥进行加密和签名...?