我需要帮助理解为什么在使用IBM JDK 7与Oracle JDK 7以及WSS4J库时获取不同的SHA1摘要值。
我现在要做的是强制使用Sun JCE,将Sun JAR移动到我的IBM JDK。原因是我的摘要值使用Oracle JDK 7正确显示,摘要值与IRS的Web服务计算结果相符。
我在我的代码中使用规范化(C14N_EXCL_WITH_COMMENTS)。但是当使用IBM JDK 7和Oracle JDK 7时,我得到一个XML元素的不同SHA1哈希。我计算哈希值的XML只有常量。下面的XML没有任何变化,但我得到了不同的哈希值:
<urn:ACATransmitterManifestReqDtl
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="aCATransmitterManifestReqDtl">
<urn:PaymentYr>2015</urn:PaymentYr>
<urn:PriorYearDataInd>0</urn:PriorYearDataInd>
<urn:TransmissionTypeCd>O</urn:TransmissionTypeCd>
<urn:TestFileCd>T</urn:TestFileCd>
</urn:ACATransmitterManifestReqDtl>
我使用以下代码获得不同的SHA1值:
WSSecSignature wsSecSignature = new WSSecSignature(config);
wsSecSignature.setX509Certificate(signingCert);
wsSecSignature.setUserInfo(alias, new String(keystorePassword.toCharArray()));
wsSecSignature.setUseSingleCertificate(true);
wsSecSignature.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
wsSecSignature.setDigestAlgo(WSConstants.SHA1);
wsSecSignature.setSignatureAlgorithm(WSConstants.RSA_SHA1);
wsSecSignature.setSigCanonicalization(WSConstants.C14N_EXCL_WITH_COMMENTS);
try {
Document document = toDocument(message);
WSSecHeader secHeader = new WSSecHeader();
//secHeader.setMustUnderstand(true);
secHeader.insertSecurityHeader(document);
WSSecTimestamp timestamp = new WSSecTimestamp();
timestamp.setTimeToLive(signatureValidityTime);
document = timestamp.build(document, secHeader);
List<WSEncryptionPart> wsEncryptionParts = new ArrayList<WSEncryptionPart>();
WSEncryptionPart timestampPart = new WSEncryptionPart("Timestamp",
WSConstants.WSU_NS, "");
WSEncryptionPart aCATransmitterManifestReqDtlPart = new WSEncryptionPart(
"ACATransmitterManifestReqDtl",
"urn:us:gov:treasury:irs:ext:aca:air:7.0", "");
WSEncryptionPart aCABusinessHeaderPart = new WSEncryptionPart(
"ACABusinessHeader",
"urn:us:gov:treasury:irs:msg:acabusinessheader", "");
wsEncryptionParts.add(timestampPart);
wsEncryptionParts.add(aCATransmitterManifestReqDtlPart);
wsEncryptionParts.add(aCABusinessHeaderPart);
wsSecSignature.setParts(wsEncryptionParts);
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
Crypto crypto = CryptoFactory.getInstance(properties);
KeyStore keystore = KeyStore.getInstance("JKS");
编辑我所做过的事情,寻求帮助强行提供者为SUN JCE
我希望输入以下代码提供程序sunJCE = Security.getProvider(“SunJCE”) 但它返回null
我编辑我的java.security文件以包含sun.security.provider.SunJCE:
security.provider.1=com.ibm.jsse2.IBMJSSEProvider2
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath
security.provider.5=com.ibm.security.sasl.IBMSASL
security.provider.6=com.ibm.xml.crypto.IBMXMLCryptoProvider
security.provider.7=com.ibm.xml.enc.IBMXMLEncProvider
security.provider.8=com.ibm.security.jgss.mech.spnego.IBMSPNEGO
security.provider.9=sun.security.provider.Sun
security.provider.10=com.sun.crypto.provider.SunJCE
security.provider.11=sun.security.provider.Sun
security.provider.12=sun.security.rsa.SunRsaSign
security.provider.13=sun.security.jgss.SunProvider
我正在以编程方式尝试使用SunJCE,如下所示:
Provider sunJCE = Security.getProvider("SunJCE");
if (sunJCE != null) {
logger.info("SunJCE Java Cryptography Extension (JCE) to provide cryptographic, key and hash algorithms : IBMJCE will be removed");
try {
Security.removeProvider("IBMJCE");
Security.insertProviderAt(sunJCE, 1);
} catch (SecurityException se) {
logger.info("Cannot move SunJCE to top priority", se);
}
}
我还将这些JAR从Oracle JDK 7移到IBM JDK 7:(1)将sunjce_provider.jar jar文件复制到WAS_HOME / java / jre / lib / ext 文件夹和(2)将jce.jar文件复制到was_home / java / jre / lib