我正在使用WSSecSignature生成安全标头,这是代码。
public static SOAPMessage signSoapMessage1(SOAPMessage message, PrivateKey signingKey, X509Certificate signingCert, char[] password) throws WSSecurityException {
final String alias = "alias";
WSSConfig config = new WSSConfig();
config.setWsiBSPCompliant(false);
WSSecSignature builder = new WSSecSignature();
builder.setX509Certificate(signingCert);
builder.setUserInfo(alias, new String(password));
builder.setUseSingleCertificate(false);
builder.setKeyIdentifierType(WSConstants.BST);
builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
try {
Document document = toDocument(message);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(document);
List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
WSEncryptionPart bodyPart = new WSEncryptionPart(WSConstants.ELEM_BODY, WSConstants.URI_SOAP11_ENV, "");
parts.add(bodyPart);
builder.setParts(parts);
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
Crypto crypto = CryptoFactory.getInstance(properties);
KeyStore keystore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream("certFile.p12");
InputStream is = fis;
keystore.load(is, password);
((Merlin) crypto).setKeyStore(keystore);
crypto.loadCertificate(new ByteArrayInputStream(signingCert.getEncoded()));
document = builder.build(document, crypto, secHeader);
System.out.println(docToString(document));
return message;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
在此,builder.setUseSingleCertificate(false);尝试提供true和false的重要性是什么,但我找不到任何变化。
如果我的理解是错误的,请原谅我。
答案 0 :(得分:0)
经过漫长的一天研究找到答案。 setUseSingleCertificate将决定二进制安全令牌中的Token types,
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
提供更多信息第3.1节