我正在尝试测试使用ws-security进行身份验证和邮件加密的SOAP Web服务。
现在SoapUI似乎确实在这方面提供了功能,但我很难通过经过身份验证的加密来执行简单的用户名令牌身份验证。
到目前为止,我可以通过在传出WS-Security配置中添加Encryption WSS条目来生成Usertoken。
我还能够使用额外的Mon Aug 08 17:00:36 CEST 2016:ERROR:org.apache.ws.security.WSSecurityException: Signature creation failed
org.apache.ws.security.WSSecurityException: Signature creation failed
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:561)
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:481)
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:386)
at com.eviware.soapui.impl.wsdl.support.wss.entries.SignatureEntry.process(SignatureEntry.java:238)
at com.eviware.soapui.impl.wsdl.support.wss.OutgoingWss.processOutgoing(OutgoingWss.java:175)
at com.eviware.soapui.impl.wsdl.actions.request.ApplyOutgoingWSSToRequestAction.actionPerformed(ApplyOutgoingWSSToRequestAction.java:55)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.AbstractButton.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI.doClick(Unknown Source)
at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at javax.swing.JComponent.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
at java.awt.EventQueue.access$200(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.awt.EventQueue$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.awt.EventQueue$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: javax.xml.crypto.dsig.XMLSignatureException: java.security.InvalidKeyException: key must be SecretKey
at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source)
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:556)
... 43 more
Caused by: java.security.InvalidKeyException: key must be SecretKey
at org.jcp.xml.dsig.internal.dom.DOMHMACSignatureMethod.sign(Unknown Source)
... 45 more
WSS条目对身体进行加密。
但UsernameToken仍为明文(需要加密)。
应使用带有用于加密的对称密钥的hmac完成签名生成,但是虽然可以选择算法,但创建失败并带有以下堆栈跟踪:
<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="UT_policy">
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false">
<wsp:Policy>
<wsam:AnonymousResponses/>
</wsp:Policy>
</wsam:Addressing>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:SignedEncryptedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedEncryptedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
我的WS-Security政策:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<xenc:EncryptedKey Id="EK-9AA143BE89F4DC04011470669480690103" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=Docker Test Root</ds:X509IssuerName>
<ds:X509SerialNumber>5</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>PBgpK0et06jC3MnZAM+GPqQfBRUCVN0khR3uvyCou7thbmMl9xEPT/hhMttuyn80srkHKVAHRxPtsi7qJnLjKIHCmeCr5bWZJy7jUj8OfdoCPhgfDU8M0T7F0z8DQYgIsSweQk1SgXwY4FzoGX7gOvQZQ6NRiDMb0GFMk2jFzL3wUT2Vw9JMglOQX4cWDzhX3Frf+YBCPe415d4UzXgdA79VR4STUKCLhK29rDTCeMZYFl+Iq87sYrdChHVMhDUfx/mZF/9XCrrOzB/rAWoVo/nuZQ5c0FLvsbGL/F1hIdBPHaBbZ4TyDeYK48b3FYbuKRchVGLHGkbp9C0UON1sQQ==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-9AA143BE89F4DC04011470669480690104"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:UsernameToken wsu:Id="UsernameToken-9AA143BE89F4DC04011470669480684102">
<wsse:Username>sts-testuser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">secret</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">k2BiRYIVNdfi9JPsD2xw/g==</wsse:Nonce>
<wsu:Created>2016-08-08T15:18:00.684Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<xenc:EncryptedData Id="ED-9AA143BE89F4DC04011470669480690104" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#EK-9AA143BE89F4DC04011470669480690103"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>zDgBaeKsy95JK22DtUhFa+1ggZ6fSaknmEois0wxNkmVb+f3bbkgInZ28WEV5EeDyTvv0olW4WO9GMnnCetjsSvK8GBaRar7IRPH01dPriowF1fm3huIck1tcNRF1oUZvqX9PHi7Bry7MJjBvvNULYHuo8aQyWudJi7nMVJHLOxcj1u67K9IXwxeBrMf/EE2quAf12bKNuQQhhPMQyzMGmWZ649i7Q6KGvZuUKD+osTB2vCD4ZVpblWOvKs3rtDg1hdERTEqWWYwLyUgeNbw52DxfUWCEGid4ojSmzvv1I0ZK/xZHEuuo73j3+db0nRIWv4HOMc+X1uwUB547pVN27ztmrtcrYrq/ckl7T5L4ukEOndgiTLZs5zqEp15aHBFWvz5WTvMAqTvDjfddsaYnOadMVOjsvZxNkhdzkQ/AMFbQchfPshioYQrnScO9DsqtRv5vbJyODpdhVYmqE08FgEggnsqiVvL644XYSW1NA0Ag/8yEQfIDmW9X2I0AY8DeIiu03qYuJci0NH7g4YE/w==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
SoapUI生成的请求:
;WITH patient_results
AS
(
SELECT * FROM
(VALUES (1, 'EA11AEE3-1D90-4602-9A37-0000007E2293', '85.10' ,'2015-12-11'),
(1, '27BCD3E4-2381-4139-B420-0000025B4113', '91.50' ,'2016-01-05'),
(1, 'D8969360-45D6-487B-AF94-0000035F78B0', '81.00' ,'2016-07-21'),
(5, '446E6413-442A-452A-BCF4-000006AA9896', '58.00' ,'2014-07-01'),
(5, '00305129-BC14-4A12-8368-00000AC04A9B', '53.00' ,'2014-12-13'),
(5, '96A67E53-2D6C-430B-A01F-00000AE4C37B', '42.80' ,'2015-02-01'),
(5, '7C330511-3E99-488C-AF5E-00000BDFA3FF', '54.00' ,'2015-07-01'),
(8, '62A2806A-4969-417A-B4DF-D547621CC594', '89.00' ,'2016-03-10'),
(8, '3B9F4E5B-3433-4F21-850A-FC2127A24B72', '92.60' ,'2016-06-30'),
(8, '1A2D780D-8C11-451C-8A64-6D49140B6232', '88.00' ,'2016-08-05') )
as t (pat_id, visit_id, result_value, result_date))
SELECT *, ISNULL(DATEDIFF(DAY, LAG(result_date) OVER(PARTITION BY pat_id ORDER BY result_date), result_date), 0) as daysBetweenResultDates
FROM patient_results
WHERE result_value < 90.00