Java XML WS-Security签名; X.509令牌配置文件;添加安全令牌参考

时间:2016-11-29 12:58:11

标签: java xml ws-security wss4j

下面是我需要用Java生成的XML Signature keyinfo。

<ds:KeyInfo Id="idhere">
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="idhere" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#X509" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>

以下是我到目前为止在Java方面取得的成就。如何向密钥信息添加安全令牌参考?

KeyInfoFactory kif = fac.getKeyInfoFactory(); 

KeyInfo ki = kif.newKeyInfo(Collections.singletonList(Whatgoeshere?));  


XMLSignature signature = fac.newXMLSignature(si, ki,null,"id-2FC89B275743456788xtdcfyvg9014",null);

任何额外的信息都可以随意询问。谢谢!

1 个答案:

答案 0 :(得分:0)

我今天一直在努力解决这个问题,但找到了解决方案。为了生成安全性令牌引用,我使用了javax.xml.crypto之外的另一个库,即org.apache.ws.security。我们的想法是使用所需的keyinfo生成安全令牌引用,然后使用keyinfofactory创建keyinfo对象。

参见示例:

   import org.apache.ws.security.message.token.DOMX509Data;
   import org.apache.ws.security.message.token.DOMX509IssuerSerial;
   import org.apache.ws.security.message.token.SecurityTokenReference;

   import javax.xml.crypto.XMLStructure;
   import javax.xml.crypto.dom.DOMStructure;
   import javax.xml.crypto.dsig.keyinfo.*;

   SecurityTokenReference secRef = new SecurityTokenReference(doc);
               secRef.addWSSENamespace();

   String issuer = "issuer information";
   BigInteger serialNumber = new BigInteger("issuer serial number");
   DOMX509IssuerSerial domIssuerSerial = new DOMX509IssuerSerial(doc, issuer, serialNumber);
   DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
   secRef.setX509Data(domX509Data);

   XMLStructure structure = new DOMStructure(secRef.getElement());
   KeyInfo keyInfo = keyInfoFac.newKeyInfo(java.util.Collections.singletonList(structure), "key-info");

这将生成keyinfo,如下所示:

<ds:KeyInfo Id="key-info">
    <wsse:SecurityTokenReference>
        <ds:X509Data>
            <ds:X509IssuerSerial>
                <ds:X509IssuerName>issuer information</ds:X509IssuerName>
                <ds:X509SerialNumber>issuer serial number</ds:X509SerialNumber>
            </ds:X509IssuerSerial>
        </ds:X509Data>
    </wsse:SecurityTokenReference>
</ds:KeyInfo>
相关问题
最新问题