我可以手动添加到WSS4J中的InclusiveNamespaces PrefixList

时间:2017-07-11 02:52:17

标签: wss4j

我正在使用WSS4J 2.1.10来签署带有时间戳的soap消息。

我发送消息的服务要求我

1)包括命名空间" http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"在签名,时间戳和BST元素

2)添加" wsu"名称空间为InclusiveNamespaces PrefixList,用于时间戳元素的转换,如:

      <ds:Reference URI="#TS-634a1acd-e8fd-4629-a19a-1935e677797b">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsu wsse env"/>
          </ds:Transform>
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>uDqH4tK4HcsJWOit+DUW8llsEk8=</ds:DigestValue>
      </ds:Reference>

3)添加&#34; wsse&#34;名称空间的名称元素的名称元素的InclusiveNamespaces PrefixList的名称空间如下:

      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse env"/>
      </ds:CanonicalizationMethod>

有人可以告诉我这是否可行以及如何?

到目前为止我的代码是:

WSSConfig.init();

SOAPMessage soapMessage = getSoapMessage();
SOAPHeader soapHeader = soapMessage.getSOAPHeader();

Name toHeaderName = soapFactory.createName("To", "", "http://www.w3.org/2005/08/addressing");
SOAPHeaderElement toHeader = soapHeader.addHeaderElement(toHeaderName);

toHeader.setAttributeNS(WSConstants.WSU_NS, WSConstants.WSU_PREFIX + ":Id", "_5002");//TODO: Does this need to be a fixed value?
Attr idAttr = toHeader.getAttributeNode(WSConstants.WSU_PREFIX + ":Id");
toHeader.setIdAttributeNode(idAttr, true);
toHeader.setTextContent(vgEndpoint);

Name actionHeaderName = soapFactory.createName("Action", "", "http://www.w3.org/2005/08/addressing");
SOAPHeaderElement actionHeader = soapHeader.addHeaderElement(actionHeaderName);
actionHeader.setTextContent("http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue");
actionHeader.setMustUnderstand(true);

Name replyToHeaderName = soapFactory.createName("ReplyTo", "", "http://www.w3.org/2005/08/addressing");
SOAPHeaderElement replyToHeader = soapHeader.addHeaderElement(replyToHeaderName);
Name rtAddressName = soapFactory.createName("Address");
SOAPElement rtAddress = replyToHeader.addChildElement(rtAddressName);
rtAddress.setTextContent("http://www.w3.org/2005/08/addressing/anonymous");

Name faultToHeaderName = soapFactory.createName("FaultTo", "", "http://www.w3.org/2005/08/addressing");
SOAPHeaderElement faultToHeader = soapHeader.addHeaderElement(faultToHeaderName);
Name ftAddressName = soapFactory.createName("Address");
SOAPElement ftAddress = faultToHeader.addChildElement(ftAddressName);
ftAddress.setTextContent("http://www.w3.org/2005/08/addressing/anonymous");

Name messageIdName = soapFactory.createName("MessageID", "", "http://www.w3.org/2005/08/addressing");
SOAPHeaderElement messageIdHeader = soapHeader.addHeaderElement(messageIdName);
messageIdHeader.setTextContent("uuid:" + UUID.randomUUID().toString());

Name secHeaderName = soapFactory.createName(WSConstants.WSSE_LN, WSConstants.WSSE_PREFIX, WSConstants.WSSE_NS);
SOAPHeaderElement secHeader = soapHeader.addHeaderElement(secHeaderName);
secHeader.addNamespaceDeclaration("wsc", "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512");
secHeader.setMustUnderstand(true);

Merlin crypto = getCrypto(privateKey, password, salt, certChain);

Document unsignedDocument = soapMessage.getSOAPPart().getEnvelope().getOwnerDocument();

WSSecHeader wsSecHeader = new WSSecHeader(unsignedDocument);
wsSecHeader.insertSecurityHeader(); 

WSSecTimestamp timestamp = new WSSecTimestamp();
timestamp.setPrecisionInMilliSeconds(false);
timestamp.setTimeToLive(600);
timestamp.build(unsignedDocument, wsSecHeader);

// Setup the signer
WSSecSignature signer = new WSSecSignature();

signer.setUserInfo("signingCert", password);
signer.setSignatureAlgorithm(WSConstants.RSA_SHA1);
signer.setDigestAlgo(WSConstants.SHA1);
signer.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
signer.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
signer.setAddInclusivePrefixes(true);
signer.setUseSingleCertificate(true);

signer.getParts().add(new WSEncryptionPart("Timestamp", WSConstants.WSU_NS, null));
signer.getParts().add(new WSEncryptionPart("To", "http://www.w3.org/2005/08/addressing", null));

signer.build(unsignedDocument, crypto, wsSecHeader);

这是由此产生的肥皂消息明显缺少这三点:

<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
  <env:Header>
    <To xmlns="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_5002">https://localhost/service.svc</To>
    <Action xmlns="http://www.w3.org/2005/08/addressing" env:mustUnderstand="true">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
    <ReplyTo xmlns="http://www.w3.org/2005/08/addressing">
      <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
    </ReplyTo>
    <FaultTo xmlns="http://www.w3.org/2005/08/addressing">
      <Address>http://www.w3.org/2005/08/addressing/anonymous</Address>
    </FaultTo>
    <MessageID xmlns="http://www.w3.org/2005/08/addressing">uuid:dc08272f-609f-47e3-ac9b-6049a98a0dab</MessageID>
    <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="true">
      <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-848ca3b0-a273-4cbf-ae1a-e34dc570444e">*** REMOVED ***</wsse:BinarySecurityToken>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-25253839-097b-495a-ae60-24fa8a5f0ada">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
            <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="env"/>
          </ds:CanonicalizationMethod>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
          <ds:Reference URI="#TS-634a1acd-e8fd-4629-a19a-1935e677797b">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse env"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>uDqH4tK4HcsJWOit+DUW8llsEk8=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="#_5002">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="env"/>
              </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>LiNgJUCK0GyrUZ3BpbdlRbVKnfo=</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>l8EyofVcLesFD1c6btPu2zJ6dTRTyqCSWy7aW7MVH4x3nWh3y0Ir7xY2nNSZeXpcc5Q/7wrWOVgX+TkT/zwEVL62hpq4HyUJb/aIwTDhUIlH5UL7UeudDCRvvAnPOtzEp/jnapKUbsJpIzXWmvlS6tB2E3SUDT/MChradRcawJ0=</ds:SignatureValue>
        <ds:KeyInfo Id="KI-c2995ba4-6fe5-457c-9367-25c5d98eff91">
          <wsse:SecurityTokenReference wsu:Id="STR-4bc8eb55-9b1f-4bb8-a7cc-d4685bd3aa2c">
            <wsse:Reference URI="#X509-848ca3b0-a273-4cbf-ae1a-e34dc570444e" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
          </wsse:SecurityTokenReference>
        </ds:KeyInfo>
      </ds:Signature>
      <wsu:Timestamp wsu:Id="TS-634a1acd-e8fd-4629-a19a-1935e677797b">
        <wsu:Created>2017-07-11T02:38:06Z</wsu:Created>
        <wsu:Expires>2017-07-11T02:48:06Z</wsu:Expires>
      </wsu:Timestamp>
    </wsse:Security>
  </env:Header>
  <env:Body/>
</env:Envelope>

2 个答案:

答案 0 :(得分:1)

我这样做了

List<String> prefixList = new ArrayList<String>();

prefixList.add("ser soapenv");

sigFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,new ExcC14NParameterSpec(prefixList));

结果

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="ser soapenv"/> </ds:CanonicalizationMethod>

示例https://docs.oracle.com/cd/E17802_01/webservices/webservices/docs/2.0/xmldsig/api/javax/xml/crypto/doc-files/SignedSoap.java

答案 1 :(得分:0)

我添加了相同的方法,但是它没有反映在输出xml中。

我刚刚修改过,我的代码如下:

javax.xml.crypto.dsig.CanonicalizationMethod cm = xmlSignatureFactory.newCanonicalizationMethod(“ http://www.w3.org/2001/10/xml-exc-c14n#”,             (C14NMethodParameterSpec)null);     列表prefixList = new ArrayList(); 

prefixList.add("wsa man man1 soap");

xmlSignatureFactory.newCanonicalizationMethod(cm.EXCLUSIVE,new ExcC14NParameterSpec(prefixList));
相关问题
最新问题