我正在使用WSSecDKEncrypt使用以下设置加密java中的Document:
// Load the key information to create a derived key
KeyStore clientStore = KeyStore.getInstance("jks");
clientStore.load(new FileInputStream(FILESTORE_PATH_CONST), KEY_PASSWORD_CONST.toCharArray());
byte[] keyBytes = clientStore.getKey(KEY_NAME_CONST, KEY_PASSWORD.toCharArray()).getEncoded();
WSSecDKEncrypt encBuilder = new WSSecDKEncrypt();
encBuilder.setSymmetricEncAlgorithm(WSConstants.AES_256);
encBuilder.setDerivedKeyLength(24);
encBuilder.setExternalKey(keyBytes, KEY_NAME_CONST);
encBuilder.setKeyIdentifierType(3);
在我的输出中,派生密钥如下所示:
<wsc:DerivedKeyToken wsu:Id="DK-13">
<wsse:SecurityTokenReference wsu:Id="STR-5F19CCE1DE10D253ED15220696801308">
<wsse:Reference URI="#KEY_NAME_CONST" />
</wsse:SecurityTokenReference>
<wsc:Offset>0</wsc:Offset>
<wsc:Length>24</wsc:Length>
<wsc:Nonce>SN2DMIkt7GjFe5pjqxFKgw==</wsc:Nonce>
</wsc:DerivedKeyToken>
我希望KeyIdentifier是一个加密引用,类似于我试图模仿的示例消息中的格式:
<c:DerivedKeyToken u:Id="_0">
<o:SecurityTokenReference>
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">IGEEUhgV2G/ojXFCrKVNWjzcwxQ=</o:KeyIdentifier>
</o:SecurityTokenReference>
<c:Offset>0</c:Offset>
<c:Length>24</c:Length>
<c:Nonce>8p3Un1ciYQfTw8vSLpYtiA==</c:Nonce>
</c:DerivedKeyToken>
我使用的是旧版本的WSS4j,1.6.9,最新版本适用于Java 1.7。