我对分离的XML签名的实现有疑问,我大多数都遵循here显示的示例。我的疑问与使用模式“test.xsd”完成的验证有关,我还没有设法根据我的需要生成它。
我必须签署请求的正文,时间戳和BinarySecurityToken,这是加密的(对于我正在使用http://camel.apache.org/xmlsecurity-dataformat.html中显示的实现的加密)
我的路线是:
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:camel="http://camel.apache.org/schema/blueprint"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<camel:keyStoreParameters id="injks" password="desarrollo" resource="C:/Users/Usuario/Desktop/nuevo/test.jks"/>
<bean class="org.apache.camel.util.jsse.KeyStoreParameters" id="keyStore2">
<property name="resource" value="C:/Users/Usuario/Desktop/nuevo/test.jks"/>
<property name="password" value="development"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.DefaultKeyAccessor" id="keyAccessorOne">
<property name="alias" value="test"/>
<property name="password" value="development"/>
<property name="keyStoreParameters" ref="keyStore2"/>
</bean>
<!-- Parts -->
<bean class="java.util.ArrayList" id="xpathParts">
<argument>
<list>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Body"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Timestamp"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:BinarySecurityToken"/>
</bean>
</list>
</argument>
</bean>
<camelContext id="context-redbanc" xmlns="http://camel.apache.org/schema/blueprint">
<route id="_route1">
<from id="_from1" uri="timer:foo?period=20000"/>
<setBody id="_setBody1">
<simple>resource:classpath:etc/wsdl/schema.xml</simple>
</setBody>
<marshal id="_marshal2">
<jaxb contextPath="cl.coopeuch.integracion.wsredbanc.wsdl.test"/>
</marshal>
<marshal id="_marshal1">
<secureXML id="inEncryption"
keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
keyOrTrustStoreParametersId="injks"
recipientKeyAlias="des-wls02.rbc.cl"
secureTag="//*:Body" secureTagContents="true" xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
</marshal>
<setHeader headerName="CamelXmlSignatureContentReferenceUri" id="_setHeader1">
<constant>#Body</constant>
</setHeader>
<to id="_to2" uri="xmlsecurity:sign://oneSign?keyAccessor=#keyAccessorOne&digestAlgorithm=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1&xpathsToIdAttributes=#xpathParts&schemaResourceUri=etc/wsdl/schema.xsd"/>
<to id="_to3" uri="file://C:/Users/Usuario/Desktop/salida?fileName=outbound_body.xml"/>
<to id="_to4" uri="mock:result"/>
</route>
</camelContext>
要签名的元素是:
<bean class="java.util.ArrayList" id="xpathParts">
<argument>
<list>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Body"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Timestamp"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:BinarySecurityToken"/>
</bean>
</list>
</argument>
</bean>
和用于签名的uri是:
<to id="_to2" uri="xmlsecurity:sign://oneSign?keyAccessor=#keyAccessorOne&digestAlgorithm=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1&xpathsToIdAttributes=#xpathParts&schemaResourceUri=etc/wsdl/schema.xsd"/>
我的实现中的test.xsd是schema.xsd,它是:(我还不知道如何指示其他两方签名)
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tns="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<import namespace="http://www.w3.org/2000/09/xmldsig#"
schemaLocation="xmldsig-core-schema.xsd" />
<element name="Envelope">
<complexType>
<sequence>
<element name="Header"/>
<element name="Body">
<complexType>
<sequence>
<element ref="ds:Signature" minOccurs="0" />
</sequence>
<attribute name="Body" type="ID" use="required" />
<attribute name="stringBody" type="string" />
</complexType>
</element>
</sequence>
</complexType>
</element>
我可以遵循的任何想法或其他例子吗?
答案 0 :(得分:0)
..解决了! ws-policy框架与以下策略一起使用:
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy
wsu:Id="SecureConversation_MutualCertificate10SignEncrypt_IPingService_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp1_2:All xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy">
<sp:AsymmetricBinding xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp1_2:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp1_2:Policy>
<sp:WssX509V3Token10 />
<sp:RequireIssuerSerialReference />
</wsp1_2:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp />
<sp:ProtectTokens />
</wsp1_2:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body />
</sp:EncryptedParts>
</wsp1_2:All>
</wsp:ExactlyOne>
</wsp:Policy>