Question

在将其发送到SOAP之前，我需要将安全标头添加到xml中。我正在使用apache库，但是仍然无法获取正确的安全标头。我最终需要得到的是该表格：

<soapenv:Envelope>
   <soapenv:Header>
	<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
		<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" 
			wsu:Id="X509-8EEC446C3CA62C2A6C1531210638441144"> (xxx)
		</wsse:BinarySecurityToken>
		<ds:Signature Id="SIG-8EEC446C3CA62C2A6C1531210638442148" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
			<ds:SignedInfo>
				<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
					<ec:InclusiveNamespaces PrefixList="ns soapenv urn urn1 v1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
				</ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
			<ds:Reference URI="#id-8EEC446C3CA62C2A6C1531210638441147">
				<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
				<ec:InclusiveNamespaces PrefixList="ns urn urn1 v1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
				</ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
				<ds:DigestValue>9PmF4IM/EHuZuPJKJC1190jDMmU=
				</ds:DigestValue>
			</ds:Reference>
		</ds:SignedInfo>
		<ds:SignatureValue>(xxx)
		</ds:SignatureValue>
		<ds:KeyInfo Id="KI-8EEC446C3CA62C2A6C1531210638441145">
	<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="STR-8EEC446C3CA62C2A6C1531210638441146" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
	<wsse:Reference URI="#X509-8EEC446C3CA62C2A6C1531210638441144" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
	</wsse:SecurityTokenReference>
	</ds:KeyInfo>
	</ds:Signature>
	</wsse:Security>
      <ns:SyncHeader>
         <ns:Consumer>
            <ns:ApplicationID>test</ns:ApplicationID>
            <ns:MessageID>1111</ns:MessageID>
         </ns:Consumer>
      </ns:SyncHeader>
   </soapenv:Header>
   <soapenv:Body wsu:Id="id-8EEC446C3CA62C2A6C1531210638441147" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      (...)
   </soapenv:Body>
</soapenv:Envelope>

我的代码实际执行的是：

<soapenv:Envelope>
   <soapenv:Header>
   <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue></ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
</ds:Signature></wsse:Security>
      <ns:SyncHeader>
         <ns:Consumer>
            <ns:ApplicationID>test</ns:ApplicationID>
            <ns:MessageID>1111</ns:MessageID>
         </ns:Consumer>
      </ns:SyncHeader>
   </soapenv:Header>
   <soapenv:Body>
      (...)
   </soapenv:Body>
</soapenv:Envelope>

因此您可以看到既没有BinarySecurityToken也没有DigetsValue。

当前代码为：

public static void sign() throws Exception {
 final String keystoreType = "JKS";
 final String keystoreFile = "certificaatTest.jks";
 final String keystorePass = "somapass";
 final String privateKeyAlias = "privatekeytest";
 final String certificateAlias = "privatekeytest";
 final File signatureFile = new File("output.xml");
 Element element = null;
 String BaseURI;
  BaseURI = signatureFile.toURI().toURL().toString();

final File attachmentFile = new File("source.xml");

final KeyStore ks = KeyStore.getInstance(keystoreType);
final FileInputStream fis = new FileInputStream(keystoreFile);
ks.load(fis, keystorePass.toCharArray());

    final javax.xml.parsers.DocumentBuilderFactory dbf =
        javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
final DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
final DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
final Document doc = dBuilder.parse(attachmentFile);
Init.init();
final XMLSignature sig =
        new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);

element = doc.getDocumentElement();
element.normalize();
element.getElementsByTagName("wsse:Security").item(0).appendChild(sig.getElement());

{
    final Transforms transforms = new Transforms(doc);
    transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
    sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
}

final FileOutputStream f = new FileOutputStream(signatureFile);
XMLUtils.outputDOMc14nWithComments(doc, f);
f.close();

}

这里还附有SOAP UI的打印屏幕，以显示正确的设置在该工具SoapUI中的样子

所以问题是应该使用哪种方法向我的xml添加二进制代码签名？

感谢进阶！

使用“二进制代码”类型的JSK标记xml

0 个答案: