尝试为Webservice客户端实现WSS,并使用PrivateKey和TrustedCert for Server的密钥库条目。 传出请求的拦截器代码如下所示。
// Outgoing
Wss4jSecurityInterceptor interceptor = new Wss4jSecurityInterceptor();
interceptor.setSecurementActions("Timestamp Signature Encrypt");
//Signature
interceptor.setSecurementSignatureUser("privatekey");
interceptor.setSecurementPassword("XXXXXXXX");
interceptor.setSecurementSignatureCrypto(truststoreCrypto.getObject());
interceptor.setSecurementSignatureParts(
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"
);
interceptor.setSecurementSignatureKeyIdentifier("DirectReference");
//interceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
//interceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1");
// Encryption
interceptor.setSecurementEncryptionUser("privatekey");
interceptor.setSecurementEncryptionCrypto(keystoreCrypto.getObject());
interceptor.setSecurementEncryptionKeyIdentifier("DirectReference");
interceptor.setSecurementEncryptionSymAlgorithm(
"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
interceptor.setSecurementEncryptionKeyTransportAlgorithm(
"http://www.w3.org/2001/04/xmlenc#rsa-1_5");
interceptor.
setSecurementEncryptionParts("{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;" + "{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body");
创建的最终肥皂请求没有任何ds:Signature标签。知道为什么吗? 期待以下-
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-357F972C3B28B16BEC15325300300734">
MIID4TCCAsmgAwIBAgIJAMBo4gYOzDh8MA0GCSqGSIb3DQEBCwUAMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU2NvdHRzZGFsZTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMS0wKwYJKoZIhvcNAQkBFh5hc2hpc2guc2hpbmRlQGVhcmx5d2FybmluZy5jb20wHhcNMTgwNzI0MTkzNTI1WhcNMjgwNzIxMTkzNTI1WjCBhjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNjb3R0c2RhbGUxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEtMCsGCSqGSIb3DQEJARYeYXNoaXNoLnNoaW5kZUBlYXJseXdhcm5pbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpW0XxKAotqJXYO99S1wSuO6UBCrI9o2QovCj8eICzXi0Kd38tDmAorAzHJ5EB3lsi8WWRzlr4Y4QFENcBVvvyELU9BFFr6v6Y70fobGP5BY87UY2K1XIiqpOfefmAtlYdIRYuBAyIUXplzp4g19DGeWxMFe+EnJ2prI0huFv29qIRjcwg0YUsMgxAq9P6X7CFxjGXdfSAmCE3LEaXyXtVP7a58SPjqfIKn/Ell47DgY9OX+2/fe5RDaZzRH/tufrHPMK/OJiD7hDQ0M5Ye7mg+2TwzIW7Yp5qZzVNHgcnZBFIXkTjjLpjKAyZqUlyc8rREMAxDiQV2x0sjnbu1VTwIDAQABo1AwTjAdBgNVHQ4EFgQUYWIkciQ/Wb28rks0wuVsjbUsxHcwHwYDVR0jBBgwFoAUYWIkciQ/Wb28rks0wuVsjbUsxHcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFd+PPS6NbfFh9SubF4bhnpStOQDl5ZflURlBrYGH6ODRMwcQLNC9R2BcP+iXxPynmSZTDxsscasGS7oZFj76ApoebcApeYIrItW50LmAlzDtuYOMAVaVqzpNKTm/2ZCegmq8okLxHIbvpPrthtLZvKnWBRYAOiVxJ2zvxc1mANQsHEqoHn8Y66GubR/a1BdwrPXidqAHqGZ54PI3l1fIHrDVIYiHCMoBR8bE+zlDiAcvR1IjfdVK9XOUQGe6GXp5VdPaDk0usDOLjpCQ7BOotZrAu7/xREj7y3zcFiqCBFTCPwEd6/XNdbkH+gMJFaN9nAsTphKumiFdo2p6Avb+8w==
</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-357F972C3B28B16BEC15325300300838" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="root soapenv"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-357F972C3B28B16BEC15325300300787">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="root"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>THnDnGbR93ALSgnd9QVpHbpqffo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
DLWONZZiqWwgmPte9UKWesqKNdmxClIY+lQcxnaNo0RaxOb6DzhGZM5dY4rmLFm6ohQ4O1R/j/3431ZUKFAPLTdTil74BX3LXREB5drtz+ki9v0v3GOszBNjEWG3pUAw0J3R5vajZs69sq8mtmDH1t1JQMjiVdiJXh2TlGA0QxGWO3EWadC3gkAfcT71LDeNopVvkiqtEehWRSbx29fmbyyukyMsiIjeGJn/a6aFTLmo2UnxZ8u28KfytCeGYMeT+ntJRTxDL6TuhCLvnAUZCcv+3GNaDSywLQjrwJHV/0jrJCgeeHAiq+zRvjPjlQE9IDdJbsVNsbMwXon8Iit/Sw==
</ds:SignatureValue>
<ds:KeyInfo Id="KI-357F972C3B28B16BEC15325300300765">
<wsse:SecurityTokenReference wsu:Id="STR-357F972C3B28B16BEC15325300300766">
<wsse:Reference URI="#X509-357F972C3B28B16BEC15325300300734"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="357F972C3B28B16BEC15325300300402">
MIID4TCCAsmgAwIBAgIJAMBo4gYOzDh8MA0GCSqGSIb3DQEBCwUAMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU2NvdHRzZGFsZTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMS0wKwYJKoZIhvcNAQkBFh5hc2hpc2guc2hpbmRlQGVhcmx5d2FybmluZy5jb20wHhcNMTgwNzI0MTkzNTI1WhcNMjgwNzIxMTkzNTI1WjCBhjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNjb3R0c2RhbGUxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDEtMCsGCSqGSIb3DQEJARYeYXNoaXNoLnNoaW5kZUBlYXJseXdhcm5pbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpW0XxKAotqJXYO99S1wSuO6UBCrI9o2QovCj8eICzXi0Kd38tDmAorAzHJ5EB3lsi8WWRzlr4Y4QFENcBVvvyELU9BFFr6v6Y70fobGP5BY87UY2K1XIiqpOfefmAtlYdIRYuBAyIUXplzp4g19DGeWxMFe+EnJ2prI0huFv29qIRjcwg0YUsMgxAq9P6X7CFxjGXdfSAmCE3LEaXyXtVP7a58SPjqfIKn/Ell47DgY9OX+2/fe5RDaZzRH/tufrHPMK/OJiD7hDQ0M5Ye7mg+2TwzIW7Yp5qZzVNHgcnZBFIXkTjjLpjKAyZqUlyc8rREMAxDiQV2x0sjnbu1VTwIDAQABo1AwTjAdBgNVHQ4EFgQUYWIkciQ/Wb28rks0wuVsjbUsxHcwHwYDVR0jBBgwFoAUYWIkciQ/Wb28rks0wuVsjbUsxHcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFd+PPS6NbfFh9SubF4bhnpStOQDl5ZflURlBrYGH6ODRMwcQLNC9R2BcP+iXxPynmSZTDxsscasGS7oZFj76ApoebcApeYIrItW50LmAlzDtuYOMAVaVqzpNKTm/2ZCegmq8okLxHIbvpPrthtLZvKnWBRYAOiVxJ2zvxc1mANQsHEqoHn8Y66GubR/a1BdwrPXidqAHqGZ54PI3l1fIHrDVIYiHCMoBR8bE+zlDiAcvR1IjfdVK9XOUQGe6GXp5VdPaDk0usDOLjpCQ7BOotZrAu7/xREj7y3zcFiqCBFTCPwEd6/XNdbkH+gMJFaN9nAsTphKumiFdo2p6Avb+8w==
</wsse:BinarySecurityToken>
<xenc:EncryptedKey Id="EK-357F972C3B28B16BEC15325300300381" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference URI="#357F972C3B28B16BEC15325300300402"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>
HTeWqiTy9Iu19kHBCqjNip9ZIXZe5SxOHHlcRgLaafVY1EpgiVjz1va4LrGEywo+Kz7xb68dMKz6tp+uW2shCtD4IJeivq5LgpujrdTzl77Ih/LPV1HbQs43VfR0jINXGuFZ9XU5gxIJVWSR5s6KEjtasqZyvUu1lSJzkysMoPpD8f+eJcJeDfveZrwCev8OmG4IFSnwy+n1zPtCgwJSECMFLYGX6LnAAw5knYvs9wseOmrTxh5G/KDbxGy+TUGcQD89MBR0RkzGG47xZ2+0gKQxRVnwqbzScV1pMFKS+yg8YPMFJJJkCcwO+L5YDOjWEYOKpECBNrgP6eEY2eTdvw==
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#ED-357F972C3B28B16BEC15325300300543"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
</wsse:Security>
但是它完全缺少ds:Signature标签。
答案 0 :(得分:0)
将基础从Spring拦截器移动到Apache CXF + WSS4j。 我能够添加Spring类不支持的属性。