我们正在生成XML SOAP消息,但是接收网关(EMIS)响应并指出签名无效:
INVALID_REQUEST 无效的数字签名
如果我们对肥皂有效载荷进行验证,则这样:
DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(publicKey), signatureNode);
Element elTS = (Element) ts;
valContext.setIdAttributeNS(elTS, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
signatureIsValid = signature.validate(valContext);
if (signatureIsValid == false) {
boolean sv = signature.getSignatureValue().validate(valContext);
if (sv == false) {
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
Reference ref = ((Reference) i.next());
boolean refValid = ref.validate(valContext);
}
}
然后消息是:
URI:#Timestamp-1
**** #Timestamp-1 validity status: true
Verification returned:false
签名途径为:
SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc.getDocumentElement());
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
WSSecSignature builder = new WSSecSignature(secHeader);
builder.setUserInfo( KEY_ALIAS, KEY_ENTRY_PASS);
builder.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
builder.setAddInclusivePrefixes(true);
WSEncryptionPart tsEP =new WSEncryptionPart(ts.getId());
builder.getParts().add(tsEP);
LOGGER.info("Signing doc");
Document signedDoc = builder.build(crypto);
有什么想法吗?