我创建了一个新的WSO2 Api Manager介体,它将负责过滤Signed SOAP信封。在请求中,我收到一个标签,该标签要用XMLSignatureFactory解析。
数字签名API: https://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html
输入:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-1F873A0D2A87BCE8721558280884557279">
<ds:SignedInfo>
...
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
<ds:Reference URI="#id-349F63E22F25E7CF2915581003601374">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>..Base64 encoded value...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>..Base64 encoded value...</ds:SignatureValue>
<ds:KeyInfo Id="KI-1F873A0D2A87BCE8721558280884517277">
...
</ds:KeyInfo>
</ds:Signature>
源代码:
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Find Signature element.
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
}
// Create a DOMValidateContext and specify a KeySelector
// and document context.
DOMValidateContext valContext = new DOMValidateContext(cert.getPublicKey(), nl.item(0));
// Unmarshal the XMLSignature.
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature.
boolean coreValidity = signature.validate(valContext);
// Check core validation status.
if (coreValidity == false) {
System.err.println("Signature failed core validation");
}
在标准Java SE程序中,它可以正常工作,但是当我在Mediator中使用它时,出现以下错误:
Exception occured! java.lang.ClassCastException: org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory cannot be cast to javax.xml.crypto.dsig.XMLSignatureFactory
at javax.xml.crypto.dsig.XMLSignatureFactory.findInstance(XMLSignatureFactory.java:202)
at javax.xml.crypto.dsig.XMLSignatureFactory.getInstance(XMLSignatureFactory.java:250)
Maven配置:
...
<java.version>1.8</java.version>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<bouncycastle.version>1.61</bouncycastle.version>
...
<dependency>
<groupId>org.apache.synapse</groupId>
<artifactId>synapse-core</artifactId>
<version>2.1.7-wso2v80</version>
</dependency>
<dependency>
<groupId>org.apache.ws.commons.axiom.wso2</groupId>
<artifactId>axiom</artifactId>
<version>1.2.11.wso2v11</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>${bouncycastle.version}</version>
</dependency>
...
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.3.7</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<!-- <Export-Package>mediator</Export-Package> -->
<!--<DynamicImport-Package>*</DynamicImport-Package>-->
<Import-Package>
!javax.xml.crypto.*; version="???",
org.apache.xml.security;version="0.0.0",
*
</Import-Package>
</instructions>
</configuration>
</plugin>
答案 0 :(得分:0)
我想这是由于软件包 javax.xml.crypto。导致的。通过wso2 wss4j 捆绑包导出的version =“ xxx” 与默认的 javax.xml.crypto冲突。 JDK导出的包。
为了解决此问题,您可以将调解器打包为捆绑包(OSGI捆绑包并将其放置在dropins文件夹中),并按如下方式限制该特定导入到调解器中。
请在osgiConsole中启动AM(带有-DosgiConsole标志),并检查wss4j导出的javax.xml.crypto。*软件包的版本。然后从调解器的导入部分中排除该特定版本。
示例代码如下。
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>2.3.7</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Import-Package>
!javax.xml.crypto.*; version="xxx",
org.apache.xml.security;version="0.0.0",
*
</Import-Package>
</instructions>
</configuration>
</plugin>
谢谢