WSO2 ESB如何对自定义调解器的消息签名

时间:2019-06-19 06:42:38

标签: java wso2 esb

美好的一天! 当我使用算法http://www.w3.org/2001/04/xmldsig-more#rsa-sha256进行签名时,我尝试使用Java和自定义中介在XML中使用自定义中介对XML进行签名,

但是当我尝试使用算法http://www.w3.org/2001/04/xmldsig-more#gost34310-gost34311签名时,出现错误:

org.apache.xml.security.signature.XMLSignatureException: The requested algorithm http://www.w3.org/2001/04/xmldsig-more#gost34310-gost34311 does not exist. Original Message was: null
Original Exception was java.lang.NullPointerException
        at org.apache.xml.security.algorithms.SignatureAlgorithm.getSignatureAlgorithmSpi(SignatureAlgorithm.java:160)
        at org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(SignatureAlgorithm.java:73)
        at org.apache.xml.security.signature.SignedInfo.<init>(SignedInfo.java:118)
        at org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:256)
        at org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:185)
        at kz.EsbGcvp.SignGcvp.SignXML(SignGcvp.java:113)

Java上的代码可以在Wso esb中进行部署而无需部署两个算法,但是当我从Wso esb调用它时,如果使用gost34310-gost34311.

则会出错

我认为xmlsec-000版本存在问题,我已经使用过1.4.4, 1.4.8, 1.5.8版,但未成功。

那么我该如何设置WSO2 ESB或了解我必须使用哪个版本或类型的framework.jar? 我一直在使用WSO2 ESB版本6.4.0

中介代码:

private static String SignXML(String xmlDoc, String keyPath, String keyPass) throws TransformerFactoryConfigurationError, Exception
{

    KalkanProvider provider = new KalkanProvider();
    Security.addProvider(provider);
    KncaXS.loadXMLSecurity();       
    KeyStore ks = KeyStore.getInstance("PKCS12", provider.getName());
    System.getProperty("user.dir");
    ks.load(new FileInputStream(keyPath), keyPass.toCharArray());
    String alias = ks.aliases().nextElement();
    PrivateKey key = (PrivateKey) ks.getKey(alias, keyPass.toCharArray());
    X509Certificate certificate = (X509Certificate) ks.getCertificate(alias);
    String signMethod = null;
    String digestMethod = null;
    String sigAlgOid = certificate.getSigAlgOID();
    if (sigAlgOid.equals(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId())) {
        signMethod =  Constants.MoreAlgorithmsSpecNS + "rsa-sha1";
        digestMethod = Constants.MoreAlgorithmsSpecNS + "sha1";
    } else if (sigAlgOid.equals(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId())) {
        signMethod = Constants.MoreAlgorithmsSpecNS + "rsa-sha256";
        digestMethod = XMLCipherParameters.SHA256;
    } else {

        signMethod = Constants.MoreAlgorithmsSpecNS + "gost34310-gost34311";
        digestMethod = Constants.MoreAlgorithmsSpecNS + "gost34311";            
    }

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setNamespaceAware(true);
    DocumentBuilder documentBuilder = dbf.newDocumentBuilder();
    org.w3c.dom.Document doc = (org.w3c.dom.Document) documentBuilder.parse(new ByteArrayInputStream(xmlDoc.getBytes("UTF-8")));

    StringWriter os = new StringWriter();
    XMLSignature signature;
    try {

        signature = new XMLSignature(doc, "", signMethod);                      
        if (doc.getFirstChild() != null) {
            doc.getFirstChild().appendChild(signature.getElement());
            Transforms transforms = new Transforms(doc);
            transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);          
            transforms.addTransform(XMLCipherParameters.N14C_XML_CMMNTS);
            signature.addDocument("", transforms, digestMethod);
            signature.addKeyInfo(certificate);
            signature.addKeyInfo(certificate.getPublicKey());
            signature.sign(key);
            TransformerFactory tf = TransformerFactory.newInstance();
            Transformer trans = tf.newTransformer();
            trans.transform(new DOMSource(doc), new StreamResult(os));
            os.close();
            return os.toString().replaceAll("\\<\\?xml(.+?)\\?\\>", "").trim();
        }
        else
        {
            throw new NullPointerException("doc.getFirstChild() value is null.");
        }
    } catch (Exception e) {

        e.printStackTrace();
        throw e;
    }
}

1 个答案:

答案 0 :(得分:0)

也许对某人有用。 因为此代码可作为独立的可运行JAR文件工作,所以我删除了远程可运行JAR文件的逻辑并将其作为添加工具添加到WSO2 ESB中,因此效果很好。也许会对WSO2 ESB的性能产生不良影响。但是,我在使用Java和ESB方面没有丰富的经验。

相关问题
最新问题