如何解决在数字签名 cxf wss4j 中将 X509 证书标签值转换为 base64 二进制编码
我已将 CXF 3.0.1 用于soap 实现和数字签名我已使用wss4j-WS-security-common 3.0.1 和CXF- rt-WS-security 3.0.1。通过在非 spring 设置中添加 outinterceptor 以及 crypto.merlin 属性,我进行了数字签名。 现在,根据获得的输出,我的网络服务提供商要求 X509Data 标记的 BASE64 二进制值。 总结一下,我想替换这个:
<ds:KeyInfo Id="...">
<wsse:SecurityTokenReference wsu:Id="...">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>C=...,O=...,CN=....</ds:X509IssuerName>
<ds:X509SerialNumber>70391139840......</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
有了这个:
<KeyInfo>
<X509Data>
<X509Certificate>MIIE4zCCA8ugAwIBAgI...</X509Certificate>
</X509Data>
</KeyInfo>
我目前的完整输出是:
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soap:mustUnderstand="true">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
Id="SIG-0ce2ba1e-9382-4b99-918f-40fe35c0bcd6">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="soap"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-f2a96bde-6b41-4283-9fcd-703eca4fd795">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList=""/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>nIHemuhLTu4c/drCPaK1is/.....</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
R3Of2Bf60qeSHFyUf5Op7TCGIwJWnhuyHWTNUxNRNLzye6Qi0YeVXTwb0WF9Nesizs16Y...
</ds:SignatureValue>
<ds:KeyInfo Id="KI-38c8124d-967f-4075-99c3-dca94b7d15e9">
<wsse:SecurityTokenReference wsu:Id="STR-9defa6fa-794a-40a3-a57d-2bb1335cbfb6">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>C=...,CN=....</ds:X509IssuerName>
<ds:X509SerialNumber>70391139840......</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
</soap:Envelope>
我想显示的输出:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
<AuthHeader xmlns="http://tempuri.org/">
<UserName>*</UserName>
<Password>*</Password>
</AuthHeader>
</soap:Header>
<soap:Body>
...
</soap:Body>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>yPt/HXyJyVi1GFFoBb52sTwpaQscONr6QQ2wW....</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>u+XmtuZRW1pqfnIaExnheNGMgg...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIE4zCCA8ugAwIBAgI...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</soap:Envelope>
这是我的 Java 客户端代码:
org.apache.cxf.endpoint.Client client =ClientProxy.getClient(ServicesSoap);
client.getOutInterceptors().add(new SAAJOutInterceptor());
org.apache.cxf.endpoint.Endpoint cxfEndpoint = client.getEndpoint();
Map<String,Object> outProps = new HashMap<String,Object>();
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps);
cxfEndpoint.getOutInterceptors().add(wssOut);
outProps.put(WSHandlerConstants.ACTION,"Signature");
outProps.put(WSHandlerConstants.USER,"1");
outProps.put(WSHandlerConstants.SIG_PROP_FILE,"crypto.properties");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,ClientPasswordCallback.class.getName());
outProps.put(WSHandlerConstants.SIG_DIGEST_ALGO,"http://www.w3.org/2001/04/xmlenc#sha256");
outProps.put(WSHandlerConstants.MUST_UNDERSTAND,"true");
outProps.put(WSHandlerConstants.SIG_ALGO,"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
outProps.put(WSHandlerConstants.USE_SINGLE_CERTIFICATE,"false");
outProps.put("SecurityToken","wsse:Base64Binary");
crypto.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=JKS
org.apache.ws.security.crypto.merlin.file=/home/...
org.apache.ws.security.crypto.merlin.keystore.alias=1
org.apache.ws.security.crypto.merlin.keystore.password=...
解决方法
我已经搜索了很多关于这个问题的信息。解决这个问题的两种方法是使用 Apache CXF-SAML,如果您想使用 wss4j,您可以将您的请求发送给授权您的证书的人,并使用您告诉他们的标签名称。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。