带有数字签名的WSSecurity SOAPHandler [英] SOAPHandler for WSSecurity with Digital Signature
本文介绍了带有数字签名的WSSecurity SOAPHandler的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试图在Java中创建一个Soap客户端,在这里我必须使用我的私钥对Soap消息进行签名.
I am trying to create a Soap client in java, where I have to Sign the Soap message using my private key.
我正在使用配置为WS-Security的SoapUI来获取响应.
I am getting response using SoapUI, with WS-Security configured.
我已经导入WSDL并使用wsimport生成了类.
I have imported the WSDL and generated classes using wsimport.
我创建了一个SOAPHandler来对消息签名,如下所示.我不确定这是否是签名邮件的正确方法.
I created a SOAPHandler to sign the message like below. I am not sure If this is the correct way to sign the message.
@Override
private void handleMessage(SOAPMessageContext context) throws SOAPException, WSSecurityException {
try {
SOAPMessage soapMessage = context.getMessage();
SOAPPart soapPart = soapMessage.getSOAPPart();
soapMessage.getSOAPHeader();
WSSecHeader wsSecHeader = new WSSecHeader();
wsSecHeader.setMustUnderstand(true);
wsSecHeader.insertSecurityHeader(soapPart);
WSSecTimestamp wsSecTimeStamp = new WSSecTimestamp();
wsSecTimeStamp.prepare(soapPart);
wsSecTimeStamp.prependToHeader(wsSecHeader);
WSSConfig wssConfig = new WSSConfig();
WSSecSignature sign = new WSSecSignature(wssConfig);
sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
Properties cxfProps = new Properties();
cxfProps.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", "example.com");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", "keystore.jks");
Crypto crypto1 = CryptoFactory.getInstance(cxfProps);
sign.prepare(soapPart, crypto1, wsSecHeader);
String bstId = sign.getBSTTokenId();
sign.appendBSTElementToHeader(wsSecHeader);
sign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
sign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
Vector<WSEncryptionPart> signParts = new Vector<WSEncryptionPart>();
signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId()));
signParts.add(new WSEncryptionPart(WSConstants.ELEM_BODY,
WSConstants.URI_SOAP12_ENV, ""));
signParts.add(new WSEncryptionPart(bstId));
sign.addReferencesToSign(signParts, wsSecHeader);
List<Reference> referenceList = sign.addReferencesToSign(signParts,
wsSecHeader);
sign.computeSignature(referenceList, false, null);
} catch (Exception ex) {
Logger.getLogger(SecurityHandler.class.getName()).log(Level.SEVERE, null, ex);
}
}
我得到一个NullPointerException.
java.lang.NullPointerException
at sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:57)
at sun.security.provider.JavaKeyStore.engineGetCertificateChain(JavaKeyStore.java:153)
at sun.security.provider.JavaKeyStore$JKS.engineGetCertificateChain(JavaKeyStore.java:55)
at java.security.KeyStore.getCertificateChain(KeyStore.java:1036)
at org.apache.ws.security.components.crypto.Merlin.getX509Certificates(Merlin.java:1277)
at org.apache.ws.security.components.crypto.Merlin.getX509Certificates(Merlin.java:600)
at org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:793)
at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:169)
at app.SecurityHandler.handleOutboundMessage(SecurityHandler.java:187)
推荐答案
要从密钥库中选择目标私钥,您必须添加
In order to select target private key from your keystore you have to add
sign.setUserInfo("key-alias", "key-password");
在您的代码中.
这篇关于带有数字签名的WSSecurity SOAPHandler的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
