个人中心
gpt4 book ai didi

java - 用于具有数字签名的 WSSecurity 的 SOAPHandler

转载 作者:行者123 更新时间:2023-12-02 01:46:02 27 4
gpt4 key购买 nike

我正在尝试用 java 创建一个 Soap 客户端,我必须使用我的私钥对 Soap 消息进行签名。

我正在使用配置了 WS-SecuritySoapUI 获取响应。

我已经使用 wsimport 导入了 WSDL 并生成了类。

我创建了一个 SOAPHandler 来对消息进行签名,如下所示。我不确定这是否是签署消息的正确方法。

@Override
private void handleMessage(SOAPMessageContext context) throws SOAPException, WSSecurityException {
    try {
        SOAPMessage soapMessage = context.getMessage();
        SOAPPart soapPart = soapMessage.getSOAPPart();
        soapMessage.getSOAPHeader();
        WSSecHeader wsSecHeader = new WSSecHeader();
        wsSecHeader.setMustUnderstand(true);
        wsSecHeader.insertSecurityHeader(soapPart);

        WSSecTimestamp wsSecTimeStamp = new WSSecTimestamp();
        wsSecTimeStamp.prepare(soapPart);
        wsSecTimeStamp.prependToHeader(wsSecHeader);

        WSSConfig wssConfig = new WSSConfig();
        WSSecSignature sign = new WSSecSignature(wssConfig);
        sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

        Properties cxfProps = new Properties();
        cxfProps.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", "example.com");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", "keystore.jks");

        Crypto crypto1 = CryptoFactory.getInstance(cxfProps);

        sign.prepare(soapPart, crypto1, wsSecHeader);
        String bstId = sign.getBSTTokenId();
        sign.appendBSTElementToHeader(wsSecHeader);
        sign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        sign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        Vector<WSEncryptionPart> signParts = new Vector<WSEncryptionPart>();
        signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId()));
        signParts.add(new WSEncryptionPart(WSConstants.ELEM_BODY,
                WSConstants.URI_SOAP12_ENV, ""));
        signParts.add(new WSEncryptionPart(bstId));
        sign.addReferencesToSign(signParts, wsSecHeader);
        List<Reference> referenceList = sign.addReferencesToSign(signParts,
                wsSecHeader);
        sign.computeSignature(referenceList, false, null);

    } catch (Exception ex) {
        Logger.getLogger(SecurityHandler.class.getName()).log(Level.SEVERE, null, ex);
    }
}

我收到一个NullPointerException

java.lang.NullPointerException
at sun.security.provider.JavaKeyStore$JKS.convertAlias(JavaKeyStore.java:57)
at sun.security.provider.JavaKeyStore.engineGetCertificateChain(JavaKeyStore.java:153)
at sun.security.provider.JavaKeyStore$JKS.engineGetCertificateChain(JavaKeyStore.java:55)
at java.security.KeyStore.getCertificateChain(KeyStore.java:1036)
at org.apache.ws.security.components.crypto.Merlin.getX509Certificates(Merlin.java:1277)
at org.apache.ws.security.components.crypto.Merlin.getX509Certificates(Merlin.java:600)
at org.apache.ws.security.message.WSSecSignature.getSigningCerts(WSSecSignature.java:793)
at org.apache.ws.security.message.WSSecSignature.prepare(WSSecSignature.java:169)
at app.SecurityHandler.handleOutboundMessage(SecurityHandler.java:187)

最佳答案

为了从 keystore 中选择目标私钥,您必须添加

sign.setUserInfo("key-alias", "key-password");

在您的代码中。

关于java - 用于具有数字签名的 WSSecurity 的 SOAPHandler,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42084341/

27 4 0
文章推荐: java - Android java.io.FileNotFoundException 没有这样的文件或>目录,尽管授予了权限
文章推荐: wpf - WPF 中的确定性和异步字段验证
文章推荐: spring - 在 Spring 中 Autowiring 注释而不使用组件扫描
文章推荐: java - 我怎样才能在java中迭代这两个循环?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com