如何解决Cxf安全标头引用wsa:to标记
我正在使用Java中的org.apache.ws.security.message.WSSecHeader向我的soapmessage中添加一个安全标头。 生成的xml是这样的:
<env:Header>
<wsse:Security S:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken ... wsu:Id="X509-YYYYY"></wsse:BinarySecurityToken>
<ds:Signature ... xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="S env" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha256"/>
<ds:Reference URI="#id-XXXXX">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="env" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo Id="KI-...">
<wsse:SecurityTokenReference wsu:Id="STR-...">
<wsse:Reference URI="#X509-YYYYY" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</env:Header>
<S:Body wsu:Id="id-XXXXX"...
在这里,SignedInfo的引用指向Body的id,但是我想要的是指向 wsa:To 元素而不是body的引用,就像我用SOAPUI发送消息时看到的那样,这是SOAPUI发送的消息:
<soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsu:Timestamp wsu:Id="TS-F29FF616569688CED815972291033866">
<wsu:Created>2020-08-12T10:45:03.385Z</wsu:Created>
<wsu:Expires>2020-08-13T03:25:03.385Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken wsu:Id="X509-YYYYY">...</wsse:BinarySecurityToken>
<ds:Signature ... xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="wsa soap wcf" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-XXXXX">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="soap wcf" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>...</ds:SignatureValue>
<ds:KeyInfo Id="KI-...">
<wsse:SecurityTokenReference wsu:Id="STR-...">
<wsse:Reference URI="#X509-YYYYY" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:Action>http://wcf.dian.colombia/IWcfDianCustomerServices/SendTestSetAsync</wsa:Action>
<wsa:To wsu:Id="id-XXXXX" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">https://test/Services.svc</wsa:To>
</soap:Header>
<soap:Body...
首先,我需要正确添加wsa:to元素(我可以手动执行),然后必须使签名的引用指向该元素。
我正在使用Java 7,这是我的签名方法:
private String handleSOAPMessage(SOAPMessage message) {
String ret="";
try {
Document doc = message.getSOAPBody().getownerDocument();
Crypto crypto = CryptoFactory.getInstance(ConfigProperties.getProperties());
WSSecSignature sign = new WSSecSignature();
sign.setUserInfo(
" "+ConfigProperties.getProperty("prop.certificate.alias"),ConfigProperties.getProperty("prop.certificate.password"));
sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
sign.setUseSingleCertificate(true);
sign.setDigestAlgo(DigestMethod.SHA256);
sign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
SOAPElement soapHeader = message.getSOAPHeader();
soapHeader.addNamespaceDeclaration("wsa","http://www.w3.org/2005/08/addressing");
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(doc);
Document signedDoc = sign.build(doc,crypto,secHeader);
WSSecTimestamp timestamp = new WSSecTimestamp();
timestamp.setTimetoLive(signatureValidityTime);
doc = timestamp.build(doc,secHeader);
timestamp.prependToHeader(secHeader);
ret = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(signedDoc);
log.info(ret);
} catch (SOAPException e) {
e.printstacktrace();
return null;
} catch (WSSecurityException e) {
e.printstacktrace();
throw new RuntimeException("Error: " + e.getMessage());
}
return ret;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
