Apache camel 如何在ApacheCamel中使用XML安全组件实现分离的XML签名?
H我对分离的XML签名的实现有疑问,我主要遵循出现的示例。我的疑问与使用模式“test.xsd”进行的验证有关,我没有根据需要生成它 我必须对请求的正文、时间戳和BinarySecurityToken进行签名,这是加密的(对于加密,我使用的是中出现的实现) 我的路线是:Apache camel 如何在ApacheCamel中使用XML安全组件实现分离的XML签名?,apache-camel,ws-security,jbossfuse,xmlsec,Apache Camel,Ws Security,Jbossfuse,Xmlsec,H我对分离的XML签名的实现有疑问,我主要遵循出现的示例。我的疑问与使用模式“test.xsd”进行的验证有关,我没有根据需要生成它 我必须对请求的正文、时间戳和BinarySecurityToken进行签名,这是加密的(对于加密,我使用的是中出现的实现) 我的路线是: <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:camel="http://camel.apache.org/schema/bluep
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:camel="http://camel.apache.org/schema/blueprint"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
xmlns:cxf="http://camel.apache.org/schema/blueprint/cxf"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd http://camel.apache.org/schema/blueprint http://camel.apache.org/schema/blueprint/camel-blueprint.xsd">
<camel:keyStoreParameters id="injks" password="desarrollo" resource="C:/Users/Usuario/Desktop/nuevo/test.jks"/>
<bean class="org.apache.camel.util.jsse.KeyStoreParameters" id="keyStore2">
<property name="resource" value="C:/Users/Usuario/Desktop/nuevo/test.jks"/>
<property name="password" value="development"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.DefaultKeyAccessor" id="keyAccessorOne">
<property name="alias" value="test"/>
<property name="password" value="development"/>
<property name="keyStoreParameters" ref="keyStore2"/>
</bean>
<!-- Parts -->
<bean class="java.util.ArrayList" id="xpathParts">
<argument>
<list>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Body"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Timestamp"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:BinarySecurityToken"/>
</bean>
</list>
</argument>
</bean>
<camelContext id="context-redbanc" xmlns="http://camel.apache.org/schema/blueprint">
<route id="_route1">
<from id="_from1" uri="timer:foo?period=20000"/>
<setBody id="_setBody1">
<simple>resource:classpath:etc/wsdl/schema.xml</simple>
</setBody>
<marshal id="_marshal2">
<jaxb contextPath="cl.coopeuch.integracion.wsredbanc.wsdl.test"/>
</marshal>
<marshal id="_marshal1">
<secureXML id="inEncryption"
keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
keyOrTrustStoreParametersId="injks"
recipientKeyAlias="des-wls02.rbc.cl"
secureTag="//*:Body" secureTagContents="true" xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
</marshal>
<setHeader headerName="CamelXmlSignatureContentReferenceUri" id="_setHeader1">
<constant>#Body</constant>
</setHeader>
<to id="_to2" uri="xmlsecurity:sign://oneSign?keyAccessor=#keyAccessorOne&digestAlgorithm=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1&xpathsToIdAttributes=#xpathParts&schemaResourceUri=etc/wsdl/schema.xsd"/>
<to id="_to3" uri="file://C:/Users/Usuario/Desktop/salida?fileName=outbound_body.xml"/>
<to id="_to4" uri="mock:result"/>
</route>
</camelContext>
资源:classpath:etc/wsdl/schema.xml
#身体
<bean class="java.util.ArrayList" id="xpathParts">
<argument>
<list>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Body"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:Timestamp"/>
</bean>
<bean
class="org.apache.camel.component.xmlsecurity.api.XmlSignatureHelper" factory-method="getXpathFilter">
<argument type="java.lang.String" value="//*:BinarySecurityToken"/>
</bean>
</list>
</argument>
</bean>
<to id="_to2" uri="xmlsecurity:sign://oneSign?keyAccessor=#keyAccessorOne&digestAlgorithm=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23sha1&xpathsToIdAttributes=#xpathParts&schemaResourceUri=etc/wsdl/schema.xsd"/>
有什么想法或其他例子我可以遵循吗?。已经解决了!ws-policy框架与以下策略一起使用:
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy
wsu:Id="SecureConversation_MutualCertificate10SignEncrypt_IPingService_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp1_2:All xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy">
<sp:AsymmetricBinding xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp1_2:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp1_2:Policy>
<sp:WssX509V3Token10 />
<sp:RequireIssuerSerialReference />
</wsp1_2:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp />
<sp:ProtectTokens />
</wsp1_2:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body />
</sp:EncryptedParts>
</wsp1_2:All>
</wsp:ExactlyOne>
</wsp:Policy>
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy
wsu:Id="SecureConversation_MutualCertificate10SignEncrypt_IPingService_policy"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp1_2:All xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy">
<sp:AsymmetricBinding xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp1_2:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp1_2:Policy>
<sp:WssX509V3Token10 />
<sp:RequireIssuerSerialReference />
</wsp1_2:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp />
<sp:ProtectTokens />
</wsp1_2:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wss="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body />
</sp:EncryptedParts>
</wsp1_2:All>
</wsp:ExactlyOne>
</wsp:Policy>