Apache XMLSec:What';签名有什么问题吗?(“URI引用没有XMLSignatureInput”)
我正在使用apache santuario 1.4.4生成此签名消息:Apache XMLSec:What';签名有什么问题吗?(“URI引用没有XMLSignatureInput”),apache,digital-signature,digital-certificate,xml-signature,xmlsec,Apache,Digital Signature,Digital Certificate,Xml Signature,Xmlsec,我正在使用apache santuario 1.4.4生成此签名消息: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12"> <soapenv:Header> <ds:Signature xmlns:ds="http://ww
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12">
<soapenv:Header>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#DS-OM">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>8nZkH.....99alYEU4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
XSwt/8HzsnWewj.....8dHwY+FVCkhlg==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIID4TCCAsmgAwIB....WQuq/eiErGfyU9ZNmKFpA==
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
zSmjLBHhvxfE03pEUaq8x.....D4b63mMF8p+3XAYmgw==
</ds:Modulus>
<ds:Exponent>AQBA</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</soapenv:Header>
<soapenv:Body SOAP-SEC:Id="DS-OM">
<ns1:Servic xmlns:ns1="http://www.foo.es/Schemas">
...
</ns1:Servic>
</soapenv:Body>
</soapenv:Envelope>
8nZkH…..99alYEU4=
XSwt/8HzsnWewj…..8dHwY+FVCkhlg==
MIID4TCASMGAWIB…WQuq/eiErGfyU9ZNmKFpA==
zSmjLBHhvxfE03pEUaq8x…..D4b63mMF8p+3XAYmgw==
阿克巴
...
当我将其发送到我正在使用的服务时,它会回复:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>
<soapenv:Fault>
<faultcode xmlns:ns1="http://www.foo.com/Schemas">ns1:DigitalSignatureError</faultcode>
<faultstring>The Reference for URI #DS-OM has no XMLSignatureInput</faultstring>
<detail>
<string/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
ns1:数字签名错误
URI#DS-OM的引用没有XMLSignatureInput
我在谷歌上搜索了很多,但几乎没有找到任何关于这个错误的信息。
引用是否已声明为错误?有什么不对劲吗?任何想法都将不胜感激
提前感谢。将“DS-OM”定义为“SOAP-SEC:Id”-我认为这就是造成此问题的原因,可能是SOAP-SEC:Id不是正确的xml:Id,或者无法正确识别为xml:Id。要避免这种情况,您可以使用XPath转换来声明您的引用
:
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath xmlns:soapenv="&soapenv;" xmlns:SOAP-SEC="&SOAP-SEC;">
//soapenv:Envelope[@SOAP-SEC:Id='DS-OM']
<ds:XPath>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
....
</ds:Reference>
//soapenv:Envelope[@SOAP-SEC:Id='DS-OM']
....
将“DS-OM”定义为“SOAP-SEC:Id”-我认为这就是造成问题的原因,可能是SOAP-SEC:Id不是正确的xml:Id,或者没有正确地识别为xml:Id。要避免这种情况,您可以使用XPath转换来声明您的引用
:
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath xmlns:soapenv="&soapenv;" xmlns:SOAP-SEC="&SOAP-SEC;">
//soapenv:Envelope[@SOAP-SEC:Id='DS-OM']
<ds:XPath>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
....
</ds:Reference>
//soapenv:Envelope[@SOAP-SEC:Id='DS-OM']
....