Java 如何使用wss4j库验证soap签名
我有一条soap消息,如下所示Java 如何使用wss4j库验证soap签名,java,web-services,soap,wss4j,Java,Web Services,Soap,Wss4j,我有一条soap消息,如下所示 <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" env:mustUnderstand="1">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-3FE116EADE4A5ACE1C14636491396431">MIIEwjCCBCugAwIBAgIEUZF6sjANBgkqhkiG9w0BAQUFADCBmDEZMBcGA1UEChMQR3J1cG8gVGuYSBTPLrZBFdug27AhMqAzvjmp8G4Aj65E0QKDrnFIU4KTMyhSIFRzL5fATWsohdLXqcebHf+XmlNSQ==</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-3FE116EADE4A5ACE1C14636491396595">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-3FE116EADE4A5ACE1C14636491396564">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>hsrhNdt06tOUYlbV4gmkEwZEpXg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>rtBv9+NmGZ58HN1XaWXZDQs2DpoiRCONt3XTM6N/R4SyrVK8ltbZebl0WnBQ==</ds:SignatureValue>
<ds:KeyInfo Id="KI-3FE116EADE4A5ACE1C14636491396452">
<wsse:SecurityTokenReference wsu:Id="STR-3FE116EADE4A5ACE1C14636491396483">
<wsse:Reference URI="#X509-3FE116EADE4A5ACE1C14636491396431" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<add:MessageID xmlns:add="http://schemas.xmlsoap.org/ws/2004/08/addressing">urn:uuid:b43ab47f-8ecb-4ac4-8b36-ee3649a734bf</add:MessageID>
</env:Header>
<env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-3FE116EADE4A5ACE1C14636491396564">
<request>
<param1>234</param1>
<param2>sdf2342</param2>
</request>
</env:Body>
</env:Envelope>
MIIEWJCCBCUGAWIBAGIUZF6SJANBGKQHKIG9W0BAQUFADCMDEDZMBCGA1UECHMQR3J1CG8GVGYSBTPLRZBFDUG27AHMQAZVJMP8G4AJ65E0QKDRnfiU4KTMYHSIFRZL5FATWSOHDLXQCEBHF+XmlNSQ==
HSRHndt06tuylBV4GMKEWZEPXG=
rtBv9+NmGZ58HN1XaWXZDQs2DpoiRCONt3XTM6N/R4SyrVK8ltbZebl0WnBQ==
urn:uuid:b43ab47f-8ecb-4ac4-8b36-ee3649a734bf
234
sdf2342
如何使用wss4j验证消息签名。?我希望在java程序中执行此操作,而不是在任何框架(如axis或cxf)中执行此操作。如果签名与消息不对应,则将抛出WsSecurityException
public void processSoapSecurityHeader(String soapRequest, String keyStore, String keyStorePwd, String alias) throws Exception {
SOAPMessage soapMessage = MessageFactory.newInstance().createMessage(null, new ByteArrayInputStream(soapRequest.getBytes()));
FileInputStream is = new FileInputStream(keyStore);
KeyPair keypair = null;
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, keyStorePwd.toCharArray());
Certificate cert = null;
Key key = keystore.getKey(alias, keyStorePwd.toCharArray());
if (key instanceof PrivateKey) {
cert = keystore.getCertificate(alias);
PublicKey publicKey = cert.getPublicKey();
keypair = new KeyPair(publicKey, (PrivateKey) key);
}
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
Crypto crypto = CryptoFactory.getInstance(properties);
keystore.setKeyEntry(alias, keypair.getPrivate(), keyStorePwd.toCharArray(), new Certificate[]{cert});
((Merlin) crypto).setKeyStore(keystore);
crypto.loadCertificate(new ByteArrayInputStream(cert.getEncoded()));
WSSecurityEngine engine = new WSSecurityEngine();
WSSConfig config = WSSConfig.getNewInstance();
config.setWsiBSPCompliant(false);
engine.setWssConfig(config);
List<WSSecurityEngineResult> res = engine.processSecurityHeader(toDocument(soapMessage), null, null, crypto);
for (WSSecurityEngineResult ers : res) {
LOG.trace("Details of security header after validation {}" , ers.toString());
}
LOG.debug("Validation code executed");
}
public void processSoapSecurityHeader(字符串soapRequest、字符串keyStore、字符串keyStorePwd、字符串别名)引发异常{
SOAPMessage SOAPMessage=MessageFactory.newInstance().createMessage(null,new ByteArrayInputStream(soapRequest.getBytes());
FileInputStream is=新的FileInputStream(密钥库);
KeyPair KeyPair=null;
KeyStore KeyStore=KeyStore.getInstance(KeyStore.getDefaultType());
load(is,keyStorePwd.toCharArray());
证书cert=null;
Key=keystore.getKey(别名keyStorePwd.toCharArray());
if(私钥的密钥实例){
cert=keystore.getCertificate(别名);
PublicKey PublicKey=cert.getPublicKey();
密钥对=新密钥对(公钥,(私钥)密钥);
}
属性=新属性();
properties.setProperty(“org.apache.ws.security.crypto.provider”、“org.apache.ws.security.components.crypto.Merlin”);
Crypto Crypto=CryptoFactory.getInstance(属性);
setKeyEntry(别名,keypair.getPrivate(),keystrepwd.toCharArray(),新证书[]{cert});
((Merlin)crypto).setKeyStore(keystore);
crypto.loadCertificate(新的ByteArrayInputStream(cert.getEncoded());
WSSecurityEngine=新的WSSecurityEngine();
WSSConfig config=WSSConfig.getNewInstance();
config.setWsiBSPCompliant(false);
engine.setWssConfig(配置);
List res=engine.processSecurityHeader(toDocument(soapMessage),null,null,crypto);
用于(WSSecurityEngineResult:res){
trace(“验证后安全头的详细信息{}”,ers.toString());
}
调试(“执行验证代码”);
}