Fatal编程技术网
  • java/
  • Java 带数字签名的WSSecurity SOAPHandler

Java 带数字签名的WSSecurity SOAPHandler

java soap

Java 带数字签名的WSSecurity SOAPHandler,java,soap,jax-ws,ws-security,Java,Soap,Jax Ws,Ws Security,我正在尝试用java创建一个Soap客户机,在这里我必须使用私钥对Soap消息进行签名 我使用SoapUI获得响应,并配置了WS-Security 我已经使用wsimport导入了WSDL并生成了类 我创建了一个SOAPHandler来签署消息,如下所示。我不确定这是否是签署信息的正确方式 @Override private void handleMessage(SOAPMessageContext context) throws SOAPException, WSSecurityExcepti

我正在尝试用java创建一个Soap客户机,在这里我必须使用私钥对Soap消息进行签名

我使用
SoapUI
获得响应,并配置了
WS-Security

我已经使用
wsimport
导入了WSDL并生成了类

我创建了一个
SOAPHandler
来签署消息,如下所示。我不确定这是否是签署信息的正确方式

@Override
private void handleMessage(SOAPMessageContext context) throws SOAPException, WSSecurityException {
    try {
        SOAPMessage soapMessage = context.getMessage();
        SOAPPart soapPart = soapMessage.getSOAPPart();
        soapMessage.getSOAPHeader();
        WSSecHeader wsSecHeader = new WSSecHeader();
        wsSecHeader.setMustUnderstand(true);
        wsSecHeader.insertSecurityHeader(soapPart);

        WSSecTimestamp wsSecTimeStamp = new WSSecTimestamp();
        wsSecTimeStamp.prepare(soapPart);
        wsSecTimeStamp.prependToHeader(wsSecHeader);

        WSSConfig wssConfig = new WSSConfig();
        WSSecSignature sign = new WSSecSignature(wssConfig);
        sign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);

        Properties cxfProps = new Properties();
        cxfProps.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", "example.com");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
        cxfProps.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", "keystore.jks");

        Crypto crypto1 = CryptoFactory.getInstance(cxfProps);

        sign.prepare(soapPart, crypto1, wsSecHeader);
        String bstId = sign.getBSTTokenId();
        sign.appendBSTElementToHeader(wsSecHeader);
        sign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
        sign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        Vector<WSEncryptionPart> signParts = new Vector<WSEncryptionPart>();
        signParts.add(new WSEncryptionPart(wsSecTimeStamp.getId()));
        signParts.add(new WSEncryptionPart(WSConstants.ELEM_BODY,
                WSConstants.URI_SOAP12_ENV, ""));
        signParts.add(new WSEncryptionPart(bstId));
        sign.addReferencesToSign(signParts, wsSecHeader);
        List<Reference> referenceList = sign.addReferencesToSign(signParts,
                wsSecHeader);
        sign.computeSignature(referenceList, false, null);

    } catch (Exception ex) {
        Logger.getLogger(SecurityHandler.class.getName()).log(Level.SEVERE, null, ex);
    }
}
为了从密钥库中选择目标私钥,必须添加

sign.setUserInfo("key-alias", "key-password");
在您的代码中。

对此有何想法?使用Spring并使用Wss4jSecurityInterceptor添加了配置 
sign.setUserInfo("key-alias", "key-password");