签名SOAP请求X509的一部分时无法解析ID为的元素
我在尝试对SOAP请求的一部分进行签名时出现以下错误: 它来自引用标记上声明的URI的解析 以下是我用于通过X509签名的java代码:签名SOAP请求X509的一部分时无法解析ID为的元素,soap,java-7,x509,ws-security,xml-signature,Soap,Java 7,X509,Ws Security,Xml Signature,我在尝试对SOAP请求的一部分进行签名时出现以下错误: 它来自引用标记上声明的URI的解析 以下是我用于通过X509签名的java代码: KeyStore.PrivateKeyEntry pke = ISKeyStoreManager.getInstance().getPrivateKeyEntry(keyStoreAlias, keyAlias); AlgorithmStrings algStrings = AlgorithmStrings.getAlgDSString
KeyStore.PrivateKeyEntry pke = ISKeyStoreManager.getInstance().getPrivateKeyEntry(keyStoreAlias, keyAlias);
AlgorithmStrings algStrings = AlgorithmStrings.getAlgDSStrings( pke.getPrivateKey(), signatureAlgorithmString, digestAlgorithmString);
String resultantXPath = StringUtils.join(xpaths, '|');
Transforms transforms = new Transforms(originalDocument);
NodeList targetDocumentList = obtainNodesForXPath(originalDocument, resultantXPath, nc);
if(targetDocumentList != null && targetDocumentList.getLength() > 0)
{
if(targetDocumentList.item(0).hasAttributes()){
Node attrId = targetDocumentList.item(0).getAttributes().getNamedItem("Id");
if(attrId != null && !attrId.getNodeValue().equals("")){
uri = new StringBuilder().append('#').append(attrId.getNodeValue()).toString();
}
else{
((Element) targetDocumentList.item(0)).setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
((Element) targetDocumentList.item(0)).setAttribute("wsu:Id", idForXmlObject);
}
}
else{
((Element) targetDocumentList.item(0)).setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
((Element) targetDocumentList.item(0)).setAttribute("wsu:Id", idForXmlObject);
}
}else{
log.debug("Target not found in the original document with xpath: " + resultantXPath);
}
transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
if (resultantXPath != null) {
log.debug("Instantiation XPATHContainer");
XPathContainer xpathC = new XPathContainer(originalDocument);
xpathC.setXPath(resultantXPath);
if ((ncMap != null) && (!ncMap.isEmpty())) {
for (Map.Entry<String,String> e : ncMap.entrySet()) {
log.debug("Adding namespace to XPATH Container: " + e.getKey() + " -> " + e.getValue());
xpathC.setXPathNamespaceContext(e.getKey(), e.getValue());
}
}
transforms.addTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", xpathC.getElement());
}
log.debug("Instantiation Signature");
XMLSignature sig = new XMLSignature(originalDocument, null, algStrings.signatureAlgorithm, canonicalizationAlg);
sig.setFollowNestedManifests(true);
log.debug("Ajout des assertions de transformation");
sig.addDocument("", transforms, algStrings.digestMethod);
if (idAttrForSignature != null) {
sig.setId(idAttrForSignature);
}
log.debug("DOMToString: " + serializeDOMToString(originalDocument));
// signature node insertion
NodeList nodeList = obtainNodesForXPath(originalDocument, insertSignatureAtXPath, nc);
if(nodeList != null && nodeList.getLength() > 0){
Node nodeSignature = nodeList.item(0);
Node childNode = nodeSignature.getFirstChild();
if (childNode != null) {
if (addSignatureAsLastElement)
nodeSignature.appendChild(sig.getElement());
else
nodeSignature.insertBefore(sig.getElement(), childNode);
}
else nodeSignature.appendChild(sig.getElement());
}
else{
throw new ServiceException("INVALID_SIGNATURE_NODE_SELECTOR_XPATH");
}
// Public key insertion
//X509Data x509Data = getX509Data(includeCertChain, certificateData, originalDocument, pke);
//KeyInfoReference kir = new KeyInfoReference(x509Data.getDocument());
SecurityTokenReference str = new SecurityTokenReference(sig.getKeyInfo().getDocument());
str.setKeyIdentifier(ISKeyStoreAccessorUtil.getIaikCertificate(pke.getCertificate()));
sig.getKeyInfo().getElement().appendChild(str.getElement());
log.debug("DOMToString: " + serializeDOMToString(originalDocument));
//sig.getSignedInfo().addResourceResolver(new ResolverXPointer());
((Element)(sig.getSignedInfo().getElement().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Reference").item(0))).setAttribute("URI", uri);
log.debug("DOMToString: " + serializeDOMToString(originalDocument));
//sig.addDocument(uri, trans);
// Signature generation
sig.sign(pke.getPrivateKey());
KeyStore.PrivateKeyEntry pke=ISKeyStoreManager.getInstance().getPrivateKeyEntry(keyStoreAlias,keyAlias);
AlgorithmStrings-AlgString=AlgorithmStrings.GetAlgDssString(pke.getPrivateKey(),signatureAlgorithmString,digestAlgorithmString);
字符串resultantXPath=StringUtils.join(xpaths,“|”);
转换=新转换(原始文档);
NodeList targetDocumentList=获取nodesforXPath(原始文档,resultantXPath,nc);
if(targetDocumentList!=null&&targetDocumentList.getLength()>0)
{
if(targetDocumentList.item(0.hasAttributes()){
节点attrId=targetDocumentList.item(0.getAttributes().getNamedItem(“Id”);
if(attrId!=null&&!attrId.getNodeValue().equals(“”){
uri=new StringBuilder().append('#').append(attrId.getNodeValue()).toString();
}
否则{
((元素)targetDocumentList.item(0)).setAttribute(“xmlns:wsu,”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
((元素)targetDocumentList.item(0)).setAttribute(“wsu:Id”,idForXmlObject);
}
}
否则{
((元素)targetDocumentList.item(0)).setAttribute(“xmlns:wsu,”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
((元素)targetDocumentList.item(0)).setAttribute(“wsu:Id”,idForXmlObject);
}
}否则{
debug(“在xpath为+resultantXPath的原始文档中找不到目标”);
}
transforms.addTransform(“http://www.w3.org/2000/09/xmldsig#enveloped-签名);
if(resultantXPath!=null){
调试(“实例化XPATHContainer”);
XPathContainer xpathC=新的XPathContainer(原始文档);
setXPath(resultantXPath);
如果((ncMap!=null)&&(!ncMap.isEmpty()){
对于(Map.Entry e:ncMap.entrySet()){
debug(“将命名空间添加到XPATH容器:“+e.getKey()+”->“+e.getValue()”);
setXPathNamespaceContext(e.getKey(),e.getValue());
}
}
transforms.addTransform(“http://www.w3.org/TR/1999/REC-xpath-19991116,xpathC.getElement());
}
调试(“实例化签名”);
xmlsignaturesig=新的XMLSignature(原始文档,null,algStrings.signatureAlgorithm,规范化alg);
sig.setFollowNestedManifests(真);
debug(“Ajout des assertions de transformation”);
sig.addDocument(“”,transforms,algStrings.digestMethod);
if(idAttrForSignature!=null){
信号setId(idAttrForSignature);
}
log.debug(“domtString:+SerializedDomtString(originalDocument));
//签名节点插入
NodeList NodeList=获取nodesforXPath(原始文档,insertSignatureAtXPath,nc);
if(nodeList!=null&&nodeList.getLength()>0){
nodeSignature=nodeList.item(0);
Node childNode=nodeSignature.getFirstChild();
if(childNode!=null){
if(addSignaturesLastElement)
appendChild(sig.getElement());
其他的
nodeSignature.insertBefore(sig.getElement(),childNode);
}
else nodesignation.appendChild(sig.getElement());
}
否则{
抛出新的ServiceException(“无效的\u签名\u节点\u选择器\u XPATH”);
}
//公钥插入
//X509Data X509Data=getX509Data(包括证书链、认证数据、原始文档、pke);
//KeyInfoReference kir=新的KeyInfoReference(x509Data.getDocument());
SecurityTokenReference str=新的SecurityTokenReference(sig.getKeyInfo().getDocument());
str.setKeyIdentifier(iskeystreaccessorutil.getIaikCertificate(pke.getCertificate());
sig.getKeyInfo().getElement().appendChild(str.getElement());
log.debug(“domtString:+SerializedDomtString(originalDocument));
//sig.getSignedInfo().addResourceResolver(新的解析器xpointer());
((元素)(sig.getSignedInfo().getElement().getElementsByTagnames(“http://www.w3.org/2000/09/xmldsig#.item(0)).setAttribute(“URI”,URI);
log.debug(“domtString:+SerializedDomtString(originalDocument));
//sig.addDocument(uri,trans);
//签名生成
sig.sign(pke.getPrivateKey());
KeyStore.PrivateKeyEntry pke = ISKeyStoreManager.getInstance().getPrivateKeyEntry(keyStoreAlias, keyAlias);
AlgorithmStrings algStrings = AlgorithmStrings.getAlgDSStrings( pke.getPrivateKey(), signatureAlgorithmString, digestAlgorithmString);
String resultantXPath = StringUtils.join(xpaths, '|');
Transforms transforms = new Transforms(originalDocument);
NodeList targetDocumentList = obtainNodesForXPath(originalDocument, resultantXPath, nc);
if(targetDocumentList != null && targetDocumentList.getLength() > 0)
{
if(targetDocumentList.item(0).hasAttributes()){
Node attrId = targetDocumentList.item(0).getAttributes().getNamedItem("Id");
if(attrId != null && !attrId.getNodeValue().equals("")){
uri = new StringBuilder().append('#').append(attrId.getNodeValue()).toString();
}
else{
((Element) targetDocumentList.item(0)).setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
((Element) targetDocumentList.item(0)).setAttribute("wsu:Id", idForXmlObject);
}
}
else{
((Element) targetDocumentList.item(0)).setAttribute("xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
((Element) targetDocumentList.item(0)).setAttribute("wsu:Id", idForXmlObject);
}
}else{
log.debug("Target not found in the original document with xpath: " + resultantXPath);
}
transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
if (resultantXPath != null) {
log.debug("Instantiation XPATHContainer");
XPathContainer xpathC = new XPathContainer(originalDocument);
xpathC.setXPath(resultantXPath);
if ((ncMap != null) && (!ncMap.isEmpty())) {
for (Map.Entry<String,String> e : ncMap.entrySet()) {
log.debug("Adding namespace to XPATH Container: " + e.getKey() + " -> " + e.getValue());
xpathC.setXPathNamespaceContext(e.getKey(), e.getValue());
}
}
transforms.addTransform("http://www.w3.org/TR/1999/REC-xpath-19991116", xpathC.getElement());
}
log.debug("Instantiation Signature");
XMLSignature sig = new XMLSignature(originalDocument, null, algStrings.signatureAlgorithm, canonicalizationAlg);
sig.setFollowNestedManifests(true);
log.debug("Ajout des assertions de transformation");
sig.addDocument("", transforms, algStrings.digestMethod);
if (idAttrForSignature != null) {
sig.setId(idAttrForSignature);
}
log.debug("DOMToString: " + serializeDOMToString(originalDocument));
// signature node insertion
NodeList nodeList = obtainNodesForXPath(originalDocument, insertSignatureAtXPath, nc);
if(nodeList != null && nodeList.getLength() > 0){
Node nodeSignature = nodeList.item(0);
Node childNode = nodeSignature.getFirstChild();
if (childNode != null) {
if (addSignatureAsLastElement)
nodeSignature.appendChild(sig.getElement());
else
nodeSignature.insertBefore(sig.getElement(), childNode);
}
else nodeSignature.appendChild(sig.getElement());
}
else{
throw new ServiceException("INVALID_SIGNATURE_NODE_SELECTOR_XPATH");
}
// Public key insertion
//X509Data x509Data = getX509Data(includeCertChain, certificateData, originalDocument, pke);
//KeyInfoReference kir = new KeyInfoReference(x509Data.getDocument());
SecurityTokenReference str = new SecurityTokenReference(sig.getKeyInfo().getDocument());
str.setKeyIdentifier(ISKeyStoreAccessorUtil.getIaikCertificate(pke.getCertificate()));
sig.getKeyInfo().getElement().appendChild(str.getElement());
log.debug("DOMToString: " + serializeDOMToString(originalDocument));
//sig.getSignedInfo().addResourceResolver(new ResolverXPointer());
((Element)(sig.getSignedInfo().getElement().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Reference").item(0))).setAttribute("URI", uri);
log.debug("DOMToString: " + serializeDOMToString(originalDocument));
//sig.addDocument(uri, trans);
// Signature generation
sig.sign(pke.getPrivateKey());