Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/ember.js/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring WS-Security响应消息解密失败_Spring_Web Services_Soap_Ws Security_Wss4j - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring WS-Security响应消息解密失败

Spring WS-Security响应消息解密失败

spring web-services soap

Spring WS-Security响应消息解密失败,spring,web-services,soap,ws-security,wss4j,Spring,Web Services,Soap,Ws Security,Wss4j,我正在使用SpringBoot和SpringWS开发一个客户端SOAP服务,它使用可信证书向目标服务发送SOAP消息,以加密请求消息。目标服务使用我生成的公私密钥对中的公钥对响应进行加密。可信证书(用于加密请求)和私钥(用于解密响应)都位于.jkt文件中。 请求由目标服务加密并正确处理,但我在解密和验证响应方面遇到了问题。这是我收到的错误消息 DEBUG o.s.w.s.s.w.Wss4jSecurityInterceptor - Validating message [SaajSoapMess

我正在使用SpringBoot和SpringWS开发一个客户端SOAP服务,它使用可信证书向目标服务发送SOAP消息,以加密请求消息。目标服务使用我生成的公私密钥对中的公钥对响应进行加密。可信证书(用于加密请求)和私钥(用于解密响应)都位于.jkt文件中。 请求由目标服务加密并正确处理,但我在解密和验证响应方面遇到了问题。这是我收到的错误消息

DEBUG o.s.w.s.s.w.Wss4jSecurityInterceptor - Validating message [SaajSoapMessage {http://www.w3.org/2001/04/xmlenc#}EncryptedData] with actions [NoSecurity]
ERROR o.apache.wss4j.common.crypto.Merlin - Cannot find key for alias: [null] in keystore of type [jks] from provider [SUN version 1.8] with size [2] and aliases: {clientalias, serveralias}
WARN  o.s.w.s.s.w.Wss4jSecurityInterceptor - Could not validate request: Cannot find key for alias: [null]; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [null]
我正在使用Wss4jSecurityInterceptor

@Bean
public Wss4jSecurityInterceptor securityInterceptor(Config c, CryptoFactoryBean cryptoFactoryBean) throws Exception {
    Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
    Securement securement = c.getSecurement();
    // set security actions
    securityInterceptor.setSecurementActions(securement.getActions());

    // sign the request
    securityInterceptor.setSecurementUsername(securement.getUsername());
    securityInterceptor.setSecurementPassword(securement.getPassword());
    securityInterceptor.setSecurementSignatureCrypto(cryptoFactoryBean.getObject());

    // encrypt the request
    securityInterceptor.setSecurementEncryptionUser(securement.getEncryptionUser());
    securityInterceptor.setSecurementEncryptionCrypto(cryptoFactoryBean.getObject());
    securityInterceptor.setSecurementEncryptionParts(securement.getEncryptionParts());
    securityInterceptor.setSecurementSignatureKeyIdentifier(securement.getSignatureKeyIdentifier());

    // decrypt the response
    KeyStoreCallbackHandler keyStoreCallbackHandler = new KeyStoreCallbackHandler();
    keyStoreCallbackHandler.setPrivateKeyPassword("xxxxx");
    securityInterceptor.setValidationCallbackHandler(keyStoreCallbackHandler);

    securityInterceptor.setValidationActions("NoSecurity");
    securityInterceptor.setValidationDecryptionCrypto(cryptoFactoryBean.getObject());

    return securityInterceptor;
}
您知道如何正确使用.jkt中的别名私钥来解密响应吗

编辑: 我必须在拦截器上设置actor以正确地从密钥库中拾取密钥:

securityInterceptor.setValidationActor("clientalias");
你能给我们看一下
keytool-keystore keystore.jks-v-list
?当然@michal korecki,这是输出:
keystore类型:jks keystore提供者:SUN你的密钥库包含2个条目clientalias,2016年10月27日,privatekeycentry,证书指纹(SHA1):44:60:DB:CF:FD:D1:02:EB:B6:50:88:7D:FD:30:BB:A8:DF:78服务器别名,2016年10月27日,trustedCertEntry,证书指纹(SHA1):F8:D1:4C:92:94:20:7A:6A:03:BF:98:CE:83:80:E9:23:8B:AD:FA:CF
您能给我们看看keytool-keystore.jks-v-list?当然可以@michal korecki,这是输出:
密钥库类型:JKS密钥库提供程序:SUN您的密钥库包含2个条目clientalias,2016年10月27日,PrivateKeyEntry,证书指纹(SHA1):44:60:DB:CF:FD:D1:02:EB:B6:80:B6:50:88:7D:FD:30:BB:A8:DF:78服务器别名,2016年10月27日,trustedCertEntry,证书指纹(SHA1):F8:D1:4C:92:94:20:7A:6A:03:BF:98:CE:83:80:E9:23:8B:AD:FA:CF