Spring WS-Security响应消息解密失败
我正在使用SpringBoot和SpringWS开发一个客户端SOAP服务,它使用可信证书向目标服务发送SOAP消息,以加密请求消息。目标服务使用我生成的公私密钥对中的公钥对响应进行加密。可信证书(用于加密请求)和私钥(用于解密响应)都位于.jkt文件中。 请求由目标服务加密并正确处理,但我在解密和验证响应方面遇到了问题。这是我收到的错误消息Spring WS-Security响应消息解密失败,spring,web-services,soap,ws-security,wss4j,Spring,Web Services,Soap,Ws Security,Wss4j,我正在使用SpringBoot和SpringWS开发一个客户端SOAP服务,它使用可信证书向目标服务发送SOAP消息,以加密请求消息。目标服务使用我生成的公私密钥对中的公钥对响应进行加密。可信证书(用于加密请求)和私钥(用于解密响应)都位于.jkt文件中。 请求由目标服务加密并正确处理,但我在解密和验证响应方面遇到了问题。这是我收到的错误消息 DEBUG o.s.w.s.s.w.Wss4jSecurityInterceptor - Validating message [SaajSoapMess
DEBUG o.s.w.s.s.w.Wss4jSecurityInterceptor - Validating message [SaajSoapMessage {http://www.w3.org/2001/04/xmlenc#}EncryptedData] with actions [NoSecurity]
ERROR o.apache.wss4j.common.crypto.Merlin - Cannot find key for alias: [null] in keystore of type [jks] from provider [SUN version 1.8] with size [2] and aliases: {clientalias, serveralias}
WARN o.s.w.s.s.w.Wss4jSecurityInterceptor - Could not validate request: Cannot find key for alias: [null]; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Cannot find key for alias: [null]
我正在使用Wss4jSecurityInterceptor
@Bean
public Wss4jSecurityInterceptor securityInterceptor(Config c, CryptoFactoryBean cryptoFactoryBean) throws Exception {
Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
Securement securement = c.getSecurement();
// set security actions
securityInterceptor.setSecurementActions(securement.getActions());
// sign the request
securityInterceptor.setSecurementUsername(securement.getUsername());
securityInterceptor.setSecurementPassword(securement.getPassword());
securityInterceptor.setSecurementSignatureCrypto(cryptoFactoryBean.getObject());
// encrypt the request
securityInterceptor.setSecurementEncryptionUser(securement.getEncryptionUser());
securityInterceptor.setSecurementEncryptionCrypto(cryptoFactoryBean.getObject());
securityInterceptor.setSecurementEncryptionParts(securement.getEncryptionParts());
securityInterceptor.setSecurementSignatureKeyIdentifier(securement.getSignatureKeyIdentifier());
// decrypt the response
KeyStoreCallbackHandler keyStoreCallbackHandler = new KeyStoreCallbackHandler();
keyStoreCallbackHandler.setPrivateKeyPassword("xxxxx");
securityInterceptor.setValidationCallbackHandler(keyStoreCallbackHandler);
securityInterceptor.setValidationActions("NoSecurity");
securityInterceptor.setValidationDecryptionCrypto(cryptoFactoryBean.getObject());
return securityInterceptor;
}
您知道如何正确使用.jkt中的别名私钥来解密响应吗
编辑:
我必须在拦截器上设置actor以正确地从密钥库中拾取密钥:
securityInterceptor.setValidationActor("clientalias");
你能给我们看一下
keytool-keystore keystore.jks-v-list
?当然@michal korecki,这是输出:keystore类型:jks keystore提供者:SUN你的密钥库包含2个条目clientalias,2016年10月27日,privatekeycentry,证书指纹(SHA1):44:60:DB:CF:FD:D1:02:EB:B6:50:88:7D:FD:30:BB:A8:DF:78服务器别名,2016年10月27日,trustedCertEntry,证书指纹(SHA1):F8:D1:4C:92:94:20:7A:6A:03:BF:98:CE:83:80:E9:23:8B:AD:FA:CF
您能给我们看看keytool-keystore.jks-v-list?当然可以@michal korecki,这是输出:密钥库类型:JKS密钥库提供程序:SUN您的密钥库包含2个条目clientalias,2016年10月27日,PrivateKeyEntry,证书指纹(SHA1):44:60:DB:CF:FD:D1:02:EB:B6:80:B6:50:88:7D:FD:30:BB:A8:DF:78服务器别名,2016年10月27日,trustedCertEntry,证书指纹(SHA1):F8:D1:4C:92:94:20:7A:6A:03:BF:98:CE:83:80:E9:23:8B:AD:FA:CF