soapUI 怎么实现加密数字签名 生成报文
soapUI通过设置三个jks文件,就可以将原始报文转化成根据jks文件得到的公钥,私钥进行加密和数字签名的新报文。
原始报文
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://mastercard.com/sd/pc/service">
<soapenv:Header/>
<soapenv:Body>
<ser:getDataSourcesRequest>?</ser:getDataSourcesRequest>
</soapenv:Body>
</soapenv:Envelope>
生成的新报文在原始报文的基础上,新增了一些header的属性
<soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="X509-8E8922B41E27CE199814446184415361">MIIEAjCCA/4wggLmoAMCAQICEGvKQa4nCTGF9IXi5tZ5v8owDQYJKoZIhvcNAQEFBQAwgZ8xEzARBgoJkiaJk/IsZAEZFgNjb20xGjAYBgoJkiaJk/IsZAEZFgptYXN0ZXJjYXJkMR0wGwYDVQQKExRNYXN0ZXJDYXJkIFdvcmxkV2lkZTEkMCIGA1UECxMbR2xvYmFsIEluZm9ybWF0aW9uIFNlY3VyaXR5MScwJQYDVQQDEx5QUkQgTUMgTWVzc2FnZXMgU2lnbmluZyBzdWIgQ0EwHhcNMTUwOTE4MDkwMzM1WhcNMTkwOTE3MDkwMTI5WjB0MQswCQYDVQQGEwJDTjERMA8GA1UECBMIU0hBTkdIQUkxETAPBgNVBAcTCFNIQU5HSEFJMQ0wCwYDVQQKEwRJQ0NQMRswGQYDVQQLExJtdGYuY29tYXBpLXNpZ25pbmcxEzARBgNVBAMTCkh1aWZ1LUlDQ1AwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbdNCbs7CRltizEUnyB0iIPBgjbF9m2PTZGoOztYsHubf+YHmEOR1OQVElnhJ2y2si5DFKKSsKJy/XkMh6rVmL+sAX1FEKyKYhSeglQERTrJD2fDrStJkn1hllQWk2UzAcGsZBRgEREyA16sqInPYGbcPRtuUANl0bdjsNDPyW7Tj1DjeyNvUOheJjtXmJ4lX7Q5dXg72oIUgC8jN7hTl4QFKII5QzSDfO4tWRw8ZgUhO/2mGon41SCKCddMkY8TloYfKVhuqPXS24drbmLi9/b+CoAxm+G4+DiuLdkXx/IiDN4I279Us1xZpPfeD9Jz9KcLYbPSuONFsDaA1kx/DlAgMBAAGjYDBeMB8GA1UdIwQYMBaAFJX6OY+R/TTI+8Aes+w1zCa18+u7MAwGA1UdEwQFMAMCAQAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQTYqY/7zgfskXR2nn8OxjMwo/URDANBgkqhkiG9w0BAQUFAAOCAQEAgVCuRznHAUFXwPUlebB9gc8J+GKoLSty7X67lSh7WkGZf0Msk5YynpcsJZsST971kDdOSD1dFnyDyanrIRmivUn2fUb67lORm0jrPN5ULVzU5NdUHQmZlJXca5YsNoIR8W5SEukw4BWCj1QIF0nEnRId6hfg1fGbxAL05Je4sp0ssmJ9HgBAn1z51qAP2JnVauyduRNgM/8El2y+/4UWngovcn8l49kUNPYcw82Bf7NUMQbuSq2oibVybYnuKBhfKN+AX2EMuYRwK2ES+lT2qq20mpgwSaJ/BgQZKPGJ8JtJLLXDrSzNdwfLWBG1wuGHsNTO143DrkM8IwnhLZLraQ==</wsse:BinarySecurityToken><ds:Signature Id="SIG-8E8922B41E27CE199814446184418345" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ser soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id-8E8922B41E27CE199814446184418324"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ser" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>FbLrrLs8i7DxH4vVy1t4tA4FSFA=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>NS8hmEFIrqFbT3ZL2wKavSOo9XVxdwFtjinYTKcO53t7O8VbfAqWpIJ15I5/7gEdnnmRllkxKg4C
JKJBgC9M60hOf40/b5iOx5VqUa6kXkJNGvwEruxwcreCsoMKK+XBv+ulcVcwSh0ad71e6ZZ5zRWk
x8j3RMVe/Df2ShQ2RWCzVF88799DITUXVzHNUULRtu2hBl832aQeX3Gecbe7FGhm0kVEVqc6Ak52
8jMVYHD+uJ229zlEyr3Et2h2GbnIK0sV+1H8+IPz+6hHryKFP9v4AicKYV4hGfmNniUOVFlcJF+W
eRedsMMRLuKB4DJmsdzruMPhWPqNmna/i7OMjw==</ds:SignatureValue><ds:KeyInfo Id="KI-8E8922B41E27CE199814446184417922"><wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="STR-8E8922B41E27CE199814446184418003" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"><wsse:Reference URI="#X509-8E8922B41E27CE199814446184415361" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soapenv:Header>
其实也就是多了三条加密数据,
<wsse:BinarySecurityToken>这个标签下面的数据每次都不会改变,猜测可能是公钥加密得来的,但是不明白是加密了什么活着用什么加密方法
在Signature中有两条数据
DigestValue标签下的和SignatureValue标签下的,两条数据每次请求都会发生变化,相同数据请求两次结果不一样,不同数据也不一样
个人猜测DigestValue的值是对发送数据的加密,SignatureValue的值是对DigestValue进行数字签名得来的
不过不清楚这中间的过程,而且每次都会发生变化,猜测可能和时间数据有关系。
跪求各位给点指示,这个过程到底是怎么实现的,困扰了好几天
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
附上新报文的body标签
<soapenv:Body wsu:Id="id-8E8922B41E27CE199814446184418324" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<ser:getDataSourcesRequest>?</ser:getDataSourcesRequest>
</soapenv:Body>
给它新增了一个ID,正好对应DigestValue那个标签的引用ID