在KeyInfo标签肥皂签名信封弹簧启动Secruity下添加X509Certificate标签
我试图添加X509Certificate,这是键入标签下的公共密钥,同时以数字方式签署SOAP Enevelope。我已经尝试过多种方式,但仍然不看。 PFB我的代码剪切和生成的签名的环境。
代码剪辑
@Bean
public CryptoFactoryBean getCryptoFactoryBean() throws IOException {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
cryptoFactoryBean.setKeyStorePassword(Constants.JKS_KEYSTORE_PASSWORD);
cryptoFactoryBean.setKeyStoreLocation(context.getResource("classpath:certificate/api_cert.p12"));
return cryptoFactoryBean;
}
@Bean
public Wss4jSecurityInterceptor securityInterceptor() throws Exception {
Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
securityInterceptor.setSecurementActions("Signature Timestamp");
securityInterceptor.setSecurementTimeToLive(900000);
securityInterceptor.setTimestampPrecisionInMilliseconds(true);
securityInterceptor.setSecurementUsername("api.cert");
securityInterceptor.setSecurementPassword(Constants.JKS_KEYSTORE_PASSWORD);
securityInterceptor.setSecurementSignatureCrypto(getCryptoFactoryBean().getObject());
securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
securityInterceptor.setSecurementMustUnderstand(false);
securityInterceptor.setSecurementSignatureParts(
"{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp");
return securityInterceptor;
}
生成的签名信封snip
<ds:KeyInfo Id="KI-1dca42c9-9ff1-463e-a221-cb88577dd3f5">
<wsse:SecurityTokenReference wsu:Id="STR-5c7abb21-666f-40d2-9f43-ec74f40cc35b">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</ds:X509IssuerName>
<ds:X509SerialNumber>8989....</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
所需的签名信封
<KeyInfo>
<X509Data>
<X509Certificate>MIIGpzCCBY+....</X509Certificate>
<X509IssuerSerial>
<X509IssuerName>CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US</X509IssuerName>
<X509SerialNumber>206281...</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</KeyInfo>
Im trying to add X509Certificate, a public key under KeyInfo Tag while Digitally signing a soap enevelope. I have tried many way, still not look. PFB my Code SNIP and the signed envlope generated.
CODE SNIP
@Bean
public CryptoFactoryBean getCryptoFactoryBean() throws IOException {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
cryptoFactoryBean.setKeyStorePassword(Constants.JKS_KEYSTORE_PASSWORD);
cryptoFactoryBean.setKeyStoreLocation(context.getResource("classpath:certificate/api_cert.p12"));
return cryptoFactoryBean;
}
@Bean
public Wss4jSecurityInterceptor securityInterceptor() throws Exception {
Wss4jSecurityInterceptor securityInterceptor = new Wss4jSecurityInterceptor();
securityInterceptor.setSecurementActions("Signature Timestamp");
securityInterceptor.setSecurementTimeToLive(900000);
securityInterceptor.setTimestampPrecisionInMilliseconds(true);
securityInterceptor.setSecurementUsername("api.cert");
securityInterceptor.setSecurementPassword(Constants.JKS_KEYSTORE_PASSWORD);
securityInterceptor.setSecurementSignatureCrypto(getCryptoFactoryBean().getObject());
securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2001/04/xmlenc#sha256");
securityInterceptor.setSecurementMustUnderstand(false);
securityInterceptor.setSecurementSignatureParts(
"{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body;{Content}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp");
return securityInterceptor;
}
GENERATED SIGNED ENVELOPE SNIP
<ds:KeyInfo Id="KI-1dca42c9-9ff1-463e-a221-cb88577dd3f5">
<wsse:SecurityTokenReference wsu:Id="STR-5c7abb21-666f-40d2-9f43-ec74f40cc35b">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US</ds:X509IssuerName>
<ds:X509SerialNumber>8989....</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
DESIRED SIGNED ENVELOP SNIP
<KeyInfo>
<X509Data>
<X509Certificate>MIIGpzCCBY+....</X509Certificate>
<X509IssuerSerial>
<X509IssuerName>CN=DigiCert SHA2 Extended Validation Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US</X509IssuerName>
<X509SerialNumber>206281...</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</KeyInfo>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论