Spring-WS 解密 body 部分
Spring-WS Decrypt body part
所以我正在通过 soap 与服务通信。休息 body 如下所示。
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">plU1gwH/05daoxwRJYvuAViKUp4=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
<xenc:CipherData xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:CipherValue>J/AQ6BnIAbTgrXYkRAg7mB1sKEQcroAvc/5Gy1a60oN+nxISGjS+W/sdbX9XAG8paAb+Zb6WoOyxw+9ZN9SFpq3TpDnjO/F/6DDisVOG5i65KnC3bDG1Y2tpRsGZzKvzPGB3O2mmnBGSfVb5FNDZoeBLQqlHf8iKc8GPQlTuAOWhEKStU20RXN9FjmSumiYxa0EUitFoGicVHg2ym5EEuVb10yGbkMPGcqGb2hZc/4pAJC8RORZmyXV2cZFin7ngfneD6uz7y5i3RPVvBNtN4kET75AoLJd3vJUXOevSXojiSoYb89adjRtrs2lVtthX+yh7x1ddwSeJ7+Ah5kW6JA==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#G0x7f16e7565138-46D"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
...
<soapenv:Body wsu:Id="Body-ab9464bb-3e1e-4d4f-94a6-9f75b7e4f6bd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<c:validateResponse xmlns:a="http://ebs.health.ontario.ca/" xmlns:b="http://idp.ebs.health.ontario.ca/" xmlns:c="http://hcv.health.ontario.ca/">
<xenc:EncryptedData Id="G0x7f16e7565138-46D" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>IL3224+2hgeCS18/fT4aGSDawPFfz5d4WX2428mLH7K+fKuWSgY0Aq/Qn6qCaNdX1ZvlIpVgOqHIU7ggnDlKIZEVVL50ex4czoBN4Ii9w+lu1JMFb/m3ijQbUAV3SfjqxPmVlRklIjjZXSIyd9/TT7V35vKL6Md1dHxbrjm9jtcd1jhzKcG7pLQjg94eJsAi4gxMiMELXU2IrzQRym8dvjw57cSIU6SdII5RORH5YyP6/Qivx5NOEJijjw+fGAuGBrbSqhjOW0BlidW/Zu/i0d6Qwx0FmCwvjlJ0Su5wSofF6rY/X6A3iaQ1AB7RgUVhQOLLCu0/q7mrJHbX0pcPfhw1pv69RoIz7kcVNLZhw9vidUyAaPnbwUKahS2kk6jy3brNM6NpS8Mb906ioihqRd+3utyGqs7pCtTW7iM6pYyiu27GNCt05hBiDXm1bQUqIAUv3q1ROSVxEgLAdD6AMBmJl9Rq0G/dHv3MoYd9aTLFvK+QCaXBovib1ZcdqQJTZf2twAv2Jesm+eyKqwQO/NpOkmUxE/OWEfY5vUkRBMOgg5mBNV1r/sMNOuEs9SWIGCOMZLRh61WgVCgfaLlByYTAKdA1rIohxVqbQti5onZSgbkKU0I3zSTJGPGdirvUSRc9AM6dcetK3dM03/3XCg0LJRqOgsdseK+BDjsu3yDgyWpHfUCXZlObt66BPXi7J5VlBPI4fXM47TK9TtOL7D82yLt0hbSk37iCrbkZ0XIGunJ9i+XJ2mI5B8+yVEfEsV4QxcA2QX+BVyMMeLPooBoCzZLTuSXDX2wutO+a+90FeD4G8P185KC/X1ylpTywuGPtpx/7NIqh+yozA5RRkTWDxnR4YxtIt4FESyW9yuj9J2Mjz6U2E0FViGuXy2b5oFEnpia9PrUpNspQziQ1FONRHF66KmARSqfyg22mhun/szLUxoL3QFbpsJ+GLtAN0F4jegzEP2c+DBipvJrP8Zlc27gGA70R6icH5KqhkNCOT69l06gsjeU1jVZxoVFx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</c:validateResponse>
</soapenv:Body>
请注意,validateResponse 已加密数据。这是使用请求中的 public 密钥加密的。当我尝试执行 webServiceTemplate.marshalSendAndReceive 时,我得到 JAXBElement 始终为空。
下面是我的安全拦截器
@Bean
@Throws(Exception::class)
fun wss4jSecurityInterceptor(): Wss4jSecurityInterceptor {
val securityInterceptor = Wss4jSecurityInterceptor()
// set security actions: Timestamp Signature SAMLTokenSigned SAMLTokenUnsigned
securityInterceptor.setSecurementActions("Timestamp Signature UsernameToken")
//securityInterceptor.setValidationCallbackHandler(securityCallbackHandler())
securityInterceptor.setSecurementUsername("USERNAME")
securityInterceptor.setSecurementPassword("PASSWORD")
securityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT)
// sign the request
securityInterceptor.setSecurementUsername(signingCertName)
securityInterceptor.setSecurementPassword(signingCertPassword)
securityInterceptor.setSecurementTimeToLive(5000)
securityInterceptor.setTimestampStrict(false)
securityInterceptor.setSecurementSignatureCrypto(myCrypto())
securityInterceptor.setSecurementSignatureParts(
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
"{Element}{http://ebs.health.ontario.ca/}EBS;" +
"{Element}{http://idp.ebs.health.ontario.ca/}IDP;"
)
securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1")
securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference")
securityInterceptor.setSecurementMustUnderstand(true)
val keyStoreCallbackHandler = KeyStoreCallbackHandler()
keyStoreCallbackHandler.setPrivateKeyPassword("PASSWORD")
securityInterceptor.setValidationDecryptionCrypto(myCrypto())
securityInterceptor.setValidationCallbackHandler(keyStoreCallbackHandler)
securityInterceptor.setSecurementEncryptionParts("{Element}{http://hcv.health.ontario.ca/}validateResponse;")
securityInterceptor.setSecurementEncryptionCrypto(myCrypto())
securityInterceptor.setValidationActions("Encrypt")
securityInterceptor.setValidationActor("USERNAME")
securityInterceptor.setValidateRequest(false)
securityInterceptor.setValidateResponse(false)
securityInterceptor.afterPropertiesSet()
return securityInterceptor
}
编辑:用 header
的一部分更新了 soap 请求
正在阅读我正在与之通信的服务器的规格,
如果任何响应数据指定为enc
加密,由特定的网络服务技术
规范,数据将至少使用 AES128-
CBC对称
使用属于初始 SOAP 签名者的 public 密钥的加密算法
要求。加密算法可能会根据具体的web服务增加
技术规范。
我不确定该怎么做
所以我想通了。
正在跳过验证
securityInterceptor.setValidateRequest(false)
securityInterceptor.setValidateResponse(false)
需要删除
所以我正在通过 soap 与服务通信。休息 body 如下所示。
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"/>
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier">plU1gwH/05daoxwRJYvuAViKUp4=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</dsig:KeyInfo>
<xenc:CipherData xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<xenc:CipherValue>J/AQ6BnIAbTgrXYkRAg7mB1sKEQcroAvc/5Gy1a60oN+nxISGjS+W/sdbX9XAG8paAb+Zb6WoOyxw+9ZN9SFpq3TpDnjO/F/6DDisVOG5i65KnC3bDG1Y2tpRsGZzKvzPGB3O2mmnBGSfVb5FNDZoeBLQqlHf8iKc8GPQlTuAOWhEKStU20RXN9FjmSumiYxa0EUitFoGicVHg2ym5EEuVb10yGbkMPGcqGb2hZc/4pAJC8RORZmyXV2cZFin7ngfneD6uz7y5i3RPVvBNtN4kET75AoLJd3vJUXOevSXojiSoYb89adjRtrs2lVtthX+yh7x1ddwSeJ7+Ah5kW6JA==</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#G0x7f16e7565138-46D"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
...
<soapenv:Body wsu:Id="Body-ab9464bb-3e1e-4d4f-94a6-9f75b7e4f6bd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<c:validateResponse xmlns:a="http://ebs.health.ontario.ca/" xmlns:b="http://idp.ebs.health.ontario.ca/" xmlns:c="http://hcv.health.ontario.ca/">
<xenc:EncryptedData Id="G0x7f16e7565138-46D" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<xenc:CipherData>
<xenc:CipherValue>IL3224+2hgeCS18/fT4aGSDawPFfz5d4WX2428mLH7K+fKuWSgY0Aq/Qn6qCaNdX1ZvlIpVgOqHIU7ggnDlKIZEVVL50ex4czoBN4Ii9w+lu1JMFb/m3ijQbUAV3SfjqxPmVlRklIjjZXSIyd9/TT7V35vKL6Md1dHxbrjm9jtcd1jhzKcG7pLQjg94eJsAi4gxMiMELXU2IrzQRym8dvjw57cSIU6SdII5RORH5YyP6/Qivx5NOEJijjw+fGAuGBrbSqhjOW0BlidW/Zu/i0d6Qwx0FmCwvjlJ0Su5wSofF6rY/X6A3iaQ1AB7RgUVhQOLLCu0/q7mrJHbX0pcPfhw1pv69RoIz7kcVNLZhw9vidUyAaPnbwUKahS2kk6jy3brNM6NpS8Mb906ioihqRd+3utyGqs7pCtTW7iM6pYyiu27GNCt05hBiDXm1bQUqIAUv3q1ROSVxEgLAdD6AMBmJl9Rq0G/dHv3MoYd9aTLFvK+QCaXBovib1ZcdqQJTZf2twAv2Jesm+eyKqwQO/NpOkmUxE/OWEfY5vUkRBMOgg5mBNV1r/sMNOuEs9SWIGCOMZLRh61WgVCgfaLlByYTAKdA1rIohxVqbQti5onZSgbkKU0I3zSTJGPGdirvUSRc9AM6dcetK3dM03/3XCg0LJRqOgsdseK+BDjsu3yDgyWpHfUCXZlObt66BPXi7J5VlBPI4fXM47TK9TtOL7D82yLt0hbSk37iCrbkZ0XIGunJ9i+XJ2mI5B8+yVEfEsV4QxcA2QX+BVyMMeLPooBoCzZLTuSXDX2wutO+a+90FeD4G8P185KC/X1ylpTywuGPtpx/7NIqh+yozA5RRkTWDxnR4YxtIt4FESyW9yuj9J2Mjz6U2E0FViGuXy2b5oFEnpia9PrUpNspQziQ1FONRHF66KmARSqfyg22mhun/szLUxoL3QFbpsJ+GLtAN0F4jegzEP2c+DBipvJrP8Zlc27gGA70R6icH5KqhkNCOT69l06gsjeU1jVZxoVFx</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</c:validateResponse>
</soapenv:Body>
请注意,validateResponse 已加密数据。这是使用请求中的 public 密钥加密的。当我尝试执行 webServiceTemplate.marshalSendAndReceive 时,我得到 JAXBElement 始终为空。
下面是我的安全拦截器
@Bean
@Throws(Exception::class)
fun wss4jSecurityInterceptor(): Wss4jSecurityInterceptor {
val securityInterceptor = Wss4jSecurityInterceptor()
// set security actions: Timestamp Signature SAMLTokenSigned SAMLTokenUnsigned
securityInterceptor.setSecurementActions("Timestamp Signature UsernameToken")
//securityInterceptor.setValidationCallbackHandler(securityCallbackHandler())
securityInterceptor.setSecurementUsername("USERNAME")
securityInterceptor.setSecurementPassword("PASSWORD")
securityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT)
// sign the request
securityInterceptor.setSecurementUsername(signingCertName)
securityInterceptor.setSecurementPassword(signingCertPassword)
securityInterceptor.setSecurementTimeToLive(5000)
securityInterceptor.setTimestampStrict(false)
securityInterceptor.setSecurementSignatureCrypto(myCrypto())
securityInterceptor.setSecurementSignatureParts(
"{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;" +
"{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
"{Element}{http://ebs.health.ontario.ca/}EBS;" +
"{Element}{http://idp.ebs.health.ontario.ca/}IDP;"
)
securityInterceptor.setSecurementSignatureDigestAlgorithm("http://www.w3.org/2000/09/xmldsig#sha1")
securityInterceptor.setSecurementSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1")
securityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference")
securityInterceptor.setSecurementMustUnderstand(true)
val keyStoreCallbackHandler = KeyStoreCallbackHandler()
keyStoreCallbackHandler.setPrivateKeyPassword("PASSWORD")
securityInterceptor.setValidationDecryptionCrypto(myCrypto())
securityInterceptor.setValidationCallbackHandler(keyStoreCallbackHandler)
securityInterceptor.setSecurementEncryptionParts("{Element}{http://hcv.health.ontario.ca/}validateResponse;")
securityInterceptor.setSecurementEncryptionCrypto(myCrypto())
securityInterceptor.setValidationActions("Encrypt")
securityInterceptor.setValidationActor("USERNAME")
securityInterceptor.setValidateRequest(false)
securityInterceptor.setValidateResponse(false)
securityInterceptor.afterPropertiesSet()
return securityInterceptor
}
编辑:用 header
的一部分更新了 soap 请求正在阅读我正在与之通信的服务器的规格,
如果任何响应数据指定为enc 加密,由特定的网络服务技术 规范,数据将至少使用 AES128- CBC对称 使用属于初始 SOAP 签名者的 public 密钥的加密算法 要求。加密算法可能会根据具体的web服务增加 技术规范。
我不确定该怎么做
所以我想通了。
正在跳过验证
securityInterceptor.setValidateRequest(false)
securityInterceptor.setValidateResponse(false)
需要删除