在 Spring 中使用 Wss4j 签署 SOAP header 抛出错误 "Caused by: java.security.UnrecoverableKeyException: Given final block not properly padded"
Signing SOAP header using Wss4j in Spring throwing errors "Caused by: java.security.UnrecoverableKeyException: Given final block not properly padded"
我正在使用 Spring Boot 实现 SOAP 客户端以进行以下配置以连接第三方 Web 服务器。下面是我的 WS-security 与 SOAPUI 客户端一起使用的传出配置。
时间戳和用户名配置如下
上面的配置我写了Wss4jSecurityInterceptor,如下
@Configuration
public class Config {
private static final Logger LOGGER = LoggerFactory.getLogger(Config.class);
@Bean
public Jaxb2Marshaller marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
// this is the package name specified in the <generatePackage> specified in
// pom.xml
marshaller.setContextPath("co.yabx.bureau.wsdl");
return marshaller;
}
@Bean
public ExecuteStrategy executeStrategy(Jaxb2Marshaller jaxb2Marshaller) throws Exception {
ExecuteStrategy soapClient = new ExecuteStrategy();
soapClient.setDefaultUri("https://demo-abc/dummy/url");
soapClient.setMarshaller(jaxb2Marshaller);
soapClient.setUnmarshaller(jaxb2Marshaller);
ClientInterceptor[] interceptors = new ClientInterceptor[] { wss4jSecurityInterceptor() };
soapClient.setInterceptors(interceptors);
return soapClient;
}
@Bean
public CryptoFactoryBean cryptoFactoryBean() throws IOException {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
cryptoFactoryBean.setKeyStoreType("PKCS12");
cryptoFactoryBean.setKeyStorePassword("123456");
cryptoFactoryBean.setDefaultX509Alias("1");
ClassPathResource classPathResource = new ClassPathResource("\jks\exdemo.p12"); //
// System.out.println(classPathResource.getURL());
cryptoFactoryBean.setKeyStoreLocation(classPathResource);
return cryptoFactoryBean;
}
@Bean
public Wss4jSecurityInterceptor wss4jSecurityInterceptor() throws Exception {
Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
wss4jSecurityInterceptor.setSecurementActions("UsernameToken Timestamp Signature");
// Sign the request
wss4jSecurityInterceptor.setSecurementSignatureUser("alias"); // alias vale used in above screenshot
wss4jSecurityInterceptor.setSecurementUsername("pqr");
wss4jSecurityInterceptor.setSecurementTimeToLive(60);
wss4jSecurityInterceptor.setSecurementPassword("lmn*");
wss4jSecurityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
wss4jSecurityInterceptor.setSecurementUsernameTokenNonce(true);
wss4jSecurityInterceptor.setSecurementUsernameTokenCreated(true);
wss4jSecurityInterceptor.setSecurementSignatureCrypto(cryptoFactoryBean().getObject());
// Encrypt the request
// wss4jSecurityInterceptor.setSecurementEncryptionUser("server-public");
wss4jSecurityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");
wss4jSecurityInterceptor.setSecurementSignatureAlgorithm(WSConstants.RSA_SHA1);
wss4jSecurityInterceptor.setSecurementSignatureDigestAlgorithm(WSConstants.SHA1);
wss4jSecurityInterceptor.setSecurementMustUnderstand(true);
// wss4jSecurityInterceptor.setSecurementEncryptionUser(securementEncryptionUser);
wss4jSecurityInterceptor.setRemoveSecurityHeader(true);
wss4jSecurityInterceptor.setSecurementEncryptionCrypto(cryptoFactoryBean().getObject());
return wss4jSecurityInterceptor;
}
}
设置整个配置和 运行 应用程序后,它抛出错误,如下所示。
2020-04-20 15:45:21.826 ERROR 1172 --- [ main] o.a.wss4j.dom.message.WSSecSignature : No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:722) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:558) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:166) [wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238) [wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63) [spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574) [spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:210) [spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:597) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:373) [spring-ws-core-3.0.8.RELEASE.jar:na]
at co.yabx.bureau.client.ExecuteStrategy.executeStrategy(ExecuteStrategy.java:18) [classes/:na]
at co.yabx.bureau.BureauSoapServiceApplication.main(BureauSoapServiceApplication.java:34) [classes/:na]
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source) ~[na:1.8.0_171]
at java.security.KeyStore.getKey(Unknown Source) ~[na:1.8.0_171]
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:710) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
... 13 common frames omitted
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:399) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:431) ~[sunjce_provider.jar:1.8.0_171]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[na:1.8.0_171]
... 16 common frames omitted
2020-04-20 15:45:21.827 ERROR 1172 --- [ main] o.s.w.s.s.w.Wss4jSecurityInterceptor : Could not secure response: Error during Signature: ; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Error during Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
org.springframework.ws.soap.security.wss4j2.Wss4jSecuritySecurementException: Error during Signature: ; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Error during Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:577) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:210) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:597) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:373) [spring-ws-core-3.0.8.RELEASE.jar:na]
at co.yabx.bureau.client.ExecuteStrategy.executeStrategy(ExecuteStrategy.java:18) [classes/:na]
at co.yabx.bureau.BureauSoapServiceApplication.main(BureauSoapServiceApplication.java:34) [classes/:na]
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during Signature:
at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:174) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
... 8 common frames omitted
Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
at org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:615) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:166) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
... 11 common frames omitted
Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:722) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:558) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
... 12 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source) ~[na:1.8.0_171]
at java.security.KeyStore.getKey(Unknown Source) ~[na:1.8.0_171]
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:710) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
... 13 common frames omitted
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:399) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:431) ~[sunjce_provider.jar:1.8.0_171]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[na:1.8.0_171]
... 16 common frames omitted
我也尝试使用属性创建 CrytpoFactoryBean,但仍然遇到同样的问题。下面是我试过的属性配置
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
properties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias", "alias");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "PKCS12");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "123456");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.file",
"\jks\exdemo.p12");
cryptoFactoryBean.setConfiguration(properties);
try {
cryptoFactoryBean.afterPropertiesSet();
} catch (Exception e) { // TODO Auto-generated catch block
e.printStackTrace();
}
我不明白我在做什么错误。任何帮助将不胜感激。
在上面的代码中,我同时为用户名、密码和签名添加了安全配置,相反,我必须将它们保存在单独的数组中,如下所示。
@Bean
public ExecuteStrategy executeStrategy(Jaxb2Marshaller jaxb2Marshaller) throws Exception {
ExecuteStrategy soapClient = new ExecuteStrategy();
soapClient.setDefaultUri("https://demo-servicesesb.datacredito.com.co/wss/DecisorWS/services/dummyService/MotorService");
soapClient.setMarshaller(jaxb2Marshaller);
soapClient.setUnmarshaller(jaxb2Marshaller);
ClientInterceptor[] interceptors = wss4jSecurityInterceptor();
soapClient.setInterceptors(interceptors);
return soapClient;
}
和
@Bean
public Wss4jSecurityInterceptor[] wss4jSecurityInterceptor() throws Exception {
// org.apache.xml.security.Init.init();
Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
wss4jSecurityInterceptor.setSecurementActions("UsernameToken");
// Sign in the request
wss4jSecurityInterceptor.setSecurementUsername("dummyUser");
wss4jSecurityInterceptor.setSecurementPassword("dummyPassword");
// wss4jSecurityInterceptor.setSecurementPassword("123456");
wss4jSecurityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
wss4jSecurityInterceptor.setSecurementUsernameTokenNonce(true);
wss4jSecurityInterceptor.setSecurementUsernameTokenCreated(true);
wss4jSecurityInterceptor.afterPropertiesSet();
Wss4jSecurityInterceptor wss4jSecurityInterceptor1 = new Wss4jSecurityInterceptor();
wss4jSecurityInterceptor1.setSecurementActions("Signature");
wss4jSecurityInterceptor1.setSecurementSignatureUser("1");
wss4jSecurityInterceptor1.setSecurementPassword("123456");
wss4jSecurityInterceptor1.setSecurementSignatureKeyIdentifier("DirectReference");
wss4jSecurityInterceptor1.setSecurementSignatureAlgorithm(WSConstants.RSA_SHA1);
wss4jSecurityInterceptor1.setSecurementSignatureDigestAlgorithm(WSConstants.SHA1);
wss4jSecurityInterceptor1.setSecurementTimeToLive(60);
wss4jSecurityInterceptor1.setTimestampPrecisionInMilliseconds(true);
wss4jSecurityInterceptor1.setSecurementSignatureCrypto(cryptoFactoryBean().getObject());
wss4jSecurityInterceptor1.afterPropertiesSet();
Wss4jSecurityInterceptor[] wss4jSecurityInterceptorArray = new Wss4jSecurityInterceptor[2];
wss4jSecurityInterceptorArray[0] = wss4jSecurityInterceptor;
wss4jSecurityInterceptorArray[1] = wss4jSecurityInterceptor1;
return wss4jSecurityInterceptorArray;
}
和
@Bean
public CryptoFactoryBean cryptoFactoryBean() throws IOException {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
properties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias", "1");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "PKCS12");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "123456");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.file",
"C:\abc.p12");
cryptoFactoryBean.setConfiguration(properties);
try {
cryptoFactoryBean.afterPropertiesSet();
} catch (Exception e) {
e.printStackTrace();
}
return cryptoFactoryBean;
}
将 wss4jSecurityInterceptor
作为一个数组保存 username/password 作为单独的数组,将签名作为单独的数组,对我有用。
我正在使用 Spring Boot 实现 SOAP 客户端以进行以下配置以连接第三方 Web 服务器。下面是我的 WS-security 与 SOAPUI 客户端一起使用的传出配置。
时间戳和用户名配置如下
上面的配置我写了Wss4jSecurityInterceptor,如下
@Configuration
public class Config {
private static final Logger LOGGER = LoggerFactory.getLogger(Config.class);
@Bean
public Jaxb2Marshaller marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
// this is the package name specified in the <generatePackage> specified in
// pom.xml
marshaller.setContextPath("co.yabx.bureau.wsdl");
return marshaller;
}
@Bean
public ExecuteStrategy executeStrategy(Jaxb2Marshaller jaxb2Marshaller) throws Exception {
ExecuteStrategy soapClient = new ExecuteStrategy();
soapClient.setDefaultUri("https://demo-abc/dummy/url");
soapClient.setMarshaller(jaxb2Marshaller);
soapClient.setUnmarshaller(jaxb2Marshaller);
ClientInterceptor[] interceptors = new ClientInterceptor[] { wss4jSecurityInterceptor() };
soapClient.setInterceptors(interceptors);
return soapClient;
}
@Bean
public CryptoFactoryBean cryptoFactoryBean() throws IOException {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
cryptoFactoryBean.setKeyStoreType("PKCS12");
cryptoFactoryBean.setKeyStorePassword("123456");
cryptoFactoryBean.setDefaultX509Alias("1");
ClassPathResource classPathResource = new ClassPathResource("\jks\exdemo.p12"); //
// System.out.println(classPathResource.getURL());
cryptoFactoryBean.setKeyStoreLocation(classPathResource);
return cryptoFactoryBean;
}
@Bean
public Wss4jSecurityInterceptor wss4jSecurityInterceptor() throws Exception {
Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
wss4jSecurityInterceptor.setSecurementActions("UsernameToken Timestamp Signature");
// Sign the request
wss4jSecurityInterceptor.setSecurementSignatureUser("alias"); // alias vale used in above screenshot
wss4jSecurityInterceptor.setSecurementUsername("pqr");
wss4jSecurityInterceptor.setSecurementTimeToLive(60);
wss4jSecurityInterceptor.setSecurementPassword("lmn*");
wss4jSecurityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
wss4jSecurityInterceptor.setSecurementUsernameTokenNonce(true);
wss4jSecurityInterceptor.setSecurementUsernameTokenCreated(true);
wss4jSecurityInterceptor.setSecurementSignatureCrypto(cryptoFactoryBean().getObject());
// Encrypt the request
// wss4jSecurityInterceptor.setSecurementEncryptionUser("server-public");
wss4jSecurityInterceptor.setSecurementSignatureKeyIdentifier("DirectReference");
wss4jSecurityInterceptor.setSecurementSignatureAlgorithm(WSConstants.RSA_SHA1);
wss4jSecurityInterceptor.setSecurementSignatureDigestAlgorithm(WSConstants.SHA1);
wss4jSecurityInterceptor.setSecurementMustUnderstand(true);
// wss4jSecurityInterceptor.setSecurementEncryptionUser(securementEncryptionUser);
wss4jSecurityInterceptor.setRemoveSecurityHeader(true);
wss4jSecurityInterceptor.setSecurementEncryptionCrypto(cryptoFactoryBean().getObject());
return wss4jSecurityInterceptor;
}
}
设置整个配置和 运行 应用程序后,它抛出错误,如下所示。
2020-04-20 15:45:21.826 ERROR 1172 --- [ main] o.a.wss4j.dom.message.WSSecSignature : No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:722) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:558) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:166) [wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238) [wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63) [spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574) [spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:210) [spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:597) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:373) [spring-ws-core-3.0.8.RELEASE.jar:na]
at co.yabx.bureau.client.ExecuteStrategy.executeStrategy(ExecuteStrategy.java:18) [classes/:na]
at co.yabx.bureau.BureauSoapServiceApplication.main(BureauSoapServiceApplication.java:34) [classes/:na]
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source) ~[na:1.8.0_171]
at java.security.KeyStore.getKey(Unknown Source) ~[na:1.8.0_171]
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:710) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
... 13 common frames omitted
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:399) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:431) ~[sunjce_provider.jar:1.8.0_171]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[na:1.8.0_171]
... 16 common frames omitted
2020-04-20 15:45:21.827 ERROR 1172 --- [ main] o.s.w.s.s.w.Wss4jSecurityInterceptor : Could not secure response: Error during Signature: ; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Error during Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
org.springframework.ws.soap.security.wss4j2.Wss4jSecuritySecurementException: Error during Signature: ; nested exception is org.apache.wss4j.common.ext.WSSecurityException: Error during Signature:
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
Original Exception was java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:577) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.AbstractWsSecurityInterceptor.handleRequest(AbstractWsSecurityInterceptor.java:210) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.doSendAndReceive(WebServiceTemplate.java:597) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:555) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383) [spring-ws-core-3.0.8.RELEASE.jar:na]
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:373) [spring-ws-core-3.0.8.RELEASE.jar:na]
at co.yabx.bureau.client.ExecuteStrategy.executeStrategy(ExecuteStrategy.java:18) [classes/:na]
at co.yabx.bureau.BureauSoapServiceApplication.main(BureauSoapServiceApplication.java:34) [classes/:na]
Caused by: org.apache.wss4j.common.ext.WSSecurityException: Error during Signature:
at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:174) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.handler.WSHandler.doSenderAction(WSHandler.java:238) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.springframework.ws.soap.security.wss4j2.Wss4jHandler.doSenderAction(Wss4jHandler.java:63) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
at org.springframework.ws.soap.security.wss4j2.Wss4jSecurityInterceptor.secureMessage(Wss4jSecurityInterceptor.java:574) ~[spring-ws-security-3.0.8.RELEASE.jar:na]
... 8 common frames omitted
Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
at org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:615) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.action.SignatureAction.execute(SignatureAction.java:166) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
... 11 common frames omitted
Caused by: org.apache.wss4j.common.ext.WSSecurityException: No message with ID "noPrivateKey" found in resource bundle "org/apache/xml/security/resource/xmlsecurity"
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:722) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
at org.apache.wss4j.dom.message.WSSecSignature.computeSignature(WSSecSignature.java:558) ~[wss4j-ws-security-dom-2.2.3.jar:2.2.3]
... 12 common frames omitted
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at sun.security.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source) ~[na:1.8.0_171]
at java.security.KeyStore.getKey(Unknown Source) ~[na:1.8.0_171]
at org.apache.wss4j.common.crypto.Merlin.getPrivateKey(Merlin.java:710) ~[wss4j-ws-security-common-2.2.3.jar:2.2.3]
... 13 common frames omitted
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:399) ~[sunjce_provider.jar:1.8.0_171]
at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:431) ~[sunjce_provider.jar:1.8.0_171]
at javax.crypto.Cipher.doFinal(Cipher.java:2164) ~[na:1.8.0_171]
... 16 common frames omitted
我也尝试使用属性创建 CrytpoFactoryBean,但仍然遇到同样的问题。下面是我试过的属性配置
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
properties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias", "alias");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "PKCS12");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "123456");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.file",
"\jks\exdemo.p12");
cryptoFactoryBean.setConfiguration(properties);
try {
cryptoFactoryBean.afterPropertiesSet();
} catch (Exception e) { // TODO Auto-generated catch block
e.printStackTrace();
}
我不明白我在做什么错误。任何帮助将不胜感激。
在上面的代码中,我同时为用户名、密码和签名添加了安全配置,相反,我必须将它们保存在单独的数组中,如下所示。
@Bean
public ExecuteStrategy executeStrategy(Jaxb2Marshaller jaxb2Marshaller) throws Exception {
ExecuteStrategy soapClient = new ExecuteStrategy();
soapClient.setDefaultUri("https://demo-servicesesb.datacredito.com.co/wss/DecisorWS/services/dummyService/MotorService");
soapClient.setMarshaller(jaxb2Marshaller);
soapClient.setUnmarshaller(jaxb2Marshaller);
ClientInterceptor[] interceptors = wss4jSecurityInterceptor();
soapClient.setInterceptors(interceptors);
return soapClient;
}
和
@Bean
public Wss4jSecurityInterceptor[] wss4jSecurityInterceptor() throws Exception {
// org.apache.xml.security.Init.init();
Wss4jSecurityInterceptor wss4jSecurityInterceptor = new Wss4jSecurityInterceptor();
wss4jSecurityInterceptor.setSecurementActions("UsernameToken");
// Sign in the request
wss4jSecurityInterceptor.setSecurementUsername("dummyUser");
wss4jSecurityInterceptor.setSecurementPassword("dummyPassword");
// wss4jSecurityInterceptor.setSecurementPassword("123456");
wss4jSecurityInterceptor.setSecurementPasswordType(WSConstants.PW_TEXT);
wss4jSecurityInterceptor.setSecurementUsernameTokenNonce(true);
wss4jSecurityInterceptor.setSecurementUsernameTokenCreated(true);
wss4jSecurityInterceptor.afterPropertiesSet();
Wss4jSecurityInterceptor wss4jSecurityInterceptor1 = new Wss4jSecurityInterceptor();
wss4jSecurityInterceptor1.setSecurementActions("Signature");
wss4jSecurityInterceptor1.setSecurementSignatureUser("1");
wss4jSecurityInterceptor1.setSecurementPassword("123456");
wss4jSecurityInterceptor1.setSecurementSignatureKeyIdentifier("DirectReference");
wss4jSecurityInterceptor1.setSecurementSignatureAlgorithm(WSConstants.RSA_SHA1);
wss4jSecurityInterceptor1.setSecurementSignatureDigestAlgorithm(WSConstants.SHA1);
wss4jSecurityInterceptor1.setSecurementTimeToLive(60);
wss4jSecurityInterceptor1.setTimestampPrecisionInMilliseconds(true);
wss4jSecurityInterceptor1.setSecurementSignatureCrypto(cryptoFactoryBean().getObject());
wss4jSecurityInterceptor1.afterPropertiesSet();
Wss4jSecurityInterceptor[] wss4jSecurityInterceptorArray = new Wss4jSecurityInterceptor[2];
wss4jSecurityInterceptorArray[0] = wss4jSecurityInterceptor;
wss4jSecurityInterceptorArray[1] = wss4jSecurityInterceptor1;
return wss4jSecurityInterceptorArray;
}
和
@Bean
public CryptoFactoryBean cryptoFactoryBean() throws IOException {
CryptoFactoryBean cryptoFactoryBean = new CryptoFactoryBean();
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
properties.setProperty("org.apache.wss4j.crypto.merlin.keystore.alias", "1");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "PKCS12");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "123456");
properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.file",
"C:\abc.p12");
cryptoFactoryBean.setConfiguration(properties);
try {
cryptoFactoryBean.afterPropertiesSet();
} catch (Exception e) {
e.printStackTrace();
}
return cryptoFactoryBean;
}
将 wss4jSecurityInterceptor
作为一个数组保存 username/password 作为单独的数组,将签名作为单独的数组,对我有用。