使用 WSSecSignature 生成安全 header
Security header generation using WSSecSignature
我正在使用 WSSecSignature 生成安全性 header 这是相关代码。
public static SOAPMessage signSoapMessage1(SOAPMessage message, PrivateKey signingKey, X509Certificate signingCert, char[] password) throws WSSecurityException {
final String alias = "alias";
WSSConfig config = new WSSConfig();
config.setWsiBSPCompliant(false);
WSSecSignature builder = new WSSecSignature();
builder.setX509Certificate(signingCert);
builder.setUserInfo(alias, new String(password));
builder.setUseSingleCertificate(false);
builder.setKeyIdentifierType(WSConstants.BST);
builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
try {
Document document = toDocument(message);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(document);
List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
WSEncryptionPart bodyPart = new WSEncryptionPart(WSConstants.ELEM_BODY, WSConstants.URI_SOAP11_ENV, "");
parts.add(bodyPart);
builder.setParts(parts);
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
Crypto crypto = CryptoFactory.getInstance(properties);
KeyStore keystore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream("certFile.p12");
InputStream is = fis;
keystore.load(is, password);
((Merlin) crypto).setKeyStore(keystore);
crypto.loadCertificate(new ByteArrayInputStream(signingCert.getEncoded()));
document = builder.build(document, crypto, secHeader);
System.out.println(docToString(document));
return message;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
这里面,builder.setUseSingleCertificate(false);有什么意义?我试过给true和false,但是找不到变化。
理解有误请见谅
经过漫长的一天研究找到了答案。 setUseSingleCertificate 将决定 Token types in Binary security token,
- 如果为真,则值为
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
- 其他
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1
更多信息请访问 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
第 3.1 节
我正在使用 WSSecSignature 生成安全性 header 这是相关代码。
public static SOAPMessage signSoapMessage1(SOAPMessage message, PrivateKey signingKey, X509Certificate signingCert, char[] password) throws WSSecurityException {
final String alias = "alias";
WSSConfig config = new WSSConfig();
config.setWsiBSPCompliant(false);
WSSecSignature builder = new WSSecSignature();
builder.setX509Certificate(signingCert);
builder.setUserInfo(alias, new String(password));
builder.setUseSingleCertificate(false);
builder.setKeyIdentifierType(WSConstants.BST);
builder.setSigCanonicalization(WSConstants.C14N_EXCL_OMIT_COMMENTS);
try {
Document document = toDocument(message);
WSSecHeader secHeader = new WSSecHeader();
secHeader.insertSecurityHeader(document);
List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
WSEncryptionPart bodyPart = new WSEncryptionPart(WSConstants.ELEM_BODY, WSConstants.URI_SOAP11_ENV, "");
parts.add(bodyPart);
builder.setParts(parts);
Properties properties = new Properties();
properties.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
Crypto crypto = CryptoFactory.getInstance(properties);
KeyStore keystore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream("certFile.p12");
InputStream is = fis;
keystore.load(is, password);
((Merlin) crypto).setKeyStore(keystore);
crypto.loadCertificate(new ByteArrayInputStream(signingCert.getEncoded()));
document = builder.build(document, crypto, secHeader);
System.out.println(docToString(document));
return message;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
这里面,builder.setUseSingleCertificate(false);有什么意义?我试过给true和false,但是找不到变化。
理解有误请见谅
经过漫长的一天研究找到了答案。 setUseSingleCertificate 将决定 Token types in Binary security token,
- 如果为真,则值为
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 - 其他
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1
更多信息请访问 http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf
第 3.1 节