验证SOAP消息的签名
大家好
这是我的要求信息:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-A3BCFAE87E12A8813813289737654441">MIICCTCCAXKgAwIBAgIETzVFkDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJSVTEKMAgGA1UECBMBMTEKMAgGA1UEBxMBMTEKMAgGA1UEChMBMTEKMAgGA1UECxMBMTEKMAgGA1UEAxMBMTAeFw0xMjAyMTAxNjI4MDBaFw0xMjA1MTAxNjI4MDBaMEkxCzAJBgNVBAYTAlJVMQowCAYDVQQIEwExMQowCAYDVQQHEwExMQowCAYDVQQKEwExMQowCAYDVQQLEwExMQowCAYDVQQDEwExMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdwxyRNYlWADnTtzH9/s/ehhD2iFzvF2xI+tBNyhbBb98EQNiIFdEegwGPhtd3Cfe1lQqtddWdFX2uLqozMAgd1KzSEuH9lI5DPiir3RfVdy+Irs5ZYiD/H4/DcUMUNyVcWspf9oG25wNdwNHKY8Aqz2269uYMCCoIBuWt6POwFQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAGLgTXbn7h2rBjv++6OopDooRifc4e2k+9sSTpLNegs9OvQzR8DpmQ/6Vt0RFprIdXSv+IVMcmL8Q2dmI9v0R61NIhdEjzSVbO2+PF9h1ShUARzMawRC/EOdjwVjDsk1WMxF18+wvH9SQxBSK3H2WpJbDWBxZCOW5CK1N6AKKJiC</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-2">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap" />
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-1">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="" />
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RJhc1ZVjXdUQEIwLTH356p7H0QY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>F0q0NV7kaSbAcsLHxVpYD1bQ1RAJcw6wPapDKAM9PIcs7EuS9S5PlE4cQMfAp1WgsKa91r3op1OQ5UrYmmdj/UneYawdPIYSaoFBGjndTXZnOCKp4YfRTQGZ2EVJRFHJbPsTsqHedPAyJLHhciViguTGeuA0hZAQN97KB/9ZLmY=</ds:SignatureValue>
<ds:KeyInfo Id="KI-A3BCFAE87E12A8813813289737654452">
<wsse:SecurityTokenReference wsu:Id="STR-A3BCFAE87E12A8813813289737654483">
<wsse:Reference URI="#X509-A3BCFAE87E12A8813813289737654441" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1">
<stubMethod xmlns="http://ws_base.ws.stuff/" />
</soap:Body>
</soap:Envelope>
我尝试验证<ds:DigestValue>RJhc1ZVjXdUQEIwLTH356p7H0QY=</ds:DigestValue>与body标签相关的。有像ds:CanonicalizationMethod和ds:Transforms这样的标签,这对我来说真的很混乱。我的问题是如何验证身体部位?首先,我应该获得什么标签来开始验证
<soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-1">
<stubMethod xmlns="http://ws_base.ws.stuff/" />
</soap:Body>
要不就
<stubMethod xmlns="http://ws_base.ws.stuff/" />
??? 我必须执行哪些操作(规范化/转换/加密)???
任何帮助表示赞赏。提前致谢。
问题答案:
解决方案是:
private boolean validateSignature(Node signatureNode, Node bodyTag, PublicKey publicKey) {
boolean signatureIsValid = false;
try {
// Create a DOM XMLSignatureFactory that will be used to unmarshal the
// document containing the XMLSignature
String providerName = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",
(Provider) Class.forName(providerName).newInstance());
// Create a DOMValidateContext and specify a KeyValue KeySelector
// and document context
DOMValidateContext valContext = new DOMValidateContext(new X509KeySelector(publicKey), signatureNode);
valContext.setIdAttributeNS((Element) bodyTag, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
// Unmarshal the XMLSignature.
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature.
signatureIsValid = signature.validate(valContext);
} catch (Exception ex) {
logger.error("An Error Raised while Signature Validation");
logger.error("Cause: " + ex.getCause());
logger.error("Message: " + ex.getMessage());
}
return signatureIsValid;
}
哪里
public class X509KeySelector extends KeySelector {
PublicKey key;
/**
* Constructor.
*
* @param key a public key of a certificate which need to be validated.
*/
public X509KeySelector(PublicKey key) {
this.key = key;
}
/**
* @return a KeySelectorResult with a predefined key.
*/
public KeySelectorResult select(KeyInfo keyInfo,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context) throws KeySelectorException {
return new KeySelectorResult() {
@Override
public Key getKey() {
return key;
}
};
}
}
并向X509KeySelector提供验证签名所需的公钥。
-
问题内容: 我需要针对验证SOAP消息。(以可以根据模式验证文件的方式)。 我没有打电话给任何网络服务;我只有一条消息和一个,并且我需要验证该消息是正确的。而无需调用网络服务或之后的任何服务。 我需要在Java程序中对此进行验证。您知道一个小的Java库可以做到这一点吗? ps:我知道当您调用Web服务时,有几个库可以验证请求/响应。但是,我没有调用任何Web服务。我有一个简单的消息,还有一个,并
-
请帮忙。我有一个 SP,以及一个用于远程 IDP 的公钥。我上传了 spring sam 的示例,并对其进行了更改,公钥被添加到带有别名的 jks 文件中(使用键工具,命令列表显示 cer 已导入),并且它指向带有签名键的 idp 扩展元数据。但最终验证失败了。 org.opensaml.ws.security.安全策略异常:协议消息签名验证失败
-
我有一个非常简单的SOAP XML,从基于WSDL的web服务接收,作为对SOAP请求的响应: 此SOAP XML在(用于接收此消息的工具)中完美验证。也就是说,如果我右键单击soapUI中的消息窗格并从上下文菜单中选择“验证”,它会显示“验证确定”。 但如果我复制 使用XML架构验证当前文件: 错误:元素'{http://schemas.xmlsoap.org/soap/envelope/}信封
-
消息签名 import hmac digest_maker = hmac.new(b'secret-shared-key-goes-here') with open('lorem.txt', 'rb') as f: while True: block = f.read(1024) if not block: break
-
我试图覆盖默认的Hibernate验证器消息,但没有成功。我已经为几个文本使用了一个资源包,它工作得很好。问题在于验证器的消息。 详细内容: 我创建了以下文件:ValidationMessages\u de.properties并将其放置在\src\main\resources\translations\ValidationMessages\u de.properties下。该文件具有以下资源:o
-
我试图理解spring中的验证消息和国际化机制,并编写了以下代码: Bean配置: 资源文件系统结构: 消息。属性: messages\u it。属性: 当我提交表单时,得到的错误消息是:{m1}。我是否缺少一些代码?